Export limit exceeded: 10202 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364488 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364488 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-54106 1 Microsoft 8 Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and 5 more 2026-02-26 8.8 High
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-49557 1 Adobe 3 Commerce, Commerce B2b, Magento 2026-02-26 8.7 High
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed.
CVE-2025-54896 1 Microsoft 15 365, 365 Apps, Excel and 12 more 2026-02-26 7.8 High
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-54897 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-02-26 8.8 High
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-25256 1 Fortinet 1 Fortisiem 2026-02-26 9.8 Critical
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests.
CVE-2025-54898 1 Microsoft 15 365, 365 Apps, Excel and 12 more 2026-02-26 7.8 High
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-32766 1 Fortinet 1 Fortiweb 2026-02-26 6.3 Medium
A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or commands via crafted CLI commands
CVE-2025-54899 1 Microsoft 15 365, 365 Apps, Excel and 12 more 2026-02-26 7.8 High
Free of memory not on the heap in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-49813 1 Fortinet 1 Fortiadc 2026-02-26 6.6 Medium
An improper neutralization of special elements used in an OS Command ("OS Command Injection") vulnerability [CWE-78] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a remote and authenticated attacker with low privilege to execute unauthorized code via specifically crafted HTTP parameters.
CVE-2025-54902 1 Microsoft 15 365, 365 Apps, Excel and 12 more 2026-02-26 7.8 High
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-54904 1 Microsoft 15 365, 365 Apps, Excel and 12 more 2026-02-26 7.8 High
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-54906 1 Microsoft 12 365 Apps, Office, Office 2016 and 9 more 2026-02-26 7.8 High
Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2023-45584 1 Fortinet 3 Fortios, Fortipam, Fortiproxy 2026-02-26 6.3 Medium
A double free vulnerability [CWE-415] vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.1, FortiProxy 7.2.0 through 7.2.7, FortiProxy 7.0.0 through 7.0.13 allows a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests.
CVE-2025-54908 1 Microsoft 10 365 Apps, Apps, Office and 7 more 2026-02-26 7.8 High
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2025-54919 1 Microsoft 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more 2026-02-26 7.5 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
CVE-2025-27759 1 Fortinet 1 Fortiweb 2026-02-26 6.7 Medium
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and before 7.0.10 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI commands
CVE-2025-55223 1 Microsoft 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more 2026-02-26 7 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-47857 1 Fortinet 1 Fortiweb 2026-02-26 6.5 Medium
A improper neutralization of special elements used in an os command ('os command injection') vulnerability [CWE-78] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or command via crafted CLI commands.
CVE-2025-55228 1 Microsoft 18 Windows, Windows 10, Windows 10 21h2 and 15 more 2026-02-26 7.8 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
CVE-2025-49560 1 Adobe 1 Substance 3d Viewer 2026-02-26 7.8 High
Substance3D - Viewer versions 0.25 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.