Search

Expected end of text, found '–' (at char 33), (line:1, col:34)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (344763 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-26183 1 Microsoft 14 Windows Server 2012, Windows Server 2012 (server Core Installation), Windows Server 2012 R2 and 11 more 2026-04-15 7.8 High
Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally.
CVE-2026-32167 1 Microsoft 10 Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack, Microsoft Sql Server 2017 (gdr), Microsoft Sql Server 2019 (gdr) and 7 more 2026-04-15 6.7 Medium
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
CVE-2026-32168 1 Microsoft 2 Azure Monitor, Azure Monitor Agent 2026-04-15 7.8 High
Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-32188 1 Microsoft 8 365 Apps, Excel 2016, Office 2019 and 5 more 2026-04-15 7.1 High
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-32192 1 Microsoft 2 Azure Monitor, Azure Monitor Agent 2026-04-15 7.8 High
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-33095 1 Microsoft 5 365 Apps, Office 2021, Office 2024 and 2 more 2026-04-15 7.8 High
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-33120 1 Microsoft 1 Sql Server 2022 2026-04-15 8.8 High
Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-33822 1 Microsoft 3 365 Apps, Office Macos 2021, Office Macos 2024 2026-04-15 6.1 Medium
Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-33826 1 Microsoft 12 Windows Server 2012 R2, Windows Server 2012 R2, Windows Server 2012 R2 (server Core Installation) and 9 more 2026-04-15 8 High
Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.
CVE-2026-27912 1 Microsoft 14 Windows Server 2012, Windows Server 2012 (server Core Installation), Windows Server 2012 R2 and 11 more 2026-04-15 8 High
Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network.
CVE-2026-27913 1 Microsoft 12 Windows Server 2012, Windows Server 2012 (server Core Installation), Windows Server 2012 R2 and 9 more 2026-04-15 7.7 High
Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-32080 1 Microsoft 9 Windows Server 2016, Windows Server 2016 (server Core Installation), Windows Server 2019 and 6 more 2026-04-15 7 High
Use after free in Windows WalletService allows an authorized attacker to elevate privileges locally.
CVE-2026-32171 1 Microsoft 1 Azure Logic Apps 2026-04-15 8.8 High
Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
CVE-2026-32176 1 Microsoft 15 Microsoft Sql Server 2016 Service Pack 3 (gdr), Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack, Microsoft Sql Server 2017 (cu 31) and 12 more 2026-04-15 6.7 Medium
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
CVE-2026-32190 1 Microsoft 7 365 Apps, Office 2016, Office 2019 and 4 more 2026-04-15 8.4 High
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-32196 1 Microsoft 1 Windows Admin Center 2026-04-15 6.1 Medium
Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32197 1 Microsoft 8 365 Apps, Excel 2016, Office 2019 and 5 more 2026-04-15 7.8 High
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32198 1 Microsoft 8 365 Apps, Excel 2016, Office 2019 and 5 more 2026-04-15 7.8 High
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32199 1 Microsoft 8 365 Apps, Excel 2016, Office 2019 and 5 more 2026-04-15 7.8 High
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-39399 1 Nuget 1 Nugetgallery 2026-04-15 9.6 Critical
NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package metadata injection that may result in remote code execution (RCE) and/or arbitrary blob writes due to insufficient input validation. The issue is exploitable via URI fragment injection using unsanitized package identifiers, allowing an attacker to control the resolved blob path. This enables writes to arbitrary blobs within the storage container, not limited to .nupkg files, resulting in potential tampering of existing content. This issue has been patched in commit 0e80f87628349207cdcaf55358491f8a6f1ca276.