Export limit exceeded: 363262 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363262 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-50154 | 1 Microsoft | 27 Windows, Windows 10 1507, Windows 10 1607 and 24 more | 2026-02-13 | 6.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-50153 | 1 Microsoft | 25 Server, Windows, Windows 10 and 22 more | 2026-02-13 | 7.8 High |
| Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49762 | 1 Microsoft | 29 Windows, Windows 10, Windows 10 1507 and 26 more | 2026-02-13 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49759 | 1 Microsoft | 6 Server, Sql Server, Sql Server 2016 and 3 more | 2026-02-13 | 8.8 High |
| Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-49743 | 1 Microsoft | 29 Windows, Windows 10, Windows 10 1507 and 26 more | 2026-02-13 | 6.7 Medium |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-53781 | 1 Microsoft | 34 Dcadsv5 Series Azure Vm, Dcasv5 Series Azure Vm, Dcedsv5 Series Azure Vm and 31 more | 2026-02-13 | 7.7 High |
| Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network. | ||||
| CVE-2025-53761 | 1 Microsoft | 11 365, 365 Apps, Office and 8 more | 2026-02-13 | 7.8 High |
| Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-53760 | 1 Microsoft | 4 Sharepoint Enterprise Server 2016, Sharepoint Server, Sharepoint Server 2016 and 1 more | 2026-02-13 | 7.1 High |
| Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-53730 | 1 Microsoft | 8 365, 365 Apps, Office and 5 more | 2026-02-13 | 7.8 High |
| Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-53727 | 1 Microsoft | 6 Sql 2016 Azure Connect Feature Pack, Sql Server, Sql Server 2016 and 3 more | 2026-02-13 | 8.8 High |
| Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-49758 | 1 Microsoft | 6 Sql 2016 Azure Connect Feature Pack, Sql Server, Sql Server 2016 and 3 more | 2026-02-13 | 8.8 High |
| Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-49745 | 1 Microsoft | 1 Dynamics 365 | 2026-02-13 | 5.4 Medium |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-49751 | 1 Microsoft | 25 Hyper-v, Server, Windows and 22 more | 2026-02-13 | 6.8 Medium |
| Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. | ||||
| CVE-2025-51958 | 1 Aelsantex | 1 Runcommand | 2026-02-13 | 9.8 Critical |
| aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/plugins/runcommand/postaction.php. | ||||
| CVE-2024-41355 | 1 Phpipam | 1 Phpipam | 2026-02-13 | 6.5 Medium |
| phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/tools/request-ip/index.php. | ||||
| CVE-2023-4451 | 2 Agentejo, Cockpit-hq | 2 Cockpit, Cockpit | 2026-02-13 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4. | ||||
| CVE-2023-0676 | 1 Phpipam | 1 Phpipam | 2026-02-13 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1. | ||||
| CVE-2021-35438 | 1 Phpipam | 1 Phpipam | 2026-02-13 | 6.1 Medium |
| phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator. | ||||
| CVE-2018-15899 | 1 1234n | 1 Minicms | 2026-02-13 | N/A |
| An issue was discovered in MiniCMS 1.10. There is a post.php?date= XSS vulnerability. | ||||
| CVE-2017-6541 | 1 Webpagetest Project | 1 Webpagetest | 2026-02-13 | N/A |
| Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, time) passed to the webpagetest-master/www/benchmarks/viewtest.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | ||||