Export limit exceeded: 10202 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364488 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364488 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54106 | 1 Microsoft | 8 Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and 5 more | 2026-02-26 | 8.8 High |
| Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-49557 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2026-02-26 | 8.7 High |
| Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed. | ||||
| CVE-2025-54896 | 1 Microsoft | 15 365, 365 Apps, Excel and 12 more | 2026-02-26 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54897 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2026-02-26 | 8.8 High |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-25256 | 1 Fortinet | 1 Fortisiem | 2026-02-26 | 9.8 Critical |
| An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests. | ||||
| CVE-2025-54898 | 1 Microsoft | 15 365, 365 Apps, Excel and 12 more | 2026-02-26 | 7.8 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-32766 | 1 Fortinet | 1 Fortiweb | 2026-02-26 | 6.3 Medium |
| A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or commands via crafted CLI commands | ||||
| CVE-2025-54899 | 1 Microsoft | 15 365, 365 Apps, Excel and 12 more | 2026-02-26 | 7.8 High |
| Free of memory not on the heap in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-49813 | 1 Fortinet | 1 Fortiadc | 2026-02-26 | 6.6 Medium |
| An improper neutralization of special elements used in an OS Command ("OS Command Injection") vulnerability [CWE-78] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a remote and authenticated attacker with low privilege to execute unauthorized code via specifically crafted HTTP parameters. | ||||
| CVE-2025-54902 | 1 Microsoft | 15 365, 365 Apps, Excel and 12 more | 2026-02-26 | 7.8 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54904 | 1 Microsoft | 15 365, 365 Apps, Excel and 12 more | 2026-02-26 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54906 | 1 Microsoft | 12 365 Apps, Office, Office 2016 and 9 more | 2026-02-26 | 7.8 High |
| Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2023-45584 | 1 Fortinet | 3 Fortios, Fortipam, Fortiproxy | 2026-02-26 | 6.3 Medium |
| A double free vulnerability [CWE-415] vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.1, FortiProxy 7.2.0 through 7.2.7, FortiProxy 7.0.0 through 7.0.13 allows a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests. | ||||
| CVE-2025-54908 | 1 Microsoft | 10 365 Apps, Apps, Office and 7 more | 2026-02-26 | 7.8 High |
| Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54919 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2026-02-26 | 7.5 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. | ||||
| CVE-2025-27759 | 1 Fortinet | 1 Fortiweb | 2026-02-26 | 6.7 Medium |
| An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and before 7.0.10 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI commands | ||||
| CVE-2025-55223 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2026-02-26 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-47857 | 1 Fortinet | 1 Fortiweb | 2026-02-26 | 6.5 Medium |
| A improper neutralization of special elements used in an os command ('os command injection') vulnerability [CWE-78] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or command via crafted CLI commands. | ||||
| CVE-2025-55228 | 1 Microsoft | 18 Windows, Windows 10, Windows 10 21h2 and 15 more | 2026-02-26 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. | ||||
| CVE-2025-49560 | 1 Adobe | 1 Substance 3d Viewer | 2026-02-26 | 7.8 High |
| Substance3D - Viewer versions 0.25 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||