Export limit exceeded: 364930 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364930 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-50159 1 Microsoft 26 Windows, Windows 10, Windows 10 1507 and 23 more 2026-02-13 7.3 High
Use after free in Remote Access Point-to-Point Protocol (PPP) EAP-TLS allows an authorized attacker to elevate privileges locally.
CVE-2025-50158 1 Microsoft 27 Windows, Windows 10 1507, Windows 10 1607 and 24 more 2026-02-13 7 High
Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally.
CVE-2025-50156 1 Microsoft 16 Server, Windows, Windows 2008 and 13 more 2026-02-13 5.7 Medium
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.
CVE-2025-50154 1 Microsoft 27 Windows, Windows 10 1507, Windows 10 1607 and 24 more 2026-02-13 6.5 Medium
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-50153 1 Microsoft 25 Server, Windows, Windows 10 and 22 more 2026-02-13 7.8 High
Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-49762 1 Microsoft 29 Windows, Windows 10, Windows 10 1507 and 26 more 2026-02-13 7 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2025-49759 1 Microsoft 6 Server, Sql Server, Sql Server 2016 and 3 more 2026-02-13 8.8 High
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-49743 1 Microsoft 29 Windows, Windows 10, Windows 10 1507 and 26 more 2026-02-13 6.7 Medium
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2025-53781 1 Microsoft 34 Dcadsv5 Series Azure Vm, Dcasv5 Series Azure Vm, Dcedsv5 Series Azure Vm and 31 more 2026-02-13 7.7 High
Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network.
CVE-2025-53761 1 Microsoft 11 365, 365 Apps, Office and 8 more 2026-02-13 7.8 High
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2025-53760 1 Microsoft 4 Sharepoint Enterprise Server 2016, Sharepoint Server, Sharepoint Server 2016 and 1 more 2026-02-13 7.1 High
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
CVE-2025-53730 1 Microsoft 8 365, 365 Apps, Office and 5 more 2026-02-13 7.8 High
Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.
CVE-2025-53727 1 Microsoft 6 Sql 2016 Azure Connect Feature Pack, Sql Server, Sql Server 2016 and 3 more 2026-02-13 8.8 High
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-49758 1 Microsoft 6 Sql 2016 Azure Connect Feature Pack, Sql Server, Sql Server 2016 and 3 more 2026-02-13 8.8 High
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-49745 1 Microsoft 1 Dynamics 365 2026-02-13 5.4 Medium
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-49751 1 Microsoft 25 Hyper-v, Server, Windows and 22 more 2026-02-13 6.8 Medium
Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.
CVE-2025-51958 1 Aelsantex 1 Runcommand 2026-02-13 9.8 Critical
aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/plugins/runcommand/postaction.php.
CVE-2024-41355 1 Phpipam 1 Phpipam 2026-02-13 6.5 Medium
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/tools/request-ip/index.php.
CVE-2023-4451 2 Agentejo, Cockpit-hq 2 Cockpit, Cockpit 2026-02-13 6.1 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.
CVE-2023-0676 1 Phpipam 1 Phpipam 2026-02-13 6.1 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.