Search

Search Results (364535 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-22433 1 Google 1 Android 2026-02-26 7.8 High
In canForward of IntentForwarderActivity.java, there is a possible bypass of the cross profile intent filter most commonly used in Work Profile scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-26513 1 Netapp 2 San Host Utilities, Windows Host Utilities 2026-02-26 7 High
The installer for SAN Host Utilities for Windows versions prior to 8.0 is susceptible to a vulnerability which when successfully exploited could allow a local user to escalate their privileges.
CVE-2025-22434 1 Google 1 Android 2026-02-26 7.8 High
In handleKeyGestureEvent of PhoneWindowManager.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-53792 1 Microsoft 2 Azure, Azure Portal 2026-02-26 9.1 Critical
Azure Portal Elevation of Privilege Vulnerability
CVE-2025-22435 1 Google 1 Android 2026-02-26 9.8 Critical
In avdt_msg_ind of avdt_msg.cc, there is a possible memory corruption due to type confusion. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-53767 1 Microsoft 3 Azure, Azure Open-ai, Azure Openai 2026-02-26 10 Critical
Azure OpenAI Elevation of Privilege Vulnerability
CVE-2025-22437 1 Google 1 Android 2026-02-26 7.8 High
In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-53774 1 Microsoft 4 365, 365 Copilot, 365 Copilot Business Chat and 1 more 2026-02-26 6.5 Medium
Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
CVE-2025-22438 1 Google 1 Android 2026-02-26 7.8 High
In afterKeyEventLockedInterruptable of InputDispatcher.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-22439 1 Google 1 Android 2026-02-26 7.3 High
In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2025-53787 1 Microsoft 4 365, 365 Copilot, 365 Copilot Business Chat and 1 more 2026-02-26 8.2 High
Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
CVE-2025-22442 1 Google 1 Android 2026-02-26 7 High
In multiple functions of DevicePolicyManagerService.java, there is a possible way to install unauthorized applications into a newly created work profile due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-26416 1 Google 1 Android 2026-02-26 9.8 Critical
In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-48913 1 Apache 1 Cxf 2026-02-26 9.8 Critical
If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue.
CVE-2025-8088 3 Dtsearch, Microsoft, Rarlab 3 Dtsearch, Windows, Winrar 2026-02-26 8.8 High
A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.
CVE-2023-21475 1 Samsung 3 Android, Mobile, Samsung Mobile 2026-02-26 8 High
Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code.
CVE-2023-21476 1 Samsung 3 Android, Mobile, Samsung Mobile 2026-02-26 8 High
Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code.
CVE-2025-36119 1 Ibm 1 I 2026-02-26 7.1 High
IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i (DCM) due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions in DCM as an administrator.
CVE-2023-21477 1 Samsung 3 Android, Mobile, Samsung Mobile 2026-02-26 7.9 High
Access of Memory Location After End of Buffer vulnerability in TIGERF trustlet prior to SMR Apr-2023 Release 1 allows local attackers to access protected data.
CVE-2025-8356 1 Xerox 1 Freeflow Core 2026-02-26 9.8 Critical
In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.