Search

Search Results (363261 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-50153 1 Microsoft 25 Server, Windows, Windows 10 and 22 more 2026-02-13 7.8 High
Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-49762 1 Microsoft 29 Windows, Windows 10, Windows 10 1507 and 26 more 2026-02-13 7 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2025-49759 1 Microsoft 6 Server, Sql Server, Sql Server 2016 and 3 more 2026-02-13 8.8 High
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-49743 1 Microsoft 29 Windows, Windows 10, Windows 10 1507 and 26 more 2026-02-13 6.7 Medium
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2025-53781 1 Microsoft 34 Dcadsv5 Series Azure Vm, Dcasv5 Series Azure Vm, Dcedsv5 Series Azure Vm and 31 more 2026-02-13 7.7 High
Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network.
CVE-2025-53761 1 Microsoft 11 365, 365 Apps, Office and 8 more 2026-02-13 7.8 High
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2025-53760 1 Microsoft 4 Sharepoint Enterprise Server 2016, Sharepoint Server, Sharepoint Server 2016 and 1 more 2026-02-13 7.1 High
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
CVE-2025-53730 1 Microsoft 8 365, 365 Apps, Office and 5 more 2026-02-13 7.8 High
Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.
CVE-2025-53727 1 Microsoft 6 Sql 2016 Azure Connect Feature Pack, Sql Server, Sql Server 2016 and 3 more 2026-02-13 8.8 High
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-49758 1 Microsoft 6 Sql 2016 Azure Connect Feature Pack, Sql Server, Sql Server 2016 and 3 more 2026-02-13 8.8 High
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-49745 1 Microsoft 1 Dynamics 365 2026-02-13 5.4 Medium
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-49751 1 Microsoft 25 Hyper-v, Server, Windows and 22 more 2026-02-13 6.8 Medium
Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.
CVE-2025-51958 1 Aelsantex 1 Runcommand 2026-02-13 9.8 Critical
aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/plugins/runcommand/postaction.php.
CVE-2024-41355 1 Phpipam 1 Phpipam 2026-02-13 6.5 Medium
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/tools/request-ip/index.php.
CVE-2023-4451 2 Agentejo, Cockpit-hq 2 Cockpit, Cockpit 2026-02-13 6.1 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.
CVE-2023-0676 1 Phpipam 1 Phpipam 2026-02-13 6.1 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.
CVE-2021-35438 1 Phpipam 1 Phpipam 2026-02-13 6.1 Medium
phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator.
CVE-2018-15899 1 1234n 1 Minicms 2026-02-13 N/A
An issue was discovered in MiniCMS 1.10. There is a post.php?date= XSS vulnerability.
CVE-2017-6541 1 Webpagetest Project 1 Webpagetest 2026-02-13 N/A
Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, time) passed to the webpagetest-master/www/benchmarks/viewtest.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVE-2017-6537 1 Webpagetest Project 1 Webpagetest 2026-02-13 N/A
A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (bgcolor) passed to the webpagetest-master/www/video/view.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.