Export limit exceeded: 335578 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 335578 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335578 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-26121 | 1 Microsoft | 1 Azure Iot Explorer | 2026-03-20 | 7.5 High |
| Server-side request forgery (ssrf) in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-26115 | 1 Microsoft | 15 Microsoft Sql Server 2016 Service Pack 3 (gdr), Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack, Microsoft Sql Server 2017 (cu 31) and 12 more | 2026-03-20 | 8.8 High |
| Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-26116 | 1 Microsoft | 5 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 2 more | 2026-03-20 | 8.8 High |
| Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-26128 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-03-20 | 7.8 High |
| Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-26132 | 1 Microsoft | 18 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 15 more | 2026-03-20 | 7.8 High |
| Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-26134 | 1 Microsoft | 1 Office | 2026-03-20 | 7.8 High |
| Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-23674 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-03-20 | 7.5 High |
| Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2026-26148 | 1 Microsoft | 1 Azure Ad Ssh Login Extension For Linux | 2026-03-20 | 8.1 High |
| External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2026-23654 | 1 Microsoft | 3 Gihub Repo Zero Shot Scfoundation, Gihub Repo Zero Shot Scfoundation, Zero-shot-scfoundation | 2026-03-20 | 8.8 High |
| Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-23661 | 1 Microsoft | 1 Azure Iot Explorer | 2026-03-20 | 7.5 High |
| Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-23662 | 1 Microsoft | 1 Azure Iot Explorer | 2026-03-20 | 7.5 High |
| Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-26106 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2026-03-20 | 8.8 High |
| Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-26107 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-03-20 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-26108 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-03-20 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-26109 | 1 Microsoft | 13 365 Apps, Excel, Excel 2016 and 10 more | 2026-03-20 | 8.4 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-26141 | 1 Microsoft | 1 Azure Automation Hybrid Worker Windows Extension | 2026-03-20 | 7.8 High |
| Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2023-27573 | 1 Netbox | 1 Netbox-docker | 2026-03-20 | 9 Critical |
| netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSER_API_TOKEN). In practice on the public Internet, almost all users changed the password but only about 90% changed the token. Having a default token value was intentional and was valuable for the main intended use case of the netbox-docker product (isolated development networks). Some users engaged in an effort to repurpose netbox-docker for production. The documentation for this effort stated that the defaults must not be used. However, installation did not ensure non-default values. The Supplier was aware of the CVE ID assignment and did not object to the assignment. | ||||
| CVE-2025-66956 | 1 Asseco | 1 See Live | 2026-03-20 | 9.9 Critical |
| Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL. | ||||
| CVE-2025-67034 | 1 Lantronix | 7 Eds5000, Eds5008, Eds5008 Firmware and 4 more | 2026-03-20 | 8.8 High |
| An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the management interface. Injected commands are executed with root privileges. | ||||
| CVE-2025-67035 | 1 Lantronix | 7 Eds5000, Eds5008, Eds5008 Firmware and 4 more | 2026-03-20 | 9.8 Critical |
| An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys, users, and known hosts. Commands are executed with root privileges. | ||||