Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.8 HIGH
CVE-2026-54986 — Windows Win32k Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Win32K allows an authorized attacker to elevate privileges locally.

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.5 HIGH
CVE-2026-54983 — Windows Active Directory Federation Services Denial of Service Vulnerability

Stack-based buffer overflow in Active Directory Federation Services (AD FS) allows an unauthorized attacker to deny service over a network.

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
8.8 HIGH
CVE-2026-54982 — Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability

Integer underflow (wrap or wraparound) in Reliable Multicast Transport Driver (RMCAST) allows an unauthorized attacker to execute code over an adjacent network.

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.2 HIGH
CVE-2026-54433 — Roundcube Webmail Stored Cross-Site Scripting Vulnerability

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, there is Stored Cross-Site Scripting (XSS) via a crafted plain-text email message. The attacker-controlled JavaScript executes within the vi…

webmail | Remote | Cross-Site Scripting
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
4.7 MEDIUM
CVE-2026-54432 — Roundcube Webmail Stored Cross-Site Scripting Vulnerability

Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2 allows Stored Cross-Site Scripting (XSS). The issue occurs because the attachment MIME type is not properly escaped on the attachment-validation…

webmail | Remote | Cross-Site Scripting
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
6.8 MEDIUM
CVE-2026-54132 — Windows Kernel Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Kernel allows an unauthorized attacker to elevate privileges with a physical attack.

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.0 HIGH
CVE-2026-54129 — Windows Hyper-V Elevation of Privilege Vulnerability

Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally.

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.4 HIGH
CVE-2026-54127 — Windows Hyper-V Elevation of Privilege Vulnerability

Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
8.4 HIGH
CVE-2026-54122 — Windows GDI+ Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code locally.

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.5 HIGH
CVE-2026-54119 — Windows Active Directory Denial of Service Vulnerability

Loop with unreachable exit condition ('infinite loop') in Windows Active Directory allows an unauthorized attacker to deny service over a network.

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
8.8 HIGH
CVE-2026-54118 — Microsoft SQL Server Remote Code Execution Vulnerability

Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network.

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
8.8 HIGH
CVE-2026-54117 — Microsoft SQL Server Remote Code Execution Vulnerability

Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network.

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.8 HIGH
CVE-2026-54114 — Windows Win32k Elevation of Privilege Vulnerability

Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.8 HIGH
CVE-2026-54112 — Windows Win32k Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K allows an authorized attacker to elevate privileges locally.

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.0 HIGH
CVE-2026-54111 — Universal Print Management Service Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.8 HIGH
CVE-2026-54109 — Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

Integer overflow or wraparound in Windows Resilient File System (ReFS) allows an authorized attacker to execute code locally.

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
6.5 MEDIUM
CVE-2026-54108 — Microsoft SharePoint Server Spoofing Vulnerability

External control of file name or path in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
8.8 HIGH
CVE-2026-54107 — Windows Win32k Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K allows an authorized attacker to elevate privileges locally.

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
8.3 HIGH
CVE-2026-54058 — Pillow: Out-of-bounds read via attacker-controlled row stride on Pillow's mmap path (McId…

Pillow is a Python imaging library. Prior to 12.3.0, when Pillow loads an uncompressed McIdas AREA image from a filename through the mmap raw codec path, attacker-controlled header words can set a ro…

Remote | Memory Corruption
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.8 HIGH
CVE-2026-50697 — Windows Common Log File System Driver Elevation of Privilege Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
Showing 20 of 7746 Results