Export limit exceeded: 364491 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364491 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-53731 1 Microsoft 12 365, 365 Apps, Office and 9 more 2026-02-26 8.4 High
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-43722 1 Dell 1 Powerscale Onefs 2026-02-26 6.7 Medium
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper privilege management vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.
CVE-2025-53735 1 Microsoft 15 365, 365 Apps, Excel and 12 more 2026-02-26 7.8 High
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-53737 1 Microsoft 14 365, 365 Apps, Excel and 11 more 2026-02-26 7.8 High
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-53739 1 Microsoft 15 365, 365 Apps, Excel and 12 more 2026-02-26 7.8 High
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-50155 1 Microsoft 26 Server, Windows, Windows 10 1507 and 23 more 2026-02-26 7.8 High
Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2025-53778 1 Microsoft 29 Windows, Windows 10, Windows 10 1507 and 26 more 2026-02-26 8.8 High
Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.
CVE-2025-53779 1 Microsoft 4 Server, Windows, Windows Server and 1 more 2026-02-26 7.2 High
Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network.
CVE-2025-53788 1 Microsoft 1 Windows Subsystem For Linux 2026-02-26 7 High
Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.
CVE-2025-9712 1 Ivanti 1 Endpoint Manager 2026-02-26 8.8 High
Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
CVE-2025-53789 1 Microsoft 23 Server, Windows, Windows 10 1507 and 20 more 2026-02-26 7.8 High
Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally.
CVE-2025-9872 1 Ivanti 1 Endpoint Manager 2026-02-26 8.8 High
Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
CVE-2025-48807 1 Microsoft 23 Hyper-v, Server, Windows and 20 more 2026-02-26 6.7 Medium
Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally.
CVE-2025-55145 1 Ivanti 5 Connect Secure, Neurons For Secure Access, Policy Secure and 2 more 2026-02-26 8.9 High
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker to hijack existing HTML5 connections.
CVE-2025-49707 1 Microsoft 33 Dcadsv5 Series Azure Vm, Dcasv5 Series Azure Vm, Dcedsv5 Series Azure Vm and 30 more 2026-02-26 7.9 High
Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.
CVE-2025-55147 1 Ivanti 5 Connect Secure, Neurons For Secure Access, Policy Secure and 2 more 2026-02-26 8.8 High
CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to execute sensitive actions on behalf of the victim user. User interaction is required
CVE-2025-55141 1 Ivanti 5 Connect Secure, Neurons For Secure Access, Policy Secure and 2 more 2026-02-26 8.8 High
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure authentication related settings.
CVE-2025-55142 1 Ivanti 5 Connect Secure, Neurons For Secure Access, Policy Secure and 2 more 2026-02-26 8.8 High
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure authentication related settings.
CVE-2025-49555 1 Adobe 3 Commerce, Commerce B2b, Magento 2026-02-26 8.1 High
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege escalation. A high-privileged attacker could trick a victim into executing unintended actions on a web application where the victim is authenticated, potentially allowing unauthorized access or modification of sensitive data. Exploitation of this issue requires user interaction in that a victim must visit a malicious website or click on a crafted link. Scope is changed.
CVE-2025-54252 1 Adobe 1 Experience Manager 2026-02-26 5.4 Medium
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. This could result in bypassing security features within the application. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field.