17426 Total CVEs
8726 AI Analyzed
264 CISA KEV
3526 Critical
All Vendors
Showing 5851-5900 of 17426 CVEs Page 118 of 349
CVE-2026-26190
Analyzed
9.8
Milvus Milvus Vector Database

Milvus vector database contains multiple authentication bypass vulnerabilities via exposed TCP ports and unauthenticated REST API endpoints, allowing...

2026-02-14
CVE-2026-26187
Analyzed
8.1
GitHub lakeFS

lakeFS is an open-source tool that transforms object storage into a Git-like repositories

2026-02-14
CVE-2026-26184
7.8
Microsoft Multiple Products

Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-26183
7.8
Microsoft Multiple Products

Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-26181
7.8
Microsoft Brokering File

Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-26180
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-26179
7.8
Microsoft Multiple Products

Double free in Windows Kernel allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-26178
8.8
Microsoft Multiple Products

Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally

2026-04-15
CVE-2026-26176
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Client Side Caching driver (csc

2026-04-15
CVE-2026-26172
7.8
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacke...

2026-04-15
CVE-2026-26170
7.8
Microsoft PowerShell allows

Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-26168
7.8
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an...

2026-04-15
CVE-2026-26167
8.8
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacke...

2026-04-15
CVE-2026-26164
7.5
Infor Multiple Products

Improper neutralization of special elements in output used by a downstream component ('injection') in M365 Copilot allows an unauthorized attacker to...

2026-05-09
CVE-2026-26163
7.8
Microsoft Multiple Products

Double free in Windows Kernel allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-26162
7.8
Microsoft Multiple Products

Access of resource using incompatible type ('type confusion') in Windows OLE allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-26161
7.8
Microsoft Multiple Products

Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-26160
7.8
Microsoft Multiple Products

Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-2616
8.8
Unknown Multiple Products

A vulnerability has been found in Beetel 777VR1 up to 01

2026-02-18
CVE-2026-26159
7.8
Microsoft Multiple Products

Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-26156
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally

2026-04-15
CVE-2026-26153
7.8
Microsoft Multiple Products

Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally

2026-04-15
CVE-2026-26150
8.6
Microsoft Purview allows

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network

2026-04-24
CVE-2026-2615
7.2
Unknown Multiple Products

A flaw has been found in Wavlink WL-NU516U1 up to 20251208

2026-02-18
CVE-2026-26149
Analyzed
9
Microsoft Power Apps

Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to bypass a security feature over...

2026-04-15
CVE-2026-26148
8.1
Microsoft Entra ID

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally

2026-03-11
CVE-2026-26143
7.8
Microsoft PowerShell allows

Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally

2026-04-15
CVE-2026-26142
Analyzed
9.8
Nuance PowerScribe

An insecure deserialization vulnerability in Nuance PowerScribe allows an unauthenticated attacker to execute arbitrary code over a network.

2026-06-10
CVE-2026-26141
7.8
Microsoft Arc allows

Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-2614
7.5
Unknown Multiple Products

A vulnerability in the `_create_model_version()` handler of `mlflow/server/handlers

2026-05-12
CVE-2026-26139
8.6
Microsoft Purview allows

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network

2026-03-20
CVE-2026-26138
8.6
Microsoft Purview allows

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network

2026-03-20
CVE-2026-26137
Analyzed
8.9
Microsoft Multiple Products

Server-side request forgery (ssrf) in Microsoft 365 Copilot's Business Chat allows an authorized attacker to elevate privileges over a network

2026-03-20
CVE-2026-26135
Analyzed
9.6
Microsoft Custom Locations

A Server-Side Request Forgery (SSRF) in the Azure Custom Locations Resource Provider allows authenticated attackers to elevate privileges over a netwo...

2026-04-03
CVE-2026-26134
7.8
Microsoft Office allows

Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-26133
7.1
Infor Multiple Products

AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network

2026-03-17
CVE-2026-26132
7.8
Microsoft Multiple Products

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-26131
7.8
Unknown Multiple Products

Incorrect default permissions in

2026-03-11
CVE-2026-26129
7.5
Infor Multiple Products

Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to disclose information over a network

2026-05-09
CVE-2026-26128
7.8
Microsoft Multiple Products

Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally

2026-03-11
CVE-2026-26125
8.6
Payment Multiple Products

Payment Orchestrator Service Elevation of Privilege Vulnerability

2026-03-06
CVE-2026-26119
Analyzed
8.8
Microsoft Windows Admin Center

Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network

2026-02-18
CVE-2026-26118
8.8
Microsoft MCP Server

Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network

2026-03-11
CVE-2026-26117
7.8
Microsoft Windows Virtual

Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges lo...

2026-03-11
CVE-2026-26116
8.8
Unknown Multiple Products

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges...

2026-03-11
CVE-2026-26115
8.8
Unknown Multiple Products

Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network

2026-03-11
CVE-2026-26114
8.8
Microsoft Office SharePoint

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network

2026-03-11
CVE-2026-26113
8.4
Microsoft Office allows

Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally

2026-03-11
CVE-2026-26112
7.8
Microsoft Office Excel

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally

2026-03-11
CVE-2026-26111
8.8
Microsoft Multiple Products

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network

2026-03-11