Search Results (85518 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-10262 1 Code-projects 1 Real State Services 2026-06-01 7.3 High
A vulnerability has been found in code-projects Real State Services 1.0. This impacts an unknown function of the file /loginuser.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-9948 2 Apple, Google 2 Macos, Chrome 2026-06-01 8.3 High
Use after free in Views in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-44825 1 Apache 1 Solr 2026-06-01 8.1 High
Hardcoded credentials in the Basic Authentication setup tool (bin/solr auth enable) in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specified account. As an immediate workaround without upgrading, delete the template users (superadmin, admin, search, index) from security.jsonĀ or change their passwords. The future, not yet released, versions 9.11.0 and 10.1.0 will not be vulnerable, and it will be enough to upgrade to solve the issue. Not affected: * Clusters where bin/solr auth enable was not used to bootstrap BasicAuth * Clusters where template users have been assigned strong passwords after bootstrap
CVE-2026-9954 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-06-01 7.5 High
Use after free in TabStrip in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2026-9958 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-06-01 8.8 High
Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
CVE-2026-26164 1 Microsoft 2 365 Copilot Business Chat, 365 Copilot Chat 2026-06-01 7.5 High
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-26129 1 Microsoft 2 365 Copilot Business Chat, 365 Copilot Chat 2026-06-01 7.5 High
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-42834 1 Microsoft 2 Azure Portal Windows Admin Center, Windows Admin Center 2026-06-01 7.8 High
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-9972 2 Apple, Google 2 Macos, Chrome 2026-06-01 8.3 High
Uninitialized Use in Gamepad in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-40420 1 Microsoft 6 365 Apps, Office, Office 2019 and 3 more 2026-06-01 8.8 High
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-35436 1 Microsoft 6 365 Apps, Office, Office 2019 and 3 more 2026-06-01 8.8 High
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-40418 1 Microsoft 6 365 Apps, Office, Office 2019 and 3 more 2026-06-01 7.8 High
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-40413 1 Microsoft 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more 2026-06-01 7.4 High
Windows TCP/IP Denial of Service Vulnerability
CVE-2026-9982 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-06-01 8.3 High
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-40401 1 Microsoft 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more 2026-06-01 7.1 High
Windows TCP/IP Denial of Service Vulnerability
CVE-2026-40397 1 Microsoft 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more 2026-06-01 7.8 High
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-40369 1 Microsoft 8 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 5 more 2026-06-01 7.8 High
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-40367 1 Microsoft 13 365 Apps, Office, Office 2019 and 10 more 2026-06-01 8.4 High
Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40365 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-06-01 8.8 High
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-40362 1 Microsoft 11 365 Apps, Excel, Excel 2016 and 8 more 2026-06-01 7.8 High
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.