Total
335150 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-21229 | 1 Microsoft | 1 Power Bi Report Server | 2026-02-26 | 8 High |
| Improper input validation in Power BI allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-21523 | 1 Microsoft | 1 Visual Studio Code | 2026-02-26 | 8 High |
| Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-23655 | 1 Microsoft | 3 Confidental Containers, Confidential Sidecar Containers, Microsoft Aci Confidential Containers | 2026-02-26 | 6.5 Medium |
| Cleartext storage of sensitive information in Azure Compute Gallery allows an authorized attacker to disclose information over a network. | ||||
| CVE-2026-21218 | 3 Apple, Linux, Microsoft | 4 Macos, Linux Kernel, .net and 1 more | 2026-02-26 | 7.5 High |
| Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-21236 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-02-26 | 7.8 High |
| Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21234 | 1 Microsoft | 22 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 19 more | 2026-02-26 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21235 | 1 Microsoft | 21 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 18 more | 2026-02-26 | 7.3 High |
| Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21242 | 1 Microsoft | 19 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 16 more | 2026-02-26 | 7 High |
| Use after free in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21246 | 1 Microsoft | 28 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 25 more | 2026-02-26 | 7.8 High |
| Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21247 | 1 Microsoft | 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more | 2026-02-26 | 7.3 High |
| Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally. | ||||
| CVE-2026-21248 | 1 Microsoft | 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more | 2026-02-26 | 7.3 High |
| Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally. | ||||
| CVE-2026-21260 | 1 Microsoft | 11 365 Apps, Office, Office 2019 and 8 more | 2026-02-26 | 7.5 High |
| Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-21258 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-02-26 | 5.5 Medium |
| Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-21259 | 1 Microsoft | 9 365 Apps, Excel, Excel 2016 and 6 more | 2026-02-26 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2026-21512 | 1 Microsoft | 2 Azure Devops Server, Azure Devops Server 2022 | 2026-02-26 | 6.5 Medium |
| Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to perform spoofing over a network. | ||||
| CVE-2026-21517 | 1 Microsoft | 2 Windows App, Windows App For Mac | 2026-02-26 | 4.7 Medium |
| Improper link resolution before file access ('link following') in Windows App for Mac allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21518 | 1 Microsoft | 1 Visual Studio Code | 2026-02-26 | 8.8 High |
| Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2026-21519 | 1 Microsoft | 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more | 2026-02-26 | 7.8 High |
| Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2024-42056 | 1 Retool | 1 Retool | 2026-02-26 | 6.5 Medium |
| Retool (self-hosted enterprise) through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered (by an authenticated attacker) via the /api/resources endpoint. The earliest affected version is 3.18.1. | ||||
| CVE-2022-45179 | 1 Liveboxcloud | 1 Vdesk | 2026-02-26 | 5.4 Medium |
| An issue was discovered in LIVEBOX Collaboration vDesk through v031. A basic XSS vulnerability exists under the /api/v1/vdeskintegration/todo/createorupdate endpoint via the title parameter and /dashboard/reminders. A remote user (authenticated to the product) can store arbitrary HTML code in the reminder section title in order to corrupt the web page (for example, by creating phishing sections to exfiltrate victims' credentials). | ||||