Export limit exceeded: 357929 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357929 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-44802 | 1 Microsoft | 18 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 15 more | 2026-06-12 | 7.8 High |
| Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-44804 | 1 Microsoft | 2 Windows 11 26h1, Windows 11 26h1 | 2026-06-12 | 7.8 High |
| Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-44807 | 1 Microsoft | 2 Windows 11 26h1, Windows 11 26h1 | 2026-06-12 | 7.8 High |
| Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-44808 | 1 Microsoft | 2 Windows 11 26h1, Windows 11 26h1 | 2026-06-12 | 7.8 High |
| Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-44811 | 1 Microsoft | 2 Windows 11 26h1, Windows 11 26h1 | 2026-06-12 | 7.8 High |
| Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-44207 | 1 Frappe | 1 Frappe | 2026-06-12 | N/A |
| Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, an IDOR vulnerability allows authenticated users to access other users' email configuration details. This issue has been patched in versions 15.107.0 and 16.17.0. | ||||
| CVE-2026-45832 | 1 Chroma | 1 Chromadb | 2026-06-12 | 8.1 High |
| All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints. | ||||
| CVE-2026-44813 | 1 Microsoft | 2 Windows 11 26h1, Windows 11 26h1 | 2026-06-12 | 7.8 High |
| Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-44814 | 1 Microsoft | 2 Windows 11 26h1, Windows 11 26h1 | 2026-06-12 | 5.5 Medium |
| Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-48565 | 1 Microsoft | 1 Windows Narrator Braille | 2026-06-12 | 7.8 High |
| Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-48569 | 1 Microsoft | 1 Visual Studio Code | 2026-06-12 | 7.1 High |
| Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2025-55658 | 1 Gpac | 2 Gpac, Mp4box | 2026-06-12 | 6.5 Medium |
| GPAC MP4Box v2.4 was discovered to contain a floating point exception in the gf_opus_parse_packet_header function (media_tools/av_parsers.c). bThis vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file. | ||||
| CVE-2026-8828 | 1 Chroma | 1 Chromadb | 2026-06-12 | N/A |
| A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to. | ||||
| CVE-2026-44975 | 1 Frappe | 1 Frappe | 2026-06-12 | N/A |
| Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, any authenticated user can reset onboarding for all users in the system. This issue has been patched in versions 15.107.2 and 16.17.4. | ||||
| CVE-2026-47739 | 1 Frappe | 1 Frappe | 2026-06-12 | N/A |
| Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, stored XSS in Note was possible due to lack of sanitization. This issue has been patched in versions 15.106.0 and 16.16.0. | ||||
| CVE-2026-44206 | 1 Frappe | 1 Frappe | 2026-06-12 | N/A |
| Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, DB Schema Enumeration is possible through exploiting an endpoint. This issue has been patched in versions 15.107.2 and 16.17.4. | ||||
| CVE-2026-47182 | 1 Frappe | 1 Frappe | 2026-06-12 | N/A |
| Frappe is a full-stack web application framework. Prior to version 16.17.4, any authenticated user can access private files by guessing the file path. This issue has been patched in version 16.17.4. | ||||
| CVE-2026-45830 | 1 Chroma | 1 Chromadb | 2026-06-12 | 8.1 High |
| A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to. | ||||
| CVE-2026-45831 | 1 Chroma | 1 Chromadb | 2026-06-12 | 6.8 Medium |
| The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a user holds a given permission but never checks which tenant, database, or collection that permission applies to allowing users to perform cross tenant actions. | ||||
| CVE-2026-47137 | 1 Patriksimek | 1 Vm2 | 2026-06-12 | 10 Critical |
| vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the fix for GHSA-8hg8-63c5-gwmx (CVE-2023-37903) introduced a check in nodevm.js line 263 that blocks the combination nesting: true + require: false. However, the check uses strict equality (options.require === false), which is trivially bypassed by omitting the require option entirely. When require is not specified, options.require is undefined, not false. The strict equality check fails, so the security guard is skipped. Immediately after (line 280), the destructuring default require: requireOpts = false assigns requireOpts = false, producing the exact configuration the patch was designed to prevent. This issue has been patched in version 3.11.4. | ||||