Search

Search Results (363821 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-25021 1 Ibm 2 Cloud Pak For Security, Qradar Suite 2026-02-26 7.2 High
IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a privileged execute code in case management script creation due to the improper generation of code.
CVE-2025-49682 1 Microsoft 14 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 11 more 2026-02-26 7.3 High
Use after free in Windows Media allows an authorized attacker to elevate privileges locally.
CVE-2025-49685 1 Microsoft 13 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 10 more 2026-02-26 7 High
Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.
CVE-2025-20163 1 Cisco 2 Nexus Dashboard, Nexus Dashboard Fabric Controller 2026-02-26 8.7 High
A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH connections to Cisco NDFC-managed devices, which could allow an attacker to intercept this traffic. A successful exploit could allow the attacker to impersonate a managed device and capture user credentials.
CVE-2025-49699 1 Microsoft 14 365 Apps, Office, Office 2019 and 11 more 2026-02-26 7 High
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-20275 1 Cisco 1 Unified Contact Center Express 2026-02-26 5.3 Medium
A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX) Editor could allow an unauthenticated attacker to execute arbitrary code on an affected device.  This vulnerability is due to insecure deserialization of Java objects by the affected software. An attacker could exploit this vulnerability by persuading an authenticated, local user to open a crafted .aef file. A successful exploit could allow the attacker to execute arbitrary code on the host that is running the editor application with the privileges of the user who launched it.
CVE-2025-49700 1 Microsoft 8 365 Apps, Office, Office 2019 and 5 more 2026-02-26 7.8 High
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-20276 1 Cisco 1 Unified Contact Center Express 2026-02-26 3.8 Low
A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.  This vulnerability is due to insecure deserialization of Java objects by the affected software. An attacker could exploit this vulnerability by sending a crafted Java object to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of an affected device as a low-privilege user. A successful exploit could also allow the attacker to undertake further actions to elevate their privileges to root.
CVE-2025-49703 1 Microsoft 13 365 Apps, Office, Office 2019 and 10 more 2026-02-26 7.8 High
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-20277 1 Cisco 1 Unified Contact Center Express 2026-02-26 3.4 Low
A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper limitation of a pathname to a restricted directory (path traversal). An attacker could exploit this vulnerability by sending a crafted web request to an affected device, followed by a specific command through an SSH session. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of an affected device as a low-privilege user. A successful exploit could also allow the attacker to undertake further actions to elevate their privileges to root.
CVE-2025-49706 1 Microsoft 4 Sharepoint Enterprise Server, Sharepoint Server, Sharepoint Server 2016 and 1 more 2026-02-26 6.5 Medium
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-27904 1 Ibm 2 Db2 Recovery Expert, Db2 Recovery Expert For Luw 2026-02-26 6.5 Medium
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVE-2025-27903 1 Ibm 2 Db2 Recovery Expert, Db2 Recovery Expert For Luw 2026-02-26 5.9 Medium
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques.
CVE-2025-20278 1 Cisco 8 Finesse, Socialminer, Unified Communications Manager and 5 more 2026-02-26 6 Medium
A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials.
CVE-2025-49714 1 Microsoft 2 Python, Visual Studio Code 2026-02-26 7.8 High
Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally.
CVE-2025-47827 2 Igel, Microsoft 16 Igel Os, Windows 10 1507, Windows 10 1607 and 13 more 2026-02-26 4.6 Medium
In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.
CVE-2025-49727 1 Microsoft 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more 2026-02-26 7 High
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2025-43026 1 Hp 1 Support Assistant 2026-02-26 7.8 High
A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.44.18.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write.
CVE-2025-49729 1 Microsoft 11 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 8 more 2026-02-26 8.8 High
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-47966 1 Microsoft 2 Power Automate, Power Automate For Desktop 2026-02-26 9.8 Critical
Exposure of sensitive information to an unauthorized actor in Power Automate allows an unauthorized attacker to elevate privileges over a network.