Export limit exceeded: 363618 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363618 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363618 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-25010 1 Elastic 1 Kibana 2026-02-26 6.5 Medium
Incorrect authorization in Kibana can lead to privilege escalation via the built-in reporting_user role which incorrectly has the ability to access all Kibana Spaces.
CVE-2025-59272 1 Microsoft 4 365, 365 Copilot, 365 Copilot Business Chat and 1 more 2026-02-26 9.3 Critical
Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to perform information disclosure locally.
CVE-2025-59286 1 Microsoft 4 365, 365 Copilot, 365 Copilot Business Chat and 1 more 2026-02-26 9.3 Critical
Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2025-57819 2 Freepbx, Sangoma 2 Freepbx, Freepbx 2026-02-26 9.8 Critical
FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.
CVE-2025-21044 1 Samsung 1 Android 2026-02-26 5.7 Medium
Out-of-bounds write in fingerprint trustlet prior to SMR Oct-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
CVE-2025-58334 1 Jetbrains 1 Ide Services 2026-02-26 8.1 High
In JetBrains IDE Services before 2025.5.0.1086, 2025.4.2.2164 users without appropriate permissions could assign high-privileged role for themselves
CVE-2025-34196 2 Microsoft, Vasion 4 Windows, Print Application, Virtual Appliance Application and 1 more 2026-02-26 9.8 Critical
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application prior to 25.1.1413 (Windows client deployments) contain a hardcoded private key for the PrinterLogic Certificate Authority (CA) and a hardcoded password in product configuration files. The Windows client ships the CA certificate and its associated private key (and other sensitive settings such as a configured password) directly in shipped configuration files (for example clientsettings.dat and defaults.ini). An attacker who obtains these files can impersonate the CA, sign arbitrary certificates trusted by the Windows client, intercept or decrypt TLS-protected communications, and otherwise perform man-in-the-middle or impersonation attacks against the product's network communications. This vulnerability has been identified by the vendor as: V-2022-001 — Configuration File Contains CA & Private Key.
CVE-2025-21048 1 Samsung 2 Android, Mobile Devices 2026-02-26 6.7 Medium
Relative path traversal in Knox Enterprise prior to SMR Oct-2025 Release 1 allows local attackers to execute arbitrary code.
CVE-2025-45376 1 Dell 1 Repository Manager 2026-02-26 7.5 High
Dell Repository Manager (DRM), versions 3.4.7 and 3.4.8, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
CVE-2025-21062 1 Samsung 1 Smart Switch 2026-02-26 7.8 High
Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.67.2 allows local attackers to replace the restoring application. User interaction is required for triggering this vulnerability.
CVE-2025-21064 1 Samsung 1 Smart Switch 2026-02-26 8.8 High
Improper authentication in Smart Switch prior to version 3.7.66.6 allows adjacent attackers to access transferring data.
CVE-2025-34212 1 Vasion 2 Virtual Appliance Application, Virtual Appliance Host 2026-02-26 9.8 Critical
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.843 and Application prior to version 20.0.1923 (VA/SaaS deployments) possess CI/CD weaknesses: the build pulls an unverified third-party image, downloads the VirtualBox Extension Pack over plain HTTP without signature validation, and grants the jenkins account NOPASSWD for mount/umount. Together these allow supply chain or man-in-the-middle compromise of the build pipeline, injection of malicious firmware, and remote code execution as root on the CI host. This vulnerability has been identified by the vendor as: V-2023-007 — Supply Chain Attack.
CVE-2025-55177 3 Apple, Facebook, Whatsapp 7 Ios, Macos, Facebook and 4 more 2026-02-26 5.4 Medium
Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users.
CVE-2025-25018 1 Elastic 1 Kibana 2026-02-26 8.7 High
Improper Neutralization of Input During Web Page Generation in Kibana can lead to stored Cross-Site Scripting (XSS)
CVE-2025-36245 1 Ibm 1 Infosphere Information Server 2026-02-26 8.8 High
IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input.
CVE-2025-30264 1 Qnap 2 Qts, Quts Hero 2026-02-26 8.8 High
A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later
CVE-2025-52856 1 Qnap 1 Qvr 2026-02-26 9.8 Critical
An improper authentication vulnerability has been reported to affect VioStor. If a remote attacker, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: VioStor 5.1.6 build 20250621 and later
CVE-2025-9377 1 Tp-link 6 Archer C7, Archer C7 Firmware, Tl-wr841n and 3 more 2026-02-26 7.2 High
The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9. This issue affects Archer C7(EU) V2: before 241108 and TL-WR841N/ND(MS) V9: before 241108. Both products have reached the status of EOL (end-of-life). It's recommending to purchase the new product to ensure better performance and security. If replacement is not an option in the short term, please use the second reference link to download and install the patch(es).
CVE-2025-61884 1 Oracle 1 Configurator 2026-02-26 7.5 High
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVE-2025-6033 1 Ni 1 Circuit Design Suite 2026-02-26 7.8 High
There is a memory corruption vulnerability due to an out of bounds write in XML_Serialize() when using SymbolEditor in NI Circuit Design Suite.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.1 and prior versions.