Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
30,419 matching · page 81/609Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2026-40370(opens NVD record) | High | 8.8 | External control of file name or path in SQL Server allows an authorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-40369(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-40368(opens NVD record) | High | 8.0 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-40367(opens NVD record) | High | 8.4 | Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. | May 12, 2026 |
| CVE-2026-40366(opens NVD record) | High | 8.4 | Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. | May 12, 2026 |
| CVE-2026-40365(opens NVD record) | High | 8.8 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-40364(opens NVD record) | High | 8.4 | Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. | May 12, 2026 |
| CVE-2026-40363(opens NVD record) | High | 8.4 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | May 12, 2026 |
| CVE-2026-40362(opens NVD record) | High | 7.8 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | May 12, 2026 |
| CVE-2026-40361(opens NVD record) | High | 8.4 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | May 12, 2026 |
| CVE-2026-40360(opens NVD record) | High | 7.8 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | May 12, 2026 |
| CVE-2026-40359(opens NVD record) | High | 7.8 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | May 12, 2026 |
| CVE-2026-40358(opens NVD record) | High | 8.4 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | May 12, 2026 |
| CVE-2026-40357(opens NVD record) | High | 8.8 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-35440(opens NVD record) | Medium | 5.5 | Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | May 12, 2026 |
| CVE-2026-35439(opens NVD record) | High | 8.8 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-35438(opens NVD record) | High | 8.3 | Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network. | May 12, 2026 |
| CVE-2026-35436(opens NVD record) | High | 8.8 | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-35433(opens NVD record) | High | 7.3 | Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-35429(opens NVD record) | Medium | 4.3 | User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | May 12, 2026 |
| CVE-2026-35424(opens NVD record) | High | 7.5 | Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network. | May 12, 2026 |
| CVE-2026-35423(opens NVD record) | Medium | 5.4 | Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network. | May 12, 2026 |
| CVE-2026-35422(opens NVD record) | Medium | 6.5 | Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network. | May 12, 2026 |
| CVE-2026-35421(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally. | May 12, 2026 |
| CVE-2026-35420(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-35419(opens NVD record) | Medium | 5.5 | Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally. | May 12, 2026 |
| CVE-2026-35418(opens NVD record) | High | 7.8 | Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-35417(opens NVD record) | High | 7.8 | Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-35416(opens NVD record) | High | 7.0 | Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-35415(opens NVD record) | High | 7.8 | Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-34687(opens NVD record) | High | 7.8 | Illustrator versions 29.8.6, 30.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | May 12, 2026 |
| CVE-2026-34663(opens NVD record) | Medium | 5.5 | Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | May 12, 2026 |
| CVE-2026-34662(opens NVD record) | Medium | 5.5 | Illustrator versions 29.8.6, 30.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | May 12, 2026 |
| CVE-2026-34661(opens NVD record) | High | 7.8 | Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | May 12, 2026 |
| CVE-2026-34638(opens NVD record) | High | 7.8 | Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | May 12, 2026 |
| CVE-2026-34637(opens NVD record) | High | 7.8 | Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | May 12, 2026 |
| CVE-2026-34636(opens NVD record) | High | 7.8 | Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | May 12, 2026 |
| CVE-2026-34351(opens NVD record) | High | 7.8 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-34350(opens NVD record) | Medium | 6.5 | Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network. | May 12, 2026 |
| CVE-2026-34347(opens NVD record) | High | 7.0 | Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-34345(opens NVD record) | High | 7.0 | Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-34344(opens NVD record) | High | 7.8 | Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-34343(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-34342(opens NVD record) | High | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-34341(opens NVD record) | High | 7.0 | Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-34340(opens NVD record) | High | 7.0 | Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-34339(opens NVD record) | Medium | 5.5 | Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally. | May 12, 2026 |
| CVE-2026-34338(opens NVD record) | High | 7.8 | Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-34337(opens NVD record) | High | 7.8 | Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-34336(opens NVD record) | High | 7.8 | Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | May 12, 2026 |