Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
10,065 matching · page 102/202Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2026-34351(opens NVD record) | High | 7.8 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-34350(opens NVD record) | Medium | 6.5 | Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network. | May 12, 2026 |
| CVE-2026-34347(opens NVD record) | High | 7.0 | Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-34345(opens NVD record) | High | 7.0 | Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-34344(opens NVD record) | High | 7.8 | Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-34343(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-34342(opens NVD record) | High | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-34341(opens NVD record) | High | 7.0 | Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-34340(opens NVD record) | High | 7.0 | Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-34339(opens NVD record) | Medium | 5.5 | Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally. | May 12, 2026 |
| CVE-2026-34338(opens NVD record) | High | 7.8 | Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-34337(opens NVD record) | High | 7.8 | Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-34336(opens NVD record) | High | 7.8 | Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-34334(opens NVD record) | High | 7.8 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-34333(opens NVD record) | High | 7.8 | Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-34332(opens NVD record) | High | 8.0 | Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-34331(opens NVD record) | High | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-34330(opens NVD record) | High | 7.8 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-34329(opens NVD record) | High | 8.8 | Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network. | May 12, 2026 |
| CVE-2026-33841(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-33840(opens NVD record) | High | 7.8 | Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-33839(opens NVD record) | High | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-33838(opens NVD record) | High | 7.8 | Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-33837(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-33835(opens NVD record) | High | 7.8 | Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-33834(opens NVD record) | High | 7.8 | Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-33833(opens NVD record) | High | 8.2 | Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network. | May 12, 2026 |
| CVE-2026-33821(opens NVD record) | High | 7.7 | Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network. | May 12, 2026 |
| CVE-2026-33117(opens NVD record) | Critical | 9.1 | The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable local cryptography path, specially crafted encrypted input may bypass integrity verification checks. Operations delegated to the Key Vault service are not affected. The issue is addressed in version 4.10.6. | May 12, 2026 |
| CVE-2026-33112(opens NVD record) | High | 8.8 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-33110(opens NVD record) | High | 8.8 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-32209(opens NVD record) | Medium | 4.4 | Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally. | May 12, 2026 |
| CVE-2026-32204(opens NVD record) | High | 7.8 | External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-32185(opens NVD record) | Medium | 5.5 | Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally. | May 12, 2026 |
| CVE-2026-32177(opens NVD record) | High | 7.3 | Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-32175(opens NVD record) | Medium | 4.3 | A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories. To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system. The security update fixes the vulnerability by ensuring .NET Core properly handles files. | May 12, 2026 |
| CVE-2026-32170(opens NVD record) | Medium | 6.7 | Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-32161(opens NVD record) | High | 7.5 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network. | May 12, 2026 |
| CVE-2026-26083(opens NVD record) | Critical | 9.8 | A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS 23.1 all versions, FortiSandbox PaaS 22.2 all versions, FortiSandbox PaaS 22.1 all versions, FortiSandbox PaaS 21.4 all versions, FortiSandbox PaaS 21.3 all versions, FortiSandbox PaaS 5.0.0 through 5.0.1, FortiSandbox PaaS 4.4.5 through 4.4.8 may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests. | May 12, 2026 |
| CVE-2026-25690(opens NVD record) | Medium | 4.3 | An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2.0 through 5.2.1, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an authenticated attacker with at least read-only admin permission to read log files via HTTP crafted requests. | May 12, 2026 |
| CVE-2026-25088(opens NVD record) | Medium | 5.4 | An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | May 12, 2026 |
| CVE-2026-21530(opens NVD record) | Medium | 6.7 | Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2025-67604(opens NVD record) | Medium | 5.3 | A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow an authenticated attacker to cause a system hang via multiple specially crafted HTTP requests causing crashes. This happens if internal locks are aligned, which is out of control of the attacker. | May 12, 2026 |
| CVE-2025-53870(opens NVD record) | Medium | 6.7 | An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7.2 all versions, FortiAP-W2 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted cli command. | May 12, 2026 |
| CVE-2025-53844(opens NVD record) | High | 8.8 | A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11 allows attacker to execute unauthorized code or commands via specially crafted packets. | May 12, 2026 |
| CVE-2025-53681(opens NVD record) | High | 7.2 | An improper neutralization of special elements used in an SQL Command ("SQL Injection&") vulnerability [CWE-89] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2.0 through 7.2.8 allows an authenticated privileged attacker to execute unauthorized code or commands via specifically crafted HTTP or HTTPS requests. | May 12, 2026 |
| CVE-2025-53680(opens NVD record) | Medium | 6.7 | An improper neutralization of special elements used in an OS command ("OS Command Injection") vulnerability [CWE-78] vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-U 7.0.0 through 7.0.5, FortiAP-U 6.2 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7.2 all versions, FortiAP-W2 7.0 all versions allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests. | May 12, 2026 |
| CVE-2026-8111(opens NVD record) | High | 8.8 | SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution. | May 12, 2026 |
| CVE-2026-8110(opens NVD record) | High | 7.8 | Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges. | May 12, 2026 |
| CVE-2026-8109(opens NVD record) | Medium | 6.5 | An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials. | May 12, 2026 |