Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2026-26149
CRITICAL CVSS 9.0
Find Similar
Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to perform spoofing over a network.
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network.
Improper access control in Windows Deployment Services allows an unauthorized attacker to execute code over an adjacent network.
CVE-2026-42898
CRITICAL CVSS 9.9
Find Similar
Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
CVE-2026-42833
CRITICAL CVSS 9.1
Find Similar
Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.
CVE-2026-23652
CRITICAL CVSS 9.8
Find Similar
Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network.
CVE-2026-42823
CRITICAL CVSS 9.9
Find Similar
Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network.
CVE-2026-47647
CRITICAL CVSS 9.9
Find Similar
Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a network.
Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network.
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network.
Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network.
Page 1+ Next →