Export limit exceeded: 348038 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29908 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29908 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49707 | 1 Microsoft | 33 Dcadsv5 Series Azure Vm, Dcasv5 Series Azure Vm, Dcedsv5 Series Azure Vm and 30 more | 2026-02-26 | 7.9 High |
| Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally. | ||||
| CVE-2025-54906 | 1 Microsoft | 12 365 Apps, Office, Office 2016 and 9 more | 2026-02-26 | 7.8 High |
| Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-53800 | 1 Microsoft | 18 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 15 more | 2026-02-26 | 7.8 High |
| No cwe for this issue in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-43728 | 1 Dell | 33 Latitude 3330, Latitude 3420, Latitude 3440 and 30 more | 2026-02-26 | 9.6 Critical |
| Dell ThinOS 10, versions prior to 2508_10.0127, contain a Protection Mechanism Failure vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. | ||||
| CVE-2025-48628 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-68351 | 1 Linux | 1 Linux Kernel | 2026-02-26 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: exfat: fix refcount leak in exfat_find Fix refcount leaks in `exfat_find` related to `exfat_get_dentry_set`. Function `exfat_get_dentry_set` would increase the reference counter of `es->bh` on success. Therefore, `exfat_put_dentry_set` must be called after `exfat_get_dentry_set` to ensure refcount consistency. This patch relocate two checks to avoid possible leaks. | ||||
| CVE-2024-1709 | 1 Connectwise | 1 Screenconnect | 2026-02-26 | 10 Critical |
| ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems. | ||||
| CVE-2023-24489 | 1 Citrix | 1 Sharefile Storage Zones Controller | 2026-02-26 | 9.8 Critical |
| A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller. | ||||
| CVE-2023-23752 | 1 Joomla | 1 Joomla\! | 2026-02-26 | 5.3 Medium |
| An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. | ||||
| CVE-2023-4237 | 1 Redhat | 3 Ansible Automation Platform, Ansible Automation Platform Cloud Billing, Ansible Collection | 2026-02-25 | 7.3 High |
| A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability. | ||||
| CVE-2023-46813 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more | 2026-02-25 | 7.0 High |
| An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it. | ||||
| CVE-2023-40151 | 1 Redlioncontrols | 12 St-ipm-6350, St-ipm-6350 Firmware, St-ipm-8460 and 9 more | 2026-02-25 | 10 Critical |
| When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP the RTU will simply accept the message with no authentication challenge. | ||||
| CVE-2023-26303 | 1 Executablebooks | 1 Markdown-it-py | 2026-02-25 | 3.3 Low |
| Denial of service could be caused to markdown-it-py, before v2.2.0, if an attacker was allowed to force null assertions with specially crafted input. | ||||
| CVE-2023-26302 | 1 Executablebooks | 1 Markdown-it-py | 2026-02-25 | 3.3 Low |
| Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input. | ||||
| CVE-2023-50706 | 1 Efacec | 2 Uc 500e, Uc 500e Firmware | 2026-02-25 | 4.1 Medium |
| A user without administrator permissions with access to the UC500 windows system could perform a memory dump of the running processes and extract clear credentials or valid session tokens. | ||||
| CVE-2021-36934 | 1 Microsoft | 7 Windows 10 1809, Windows 10 1909, Windows 10 2004 and 4 more | 2026-02-25 | 7.8 High |
| <p>An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>An attacker must have the ability to execute code on a victim system to exploit this vulnerability.</p> <p>After installing this security update, you <em>must</em> manually delete all shadow copies of system files, including the SAM database, to fully mitigate this vulnerabilty. <strong>Simply installing this security update will not fully mitigate this vulnerability.</strong> See <a href="https://support.microsoft.com/topic/1ceaa637-aaa3-4b58-a48b-baf72a2fa9e7">KB5005357- Delete Volume Shadow Copies</a>.</p> | ||||
| CVE-2022-27518 | 1 Citrix | 4 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 1 more | 2026-02-25 | 9.8 Critical |
| Unauthenticated remote arbitrary code execution | ||||
| CVE-2021-26029 | 1 Joomla | 1 Joomla\! | 2026-02-25 | 5.3 Medium |
| An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate filtering of form contents could allow to overwrite the author field. | ||||
| CVE-2024-38886 | 1 Horizoncloud | 1 Caterease | 2026-02-24 | 9.8 Critical |
| An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Traffic Injection attack due to improper verification of the source of a communication channel. | ||||
| CVE-2025-21014 | 2 Samsung, Samsung Mobile | 2 Android, Samsung Mobile Devices | 2026-02-24 | 4.3 Medium |
| Improper export of android application component in Emergency SoS prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information. | ||||