Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
14,519 matching · page 91/291Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2026-44860(opens NVD record) | High | 7.2 | SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database queries. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system. | May 12, 2026 |
| CVE-2026-44859(opens NVD record) | High | 7.2 | Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system. | May 12, 2026 |
| CVE-2026-44858(opens NVD record) | High | 7.2 | Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system. | May 12, 2026 |
| CVE-2026-44857(opens NVD record) | High | 7.2 | Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system. | May 12, 2026 |
| CVE-2026-44856(opens NVD record) | High | 7.2 | Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system. | May 12, 2026 |
| CVE-2026-44855(opens NVD record) | High | 7.2 | Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system. | May 12, 2026 |
| CVE-2026-44854(opens NVD record) | High | 7.2 | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a privileged user. | May 12, 2026 |
| CVE-2026-44853(opens NVD record) | High | 7.2 | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a privileged user. | May 12, 2026 |
| CVE-2026-44852(opens NVD record) | High | 7.2 | An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting improper input validation in the file path parameter. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system as a privileged user. | May 12, 2026 |
| CVE-2026-42338(opens NVD record) | Medium | 6.1 | ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group() and Address6.link() do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage (emitted by the Address6 constructor for invalid input) can contain unescaped attacker-controlled content in one branch. An application that (1) passes untrusted input to Address6 and (2) renders the output of these methods, or the thrown error's parseMessage, as HTML (e.g. via innerHTML) is vulnerable to cross-site scripting. This vulnerability is fixed in 10.1.1. | May 12, 2026 |
| CVE-2026-34690(opens NVD record) | High | 7.8 | After Effects versions 26.0, 25.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | May 12, 2026 |
| CVE-2026-23827(opens NVD record) | High | 7.5 | A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated remote attacker to achieve remote code execution. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code as a privileged user on the underlying operating system, potentially leading to a system compromise. Exploitation may also result in a denial-of-service (DoS) condition affecting the impacted system process. | May 12, 2026 |
| CVE-2026-23826(opens NVD record) | High | 7.5 | A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploit this vulnerability by sending specially crafted network packets to the affected device, potentially resulting in a denial-of-service condition. Successful exploitation could cause the affected service process to terminate unexpectedly, disrupting normal device operations. | May 12, 2026 |
| CVE-2026-23825(opens NVD record) | High | 7.5 | Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may terminate a critical system process, resulting in a denial-of-service condition. | May 12, 2026 |
| CVE-2026-23824(opens NVD record) | High | 7.5 | Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may terminate a critical system process, resulting in a denial-of-service condition. | May 12, 2026 |
| CVE-2026-44279(opens NVD record) | Medium | 5.5 | An improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attacker to disclose information via an exported Content Provider URI. | May 12, 2026 |
| CVE-2026-44278(opens NVD record) | Low | 2.3 | A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions may allow attacker to information disclosure via <insert attack vector here> | May 12, 2026 |
| CVE-2026-44277(opens NVD record) | Critical | 9.8 | A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via crafted requests. | May 12, 2026 |
| CVE-2026-42899(opens NVD record) | High | 7.5 | Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network. | May 12, 2026 |
| CVE-2026-42898(opens NVD record) | Critical | 9.9 | Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-42896(opens NVD record) | High | 7.8 | Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-42893(opens NVD record) | High | 7.4 | Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network. | May 12, 2026 |
| CVE-2026-42891(opens NVD record) | Medium | 6.5 | User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | May 12, 2026 |
| CVE-2026-42838(opens NVD record) | Medium | 5.4 | Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network. | May 12, 2026 |
| CVE-2026-42833(opens NVD record) | Critical | 9.1 | Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-42832(opens NVD record) | High | 7.7 | Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally. | May 12, 2026 |
| CVE-2026-42831(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | May 12, 2026 |
| CVE-2026-42830(opens NVD record) | Medium | 6.5 | Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-42825(opens NVD record) | High | 7.0 | Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-42823(opens NVD record) | Critical | 9.9 | Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network. | May 12, 2026 |
| CVE-2026-41614(opens NVD record) | Medium | 6.2 | Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally. | May 12, 2026 |
| CVE-2026-41613(opens NVD record) | High | 8.8 | Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. | May 12, 2026 |
| CVE-2026-41612(opens NVD record) | Medium | 5.5 | Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally. | May 12, 2026 |
| CVE-2026-41611(opens NVD record) | High | 7.8 | Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally. | May 12, 2026 |
| CVE-2026-41610(opens NVD record) | Medium | 6.3 | Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. | May 12, 2026 |
| CVE-2026-41109(opens NVD record) | High | 8.8 | Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network. | May 12, 2026 |
| CVE-2026-41107(opens NVD record) | High | 7.4 | External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network. | May 12, 2026 |
| CVE-2026-41103(opens NVD record) | Critical | 9.1 | Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network. | May 12, 2026 |
| CVE-2026-41102(opens NVD record) | High | 7.1 | Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally. | May 12, 2026 |
| CVE-2026-41101(opens NVD record) | High | 7.1 | Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally. | May 12, 2026 |
| CVE-2026-41100(opens NVD record) | Medium | 4.4 | Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally. | May 12, 2026 |
| CVE-2026-41097(opens NVD record) | Medium | 6.7 | Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. | May 12, 2026 |
| CVE-2026-41096(opens NVD record) | Critical | 9.8 | Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-41095(opens NVD record) | High | 7.8 | Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-41094(opens NVD record) | High | 8.8 | Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-41089(opens NVD record) | Critical | 9.8 | Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-41088(opens NVD record) | High | 7.8 | Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-41086(opens NVD record) | High | 8.8 | Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network. | May 12, 2026 |
| CVE-2026-40421(opens NVD record) | Medium | 4.3 | Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | May 12, 2026 |
| CVE-2026-40420(opens NVD record) | High | 8.8 | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | May 12, 2026 |