Total
337527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-26131 | 2026-03-11 | N/A | 7.8 HIGH | ||
| Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-26117 | 2026-03-11 | N/A | 7.8 HIGH | ||
| Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-30945 | 2026-03-11 | N/A | 7.1 HIGH | ||
| StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the DELETE /studiocms_api/dashboard/api-tokens endpoint allows any authenticated user with editor privileges or above to revoke API tokens belonging to any other user, including admin and owner accounts. The handler accepts tokenID and userID directly from the request payload without verifying token ownership, caller identity, or role hierarchy. This enables targeted denial of service against critical integrations and automations. This vulnerability is fixed in 0.4.0. | |||||
| CVE-2026-24641 | 2026-03-11 | N/A | 2.7 LOW | ||
| A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker to crash the HTTP daemon via crafted HTTP requests. | |||||
| CVE-2026-2724 | 2026-03-11 | N/A | 7.2 HIGH | ||
| The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form entry fields in all versions up to, and including, 2.0.5. This is due to insufficient input sanitization and output escaping on form submission data displayed in the admin Form Entries Trash view. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrator views the trashed form entries. | |||||
| CVE-2026-25168 | 2026-03-11 | N/A | 6.2 MEDIUM | ||
| Null pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to deny service locally. | |||||
| CVE-2026-30987 | 2026-03-11 | N/A | 7.8 HIGH | ||
| iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in CIccTagNum<>::GetValues() causing stack memory corruption or crash. This vulnerability is fixed in 2.3.1.5. | |||||
| CVE-2026-26112 | 2026-03-11 | N/A | 7.8 HIGH | ||
| Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2026-30960 | 2026-03-11 | N/A | N/A | ||
| rssn is a scientific computing library for Rust, combining a high-performance symbolic computation engine with numerical methods support and physics simulations functionalities. The vulnerability exists in the JIT (Just-In-Time) compilation engine, which is fully exposed via the CFFI (Foreign Function Interface). Due to Improper Input Validation and External Control of Code Generation, an attacker can supply malicious parameters or instruction sequences through the CFFI layer. Since the library often operates with elevated privileges or within high-performance computing contexts, this allows for Arbitrary Code Execution (ACE) at the privilege level of the host process. | |||||
| CVE-2026-26134 | 2026-03-11 | N/A | 7.8 HIGH | ||
| Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-25171 | 2026-03-11 | N/A | 7.0 HIGH | ||
| Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-24289 | 2026-03-11 | N/A | 7.8 HIGH | ||
| Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-25178 | 2026-03-11 | N/A | 7.0 HIGH | ||
| Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-24288 | 2026-03-11 | N/A | 6.8 MEDIUM | ||
| Heap-based buffer overflow in Windows Mobile Broadband allows an unauthorized attacker to execute code with a physical attack. | |||||
| CVE-2026-30984 | 2026-03-11 | N/A | 6.1 MEDIUM | ||
| iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CIccCalculatorFunc::ApplySequence() causing an application crash. This vulnerability is fixed in 2.3.1.5. | |||||
| CVE-2026-25572 | 2026-03-11 | N/A | 5.1 MEDIUM | ||
| A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK server component does not enforce maximum length checks on certain variables before use. This could allow an attacker to send an oversized input that could trigger a stack overflow crashing the process and potentially causing denial of service. | |||||
| CVE-2026-24294 | 2026-03-11 | N/A | 7.8 HIGH | ||
| Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-25187 | 2026-03-11 | N/A | 7.8 HIGH | ||
| Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-13219 | 2026-03-11 | N/A | 5.9 MEDIUM | ||
| IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. | |||||
| CVE-2026-24287 | 2026-03-11 | N/A | 7.8 HIGH | ||
| External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally. | |||||