CVE Database

36500+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-43891
7.5 HIGH

changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from …

May 12, 2026
CVE-2026-42899
7.5 HIGH

Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.

May 12, 2026
CVE-2026-42896
7.8 HIGH

Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-42893
7.4 HIGH

Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.

May 12, 2026
CVE-2026-42832
7.7 HIGH

Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.

May 12, 2026
CVE-2026-42831
7.8 HIGH

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

May 12, 2026
CVE-2026-42825
7.0 HIGH

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-42141
7.7 HIGH

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side …

May 12, 2026
CVE-2026-41895
7.5 HIGH

changedetection.io is a free open source web page change detection tool. In 0.54.9 and earlier, xpath_filter() switches to XML mode for XML/RSS content and creates …

May 12, 2026
CVE-2026-41613
8.8 HIGH

Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

May 12, 2026
CVE-2026-41611
7.8 HIGH

Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.

May 12, 2026
CVE-2026-41109
8.8 HIGH

Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass …

May 12, 2026
CVE-2026-41107
7.4 HIGH

External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

May 12, 2026
CVE-2026-41102
7.1 HIGH

Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.

May 12, 2026
CVE-2026-41101
7.1 HIGH

Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.

May 12, 2026
CVE-2026-41095
7.8 HIGH

Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-41094
8.8 HIGH

Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.

May 12, 2026
CVE-2026-41088
7.8 HIGH

External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-41086
8.8 HIGH

Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

May 12, 2026
CVE-2026-40420
8.8 HIGH

Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-40419
7.8 HIGH

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-40418
7.8 HIGH

Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-40417
7.8 HIGH

Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-40415
8.1 HIGH

Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

May 12, 2026
CVE-2026-40414
7.4 HIGH

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.

May 12, 2026
CVE-2026-40413
7.4 HIGH

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.

May 12, 2026
CVE-2026-40410
7.0 HIGH

Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-40408
7.8 HIGH

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-40407
7.8 HIGH

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-40406
7.5 HIGH

Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.

May 12, 2026
CVE-2026-40405
7.5 HIGH

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.

May 12, 2026
CVE-2026-40403
8.8 HIGH

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.

May 12, 2026
CVE-2026-40401
7.1 HIGH

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally.

May 12, 2026
CVE-2026-40399
7.8 HIGH

Stack-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-40398
7.8 HIGH

Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-40397
7.8 HIGH

Integer underflow (wrap or wraparound) in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-40382
7.8 HIGH

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-40381
7.8 HIGH

Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-40377
7.8 HIGH

Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-40370
8.8 HIGH

External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.

May 12, 2026
CVE-2026-40369
7.8 HIGH

Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-40368
8.0 HIGH

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

May 12, 2026
CVE-2026-40367
8.4 HIGH

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

May 12, 2026
CVE-2026-40366
8.4 HIGH

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

May 12, 2026
CVE-2026-40365
8.8 HIGH

Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

May 12, 2026
CVE-2026-40364
8.4 HIGH

Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

May 12, 2026
CVE-2026-40363
8.4 HIGH

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

May 12, 2026
CVE-2026-40362
7.8 HIGH

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

May 12, 2026
CVE-2026-40361
8.4 HIGH

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

May 12, 2026
CVE-2026-40360
7.8 HIGH

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

May 12, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.