Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-26118 1 Microsoft 4 Azure Mcp Server, Azure Mcp Server Tools, Azure Mcp Server Tools 1 and 1 more 2026-04-14 8.8 High
Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-26117 1 Microsoft 1 Arc Enabled Servers Azure Connected Machine Agent 2026-04-14 7.8 High
Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-29861 1 Keerti1924 1 Php-mysql-user-login-system 2026-04-14 9.8 Critical
PHP-MYSQL-User-Login-System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at login.php.
CVE-2026-26110 1 Microsoft 9 365 Apps, Office, Office 2016 and 6 more 2026-04-14 8.4 High
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40200 1 Musl-libc 1 Musl 2026-04-14 8.1 High
An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).
CVE-2026-26109 1 Microsoft 13 365 Apps, Excel, Excel 2016 and 10 more 2026-04-14 8.4 High
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-26108 1 Microsoft 11 365 Apps, Excel, Excel 2016 and 8 more 2026-04-14 7.8 High
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-26107 1 Microsoft 11 365 Apps, Excel, Excel 2016 and 8 more 2026-04-14 7.8 High
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-26106 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-04-14 8.8 High
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-23665 1 Microsoft 2 Azure Linux Virtual Machines Azure Diagnostics, Linux Diagnostic Extension 2026-04-14 7.8 High
Heap-based buffer overflow in Azure Linux Virtual Machines allows an authorized attacker to elevate privileges locally.
CVE-2026-22750 1 Vmware 1 Spring Cloud Gateway 2026-04-14 7.5 High
When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud Gateway 4.2.0 and are not an enterprise customer, you can upgrade to any Spring Cloud Gateway 4.2.x release newer than 4.2.0  available on Maven Centeral https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-gateway/ . Ideally if you are not an enterprise customer, you should be upgrading to 5.0.2 or 5.1.1 which are the current supported open source releases.
CVE-2026-23662 1 Microsoft 1 Azure Iot Explorer 2026-04-14 7.5 High
Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
CVE-2026-23661 1 Microsoft 1 Azure Iot Explorer 2026-04-14 7.5 High
Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
CVE-2026-23654 1 Microsoft 3 Gihub Repo Zero Shot Scfoundation, Gihub Repo Zero Shot Scfoundation, Zero-shot-scfoundation 2026-04-14 8.8 High
Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network.
CVE-2026-26137 1 Microsoft 3 365 Copilot Business Chat, 365 Copilot Chat, Exchange Online 2026-04-14 9.9 Critical
Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized attacker to elevate privileges over a network.
CVE-2026-26136 1 Microsoft 1 Copilot 2026-04-14 6.5 Medium
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-24299 1 Microsoft 1 365 Copilot 2026-04-14 5.3 Medium
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-23659 1 Microsoft 1 Azure Data Factory 2026-04-14 8.6 High
Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthorized attacker to disclose information over a network.
CVE-2026-26120 1 Microsoft 1 Bing 2026-04-14 6.5 Medium
Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to perform tampering over a network.
CVE-2026-23658 1 Microsoft 2 Azure Devops, Azure Devops Msazure 2026-04-14 8.6 High
Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.