Search

Expected end of text, found ':' (at char 6), (line:1, col:7)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (341193 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-26115 1 Microsoft 15 Microsoft Sql Server 2016 Service Pack 3 (gdr), Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack, Microsoft Sql Server 2017 (cu 31) and 12 more 2026-03-27 8.8 High
Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-26121 1 Microsoft 1 Azure Iot Explorer 2026-03-27 7.5 High
Server-side request forgery (ssrf) in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-20967 1 Microsoft 4 System Center Operations Manager, System Center Operations Manager 2019, System Center Operations Manager 2022 and 1 more 2026-03-27 8.8 High
Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network.
CVE-2026-23656 1 Microsoft 2 Windows App, Windows App Client For Windows Desktop 2026-03-27 5.9 Medium
Insufficient verification of data authenticity in Windows App Installer allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-26114 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-03-27 8.8 High
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-26113 1 Microsoft 14 365 Apps, Microsoft 365 Apps For Enterprise, Office and 11 more 2026-03-27 8.4 High
Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-26112 1 Microsoft 11 365 Apps, Excel, Excel 2016 and 8 more 2026-03-27 7.8 High
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-26105 1 Microsoft 4 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 and 1 more 2026-03-27 8.1 High
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-25189 1 Microsoft 8 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 5 more 2026-03-27 7.8 High
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-25175 1 Microsoft 22 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 19 more 2026-03-27 7.8 High
Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally.
CVE-2026-25166 1 Microsoft 21 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 18 more 2026-03-27 7.8 High
Deserialization of untrusted data in Windows System Image Manager allows an authorized attacker to execute code locally.
CVE-2026-24297 1 Microsoft 15 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 12 more 2026-03-27 6.5 Medium
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kerberos allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-24288 1 Microsoft 4 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 1 more 2026-03-27 6.8 Medium
Heap-based buffer overflow in Windows Mobile Broadband allows an unauthorized attacker to execute code with a physical attack.
CVE-2026-24285 1 Microsoft 30 Office, Office For Android, Windows 10 1607 and 27 more 2026-03-27 7 High
Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.
CVE-2026-23668 1 Microsoft 22 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 19 more 2026-03-27 7 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2026-23664 1 Microsoft 1 Azure Iot Explorer 2026-03-27 7.5 High
Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
CVE-2026-23660 1 Microsoft 3 Azure Portal Windows Admin Center, Windows Admin Center, Windows Admin Center In Azure Portal 2026-03-27 7.8 High
Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally.
CVE-2026-21262 1 Microsoft 15 Microsoft Sql Server 2016 Service Pack 3 (gdr), Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack, Microsoft Sql Server 2017 (cu 31) and 12 more 2026-03-27 8.8 High
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-25724 2 Anthropic, Anthropics 2 Claude Code, Claude Code 2026-03-27 7.5 High
Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a file (such as /etc/passwd) and Claude Code had access to a symbolic link pointing to that file, it was possible for Claude Code to read the restricted file through the symlink without triggering deny rule enforcement. This issue has been patched in version 2.1.7.
CVE-2025-59214 1 Microsoft 30 Windows, Windows 10, Windows 10 1507 and 27 more 2026-03-27 6.5 Medium
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.