Export limit exceeded: 324785 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (40718 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-28418 | 2026-02-28 | 4.4 Medium | ||
| Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file, Vim can be tricked into reading up to 7 bytes beyond the allocated memory boundary. Version 9.2.0074 fixes the issue. | ||||
| CVE-2026-27837 | 2 Dottie Project, Mickhansen | 2 Dottie, Dottie.js | 2026-02-28 | 6.3 Medium |
| Dottie provides nested object access and manipulation in JavaScript. Versions 2.0.4 through 2.0.6 contain an incomplete fix for CVE-2023-26132. The prototype pollution guard introduced in commit `7d3aee1` only validates the first segment of a dot-separated path, allowing an attacker to bypass the protection by placing `__proto__` at any position other than the first. Both `dottie.set()` and `dottie.transform()` are affected. Version 2.0.7 contains an updated fix to address the residual vulnerability. | ||||
| CVE-2026-1388 | 1 Gitlab | 1 Gitlab | 2026-02-28 | 7.5 High |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause regular expression denial of service by sending specially crafted input to a merge request endpoint under certain conditions. | ||||
| CVE-2025-14511 | 1 Gitlab | 1 Gitlab | 2026-02-28 | 7.5 High |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted files to the container registry event endpoint under certain conditions. | ||||
| CVE-2026-1979 | 1 Mruby | 1 Mruby | 2026-02-28 | 5.3 Medium |
| A flaw has been found in mruby up to 3.4.0. This affects the function mrb_vm_exec of the file src/vm.c of the component JMPNOT-to-JMPIF Optimization. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been published and may be used. This patch is called e50f15c1c6e131fa7934355eb02b8173b13df415. It is advisable to implement a patch to correct this issue. | ||||
| CVE-2026-20846 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-02-27 | 7.5 High |
| Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-21239 | 1 Microsoft | 28 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 25 more | 2026-02-27 | 7.8 High |
| Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21244 | 1 Microsoft | 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more | 2026-02-27 | 7.3 High |
| Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally. | ||||
| CVE-2026-21245 | 1 Microsoft | 8 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 5 more | 2026-02-27 | 7.8 High |
| Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21261 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-02-27 | 5.5 Medium |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-21528 | 1 Microsoft | 1 Azure Iot Explorer | 2026-02-27 | 6.5 Medium |
| Binding to an unrestricted ip address in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-21527 | 1 Microsoft | 8 Exchange Server, Exchange Server 2016, Exchange Server 2019 and 5 more | 2026-02-27 | 6.5 Medium |
| User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-21218 | 3 Apple, Linux, Microsoft | 4 Macos, Linux Kernel, .net and 1 more | 2026-02-27 | 7.5 High |
| Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-21236 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-02-27 | 7.8 High |
| Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21246 | 1 Microsoft | 28 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 25 more | 2026-02-27 | 7.8 High |
| Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21247 | 1 Microsoft | 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more | 2026-02-27 | 7.3 High |
| Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally. | ||||
| CVE-2026-21248 | 1 Microsoft | 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more | 2026-02-27 | 7.3 High |
| Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally. | ||||
| CVE-2026-21258 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-02-27 | 5.5 Medium |
| Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-21259 | 1 Microsoft | 9 365 Apps, Excel, Excel 2016 and 6 more | 2026-02-27 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2026-27590 | 1 Caddyserver | 1 Caddy | 2026-02-27 | 9.8 Critical |
| Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's FastCGI path splitting logic computes the split index on a lowercased copy of the request path and then uses that byte index to slice the original path. This is unsafe for Unicode because `strings.ToLower()` can change UTF-8 byte length for some characters. As a result, Caddy can derive an incorrect `SCRIPT_NAME`/`SCRIPT_FILENAME` and `PATH_INFO`, potentially causing a request that contains `.php` to execute a different on-disk file than intended (path confusion). In setups where an attacker can control file contents (e.g., upload features), this can lead to unintended PHP execution of non-.php files (potential RCE depending on deployment). Version 2.11.1 fixes the issue. | ||||