Search

Search Results (364697 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-27038 1 Qualcomm 88 Ar8031, Ar8031 Firmware, Csra6620 and 85 more 2026-02-26 7.5 High
Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
CVE-2025-49668 1 Microsoft 11 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 8 more 2026-02-26 8.8 High
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-21479 1 Qualcomm 150 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 147 more 2026-02-26 8.6 High
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
CVE-2025-49669 1 Microsoft 11 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 8 more 2026-02-26 8.8 High
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-49673 1 Microsoft 11 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 8 more 2026-02-26 8.8 High
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-36564 1 Dell 1 Encryption 2026-02-26 7.8 High
Dell Encryption Admin Utilities versions prior to 11.10.2 contain an Improper Link Resolution vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.
CVE-2025-49675 1 Microsoft 27 Windows, Windows 10, Windows 10 1507 and 24 more 2026-02-26 7.8 High
Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-25022 1 Ibm 2 Cloud Pak For Security, Qradar Suite 2026-02-26 9.6 Critical
IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an unauthenticated user in the environment to obtain highly sensitive information in configuration files.
CVE-2025-49678 1 Microsoft 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more 2026-02-26 7 High
Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally.
CVE-2025-25021 1 Ibm 2 Cloud Pak For Security, Qradar Suite 2026-02-26 7.2 High
IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a privileged execute code in case management script creation due to the improper generation of code.
CVE-2025-49682 1 Microsoft 14 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 11 more 2026-02-26 7.3 High
Use after free in Windows Media allows an authorized attacker to elevate privileges locally.
CVE-2025-49685 1 Microsoft 13 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 10 more 2026-02-26 7 High
Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.
CVE-2025-20163 1 Cisco 2 Nexus Dashboard, Nexus Dashboard Fabric Controller 2026-02-26 8.7 High
A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH connections to Cisco NDFC-managed devices, which could allow an attacker to intercept this traffic. A successful exploit could allow the attacker to impersonate a managed device and capture user credentials.
CVE-2025-49699 1 Microsoft 14 365 Apps, Office, Office 2019 and 11 more 2026-02-26 7 High
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-20275 1 Cisco 1 Unified Contact Center Express 2026-02-26 5.3 Medium
A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX) Editor could allow an unauthenticated attacker to execute arbitrary code on an affected device.  This vulnerability is due to insecure deserialization of Java objects by the affected software. An attacker could exploit this vulnerability by persuading an authenticated, local user to open a crafted .aef file. A successful exploit could allow the attacker to execute arbitrary code on the host that is running the editor application with the privileges of the user who launched it.
CVE-2025-49700 1 Microsoft 8 365 Apps, Office, Office 2019 and 5 more 2026-02-26 7.8 High
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-20276 1 Cisco 1 Unified Contact Center Express 2026-02-26 3.8 Low
A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.  This vulnerability is due to insecure deserialization of Java objects by the affected software. An attacker could exploit this vulnerability by sending a crafted Java object to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of an affected device as a low-privilege user. A successful exploit could also allow the attacker to undertake further actions to elevate their privileges to root.
CVE-2025-49703 1 Microsoft 13 365 Apps, Office, Office 2019 and 10 more 2026-02-26 7.8 High
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-20277 1 Cisco 1 Unified Contact Center Express 2026-02-26 3.4 Low
A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper limitation of a pathname to a restricted directory (path traversal). An attacker could exploit this vulnerability by sending a crafted web request to an affected device, followed by a specific command through an SSH session. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of an affected device as a low-privilege user. A successful exploit could also allow the attacker to undertake further actions to elevate their privileges to root.
CVE-2025-49706 1 Microsoft 4 Sharepoint Enterprise Server, Sharepoint Server, Sharepoint Server 2016 and 1 more 2026-02-26 6.5 Medium
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.