Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
10,065 matching · page 100/202Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2026-23827(opens NVD record) | High | 7.5 | A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated remote attacker to achieve remote code execution. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code as a privileged user on the underlying operating system, potentially leading to a system compromise. Exploitation may also result in a denial-of-service (DoS) condition affecting the impacted system process. | May 12, 2026 |
| CVE-2026-23826(opens NVD record) | High | 7.5 | A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploit this vulnerability by sending specially crafted network packets to the affected device, potentially resulting in a denial-of-service condition. Successful exploitation could cause the affected service process to terminate unexpectedly, disrupting normal device operations. | May 12, 2026 |
| CVE-2026-23825(opens NVD record) | High | 7.5 | Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may terminate a critical system process, resulting in a denial-of-service condition. | May 12, 2026 |
| CVE-2026-23824(opens NVD record) | High | 7.5 | Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may terminate a critical system process, resulting in a denial-of-service condition. | May 12, 2026 |
| CVE-2026-44279(opens NVD record) | Medium | 5.5 | An improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attacker to disclose information via an exported Content Provider URI. | May 12, 2026 |
| CVE-2026-44278(opens NVD record) | Low | 2.3 | A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions may allow attacker to information disclosure via <insert attack vector here> | May 12, 2026 |
| CVE-2026-44277(opens NVD record) | Critical | 9.8 | A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via crafted requests. | May 12, 2026 |
| CVE-2026-42899(opens NVD record) | High | 7.5 | Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network. | May 12, 2026 |
| CVE-2026-42898(opens NVD record) | Critical | 9.9 | Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-42896(opens NVD record) | High | 7.8 | Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-42893(opens NVD record) | High | 7.4 | Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network. | May 12, 2026 |
| CVE-2026-42891(opens NVD record) | Medium | 6.5 | User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | May 12, 2026 |
| CVE-2026-42838(opens NVD record) | Medium | 5.4 | Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network. | May 12, 2026 |
| CVE-2026-42833(opens NVD record) | Critical | 9.1 | Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-42832(opens NVD record) | High | 7.7 | Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally. | May 12, 2026 |
| CVE-2026-42831(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | May 12, 2026 |
| CVE-2026-42830(opens NVD record) | Medium | 6.5 | Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-42825(opens NVD record) | High | 7.0 | Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-42823(opens NVD record) | Critical | 9.9 | Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network. | May 12, 2026 |
| CVE-2026-41614(opens NVD record) | Medium | 6.2 | Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally. | May 12, 2026 |
| CVE-2026-41613(opens NVD record) | High | 8.8 | Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. | May 12, 2026 |
| CVE-2026-41612(opens NVD record) | Medium | 5.5 | Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally. | May 12, 2026 |
| CVE-2026-41611(opens NVD record) | High | 7.8 | Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally. | May 12, 2026 |
| CVE-2026-41610(opens NVD record) | Medium | 6.3 | Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. | May 12, 2026 |
| CVE-2026-41109(opens NVD record) | High | 8.8 | Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network. | May 12, 2026 |
| CVE-2026-41107(opens NVD record) | High | 7.4 | External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network. | May 12, 2026 |
| CVE-2026-41103(opens NVD record) | Critical | 9.1 | Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network. | May 12, 2026 |
| CVE-2026-41102(opens NVD record) | High | 7.1 | Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally. | May 12, 2026 |
| CVE-2026-41101(opens NVD record) | High | 7.1 | Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally. | May 12, 2026 |
| CVE-2026-41100(opens NVD record) | Medium | 4.4 | Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally. | May 12, 2026 |
| CVE-2026-41097(opens NVD record) | Medium | 6.7 | Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. | May 12, 2026 |
| CVE-2026-41096(opens NVD record) | Critical | 9.8 | Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-41095(opens NVD record) | High | 7.8 | Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-41094(opens NVD record) | High | 8.8 | Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-41089(opens NVD record) | Critical | 9.8 | Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-41088(opens NVD record) | High | 7.8 | Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-41086(opens NVD record) | High | 8.8 | Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network. | May 12, 2026 |
| CVE-2026-40421(opens NVD record) | Medium | 4.3 | Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | May 12, 2026 |
| CVE-2026-40420(opens NVD record) | High | 8.8 | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40419(opens NVD record) | High | 7.8 | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40418(opens NVD record) | High | 7.8 | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40417(opens NVD record) | High | 7.8 | Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40416(opens NVD record) | Medium | 4.3 | User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | May 12, 2026 |
| CVE-2026-40415(opens NVD record) | High | 8.1 | Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-40414(opens NVD record) | High | 7.4 | Windows TCP/IP Denial of Service Vulnerability | May 12, 2026 |
| CVE-2026-40413(opens NVD record) | High | 7.4 | Windows TCP/IP Denial of Service Vulnerability | May 12, 2026 |
| CVE-2026-40410(opens NVD record) | High | 7.0 | Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40408(opens NVD record) | High | 7.8 | Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40407(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40406(opens NVD record) | High | 7.5 | Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network. | May 12, 2026 |