Search

Search Results (366625 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-11371 1 Gladinet 2 Centrestack, Triofox 2026-02-26 7.5 High
In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild.  This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560
CVE-2025-1862 1 Wso2 4 Enterprise Integrator, Identity Server, Identity Server As Key Manager and 1 more 2026-02-26 6.7 Medium
An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user-supplied filenames in the BPEL uploader SOAP service endpoint. A malicious actor with administrative privileges can upload arbitrary files to a user-controlled location on the server. By leveraging this vulnerability, an attacker can upload a specially crafted payload and achieve remote code execution (RCE), potentially compromising the server and its data.
CVE-2025-59218 1 Microsoft 2 Entra Id, Microsoft Entra Id 2026-02-26 9.6 Critical
Azure Entra ID Elevation of Privilege Vulnerability
CVE-2025-10871 1 Gitlab 1 Gitlab 2026-02-26 3.8 Low
An issue has been discovered in GitLab EE affecting all versions from 16.6 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1. Project Maintainers can exploit a vulnerability where they can assign custom roles to users with permissions exceeding their own, effectively granting themselves elevated privileges.
CVE-2025-59246 1 Microsoft 2 Entra Id, Microsoft Entra Id 2026-02-26 9.8 Critical
Azure Entra ID Elevation of Privilege Vulnerability
CVE-2025-7691 1 Gitlab 1 Gitlab 2026-02-26 6.5 Medium
A privilege escalation issue has been discovered in GitLab EE affecting all versions from 16.6 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 that could have allowed a developer with specific group management permissions to escalate their privileges and obtain unauthorized access to additional system capabilities.
CVE-2025-55321 1 Microsoft 1 Azure Monitor 2026-02-26 9.3 Critical
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Monitor allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-59252 1 Microsoft 3 365, 365 Copilot, 365 Word Copilot 2026-02-26 9.3 Critical
Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2025-59271 1 Microsoft 3 Azure Cache For Redis, Azure Cache For Redis Enterprise, Azure Managed Redis 2026-02-26 8.7 High
Redis Enterprise Elevation of Privilege Vulnerability
CVE-2025-41244 4 Debian, Linux, Microsoft and 1 more 10 Debian Linux, Linux Kernel, Windows and 7 more 2026-02-26 7.8 High
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
CVE-2025-25010 1 Elastic 1 Kibana 2026-02-26 6.5 Medium
Incorrect authorization in Kibana can lead to privilege escalation via the built-in reporting_user role which incorrectly has the ability to access all Kibana Spaces.
CVE-2025-59272 1 Microsoft 4 365, 365 Copilot, 365 Copilot Business Chat and 1 more 2026-02-26 9.3 Critical
Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to perform information disclosure locally.
CVE-2025-59286 1 Microsoft 4 365, 365 Copilot, 365 Copilot Business Chat and 1 more 2026-02-26 9.3 Critical
Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2025-57819 2 Freepbx, Sangoma 2 Freepbx, Freepbx 2026-02-26 9.8 Critical
FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.
CVE-2025-21044 1 Samsung 1 Android 2026-02-26 5.7 Medium
Out-of-bounds write in fingerprint trustlet prior to SMR Oct-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
CVE-2025-58334 1 Jetbrains 1 Ide Services 2026-02-26 8.1 High
In JetBrains IDE Services before 2025.5.0.1086, 2025.4.2.2164 users without appropriate permissions could assign high-privileged role for themselves
CVE-2025-34196 2 Microsoft, Vasion 4 Windows, Print Application, Virtual Appliance Application and 1 more 2026-02-26 9.8 Critical
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application prior to 25.1.1413 (Windows client deployments) contain a hardcoded private key for the PrinterLogic Certificate Authority (CA) and a hardcoded password in product configuration files. The Windows client ships the CA certificate and its associated private key (and other sensitive settings such as a configured password) directly in shipped configuration files (for example clientsettings.dat and defaults.ini). An attacker who obtains these files can impersonate the CA, sign arbitrary certificates trusted by the Windows client, intercept or decrypt TLS-protected communications, and otherwise perform man-in-the-middle or impersonation attacks against the product's network communications. This vulnerability has been identified by the vendor as: V-2022-001 — Configuration File Contains CA & Private Key.
CVE-2025-21048 1 Samsung 2 Android, Mobile Devices 2026-02-26 6.7 Medium
Relative path traversal in Knox Enterprise prior to SMR Oct-2025 Release 1 allows local attackers to execute arbitrary code.
CVE-2025-45376 1 Dell 1 Repository Manager 2026-02-26 7.5 High
Dell Repository Manager (DRM), versions 3.4.7 and 3.4.8, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
CVE-2025-21062 1 Samsung 1 Smart Switch 2026-02-26 7.8 High
Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.67.2 allows local attackers to replace the restoring application. User interaction is required for triggering this vulnerability.