Export limit exceeded: 367154 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (367154 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59246 | 1 Microsoft | 2 Entra Id, Microsoft Entra Id | 2026-02-26 | 9.8 Critical |
| Azure Entra ID Elevation of Privilege Vulnerability | ||||
| CVE-2025-7691 | 1 Gitlab | 1 Gitlab | 2026-02-26 | 6.5 Medium |
| A privilege escalation issue has been discovered in GitLab EE affecting all versions from 16.6 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 that could have allowed a developer with specific group management permissions to escalate their privileges and obtain unauthorized access to additional system capabilities. | ||||
| CVE-2025-55321 | 1 Microsoft | 1 Azure Monitor | 2026-02-26 | 9.3 Critical |
| Improper neutralization of input during web page generation ('cross-site scripting') in Azure Monitor allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-59252 | 1 Microsoft | 3 365, 365 Copilot, 365 Word Copilot | 2026-02-26 | 9.3 Critical |
| Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-59271 | 1 Microsoft | 3 Azure Cache For Redis, Azure Cache For Redis Enterprise, Azure Managed Redis | 2026-02-26 | 8.7 High |
| Redis Enterprise Elevation of Privilege Vulnerability | ||||
| CVE-2025-41244 | 4 Debian, Linux, Microsoft and 1 more | 10 Debian Linux, Linux Kernel, Windows and 7 more | 2026-02-26 | 7.8 High |
| VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM. | ||||
| CVE-2025-25010 | 1 Elastic | 1 Kibana | 2026-02-26 | 6.5 Medium |
| Incorrect authorization in Kibana can lead to privilege escalation via the built-in reporting_user role which incorrectly has the ability to access all Kibana Spaces. | ||||
| CVE-2025-59272 | 1 Microsoft | 4 365, 365 Copilot, 365 Copilot Business Chat and 1 more | 2026-02-26 | 9.3 Critical |
| Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to perform information disclosure locally. | ||||
| CVE-2025-59286 | 1 Microsoft | 4 365, 365 Copilot, 365 Copilot Business Chat and 1 more | 2026-02-26 | 9.3 Critical |
| Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-57819 | 2 Freepbx, Sangoma | 2 Freepbx, Freepbx | 2026-02-26 | 9.8 Critical |
| FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3. | ||||
| CVE-2025-21044 | 1 Samsung | 1 Android | 2026-02-26 | 5.7 Medium |
| Out-of-bounds write in fingerprint trustlet prior to SMR Oct-2025 Release 1 allows local privileged attackers to write out-of-bounds memory. | ||||
| CVE-2025-58334 | 1 Jetbrains | 1 Ide Services | 2026-02-26 | 8.1 High |
| In JetBrains IDE Services before 2025.5.0.1086, 2025.4.2.2164 users without appropriate permissions could assign high-privileged role for themselves | ||||
| CVE-2025-34196 | 2 Microsoft, Vasion | 4 Windows, Print Application, Virtual Appliance Application and 1 more | 2026-02-26 | 9.8 Critical |
| Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application prior to 25.1.1413 (Windows client deployments) contain a hardcoded private key for the PrinterLogic Certificate Authority (CA) and a hardcoded password in product configuration files. The Windows client ships the CA certificate and its associated private key (and other sensitive settings such as a configured password) directly in shipped configuration files (for example clientsettings.dat and defaults.ini). An attacker who obtains these files can impersonate the CA, sign arbitrary certificates trusted by the Windows client, intercept or decrypt TLS-protected communications, and otherwise perform man-in-the-middle or impersonation attacks against the product's network communications. This vulnerability has been identified by the vendor as: V-2022-001 — Configuration File Contains CA & Private Key. | ||||
| CVE-2025-21048 | 1 Samsung | 2 Android, Mobile Devices | 2026-02-26 | 6.7 Medium |
| Relative path traversal in Knox Enterprise prior to SMR Oct-2025 Release 1 allows local attackers to execute arbitrary code. | ||||
| CVE-2025-45376 | 1 Dell | 1 Repository Manager | 2026-02-26 | 7.5 High |
| Dell Repository Manager (DRM), versions 3.4.7 and 3.4.8, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | ||||
| CVE-2025-21062 | 1 Samsung | 1 Smart Switch | 2026-02-26 | 7.8 High |
| Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.67.2 allows local attackers to replace the restoring application. User interaction is required for triggering this vulnerability. | ||||
| CVE-2025-21064 | 1 Samsung | 1 Smart Switch | 2026-02-26 | 8.8 High |
| Improper authentication in Smart Switch prior to version 3.7.66.6 allows adjacent attackers to access transferring data. | ||||
| CVE-2025-34212 | 1 Vasion | 2 Virtual Appliance Application, Virtual Appliance Host | 2026-02-26 | 9.8 Critical |
| Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.843 and Application prior to version 20.0.1923 (VA/SaaS deployments) possess CI/CD weaknesses: the build pulls an unverified third-party image, downloads the VirtualBox Extension Pack over plain HTTP without signature validation, and grants the jenkins account NOPASSWD for mount/umount. Together these allow supply chain or man-in-the-middle compromise of the build pipeline, injection of malicious firmware, and remote code execution as root on the CI host. This vulnerability has been identified by the vendor as: V-2023-007 — Supply Chain Attack. | ||||
| CVE-2025-55177 | 3 Apple, Facebook, Whatsapp | 7 Ios, Macos, Facebook and 4 more | 2026-02-26 | 5.4 Medium |
| Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users. | ||||
| CVE-2025-25018 | 1 Elastic | 1 Kibana | 2026-02-26 | 8.7 High |
| Improper Neutralization of Input During Web Page Generation in Kibana can lead to stored Cross-Site Scripting (XSS) | ||||