Search

Search Results (363984 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-23006 1 Sonicwall 15 Sma6200, Sma6200 Firmware, Sma6210 and 12 more 2026-02-26 9.8 Critical
Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.
CVE-2025-21349 1 Microsoft 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more 2026-02-26 6.8 Medium
Windows Remote Desktop Configuration Service Tampering Vulnerability
CVE-2025-0411 2 7-zip, Netapp 2 7-zip, Active Iq Unified Manager 2026-02-26 7.0 High
7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.
CVE-2025-21359 1 Microsoft 17 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 14 more 2026-02-26 7.8 High
Windows Kernel Security Feature Bypass Vulnerability
CVE-2025-21367 1 Microsoft 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more 2026-02-26 7.8 High
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVE-2025-21371 1 Microsoft 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more 2026-02-26 8.8 High
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21415 1 Microsoft 1 Azure Ai Face Service 2026-02-26 9.9 Critical
Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network.
CVE-2025-21386 1 Microsoft 11 365 Apps, Excel, Excel 2016 and 8 more 2026-02-26 7.8 High
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21396 1 Microsoft 2 Account, Micrososft Account 2026-02-26 8.2 High
Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-21387 1 Microsoft 11 365 Apps, Excel, Excel 2016 and 8 more 2026-02-26 7.8 High
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-55417 1 Thecontrolgroup 1 Voyager 2026-02-26 4.3 Medium
DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. An authenticated user can upload a web shell causing arbitrary code execution on the server.
CVE-2025-21390 1 Microsoft 11 365 Apps, Excel, Excel 2016 and 8 more 2026-02-26 7.8 High
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-22220 1 Vmware 2 Aria Operations For Logs, Cloud Foundation 2026-02-26 4.3 Medium
VMware Aria Operations for Logs contains a privilege escalation vulnerability. A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin user.
CVE-2025-21392 1 Microsoft 9 365 Apps, Office, Office 2016 and 6 more 2026-02-26 7.8 High
Microsoft Office Remote Code Execution Vulnerability
CVE-2025-21394 1 Microsoft 11 365 Apps, Excel, Excel 2016 and 8 more 2026-02-26 7.8 High
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21397 1 Microsoft 4 365 Apps, Office 2021, Office 2024 and 1 more 2026-02-26 7.8 High
Microsoft Office Remote Code Execution Vulnerability
CVE-2025-24042 1 Microsoft 2 Visual Studio Code, Vscode-js-debug 2026-02-26 7.3 High
Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability
CVE-2025-21384 1 Microsoft 1 Azure Health Bot 2026-02-26 8.3 High
An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.
CVE-2025-0108 1 Paloaltonetworks 1 Pan-os 2026-02-26 9.1 Critical
An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.
CVE-2025-0111 1 Paloaltonetworks 1 Pan-os 2026-02-26 6.5 Medium
An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.