Export limit exceeded: 366787 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366787 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366787 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-16856 | 1 Microsoft | 3 Visual Studio, Visual Studio 2017, Visual Studio 2019 | 2026-02-23 | 7.8 High |
| <p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file with an affected version of Visual Studio.</p> <p>The update addresses the vulnerability by correcting how Visual Studio handles objects in memory.</p> | ||||
| CVE-2020-16855 | 1 Microsoft | 1 Office | 2026-02-23 | 5.5 Medium |
| <p>An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software.</p> <p>The security update addresses the vulnerability by properly initializing the affected variable.</p> | ||||
| CVE-2020-16854 | 1 Microsoft | 15 Windows 10, Windows 10 1507, Windows 10 1607 and 12 more | 2026-02-23 | 5.5 Medium |
| <p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p> <p>To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.</p> <p>The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.</p> | ||||
| CVE-2020-16853 | 1 Microsoft | 1 Onedrive | 2026-02-23 | 7.1 High |
| <p>An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevated status.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and delete a targeted file with an elevated status.</p> <p>The update addresses this vulnerability by correcting where the OneDrive updater performs file writes while running with elevation.</p> | ||||
| CVE-2020-16852 | 1 Microsoft | 1 Onedrive | 2026-02-23 | 7.1 High |
| <p>An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevated status.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and delete a targeted file with an elevated status.</p> <p>The update addresses this vulnerability by correcting where the OneDrive updater performs file writes while running with elevation.</p> | ||||
| CVE-2020-16851 | 1 Microsoft | 1 Onedrive | 2026-02-23 | 7.1 High |
| <p>An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevated status.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and delete a targeted file with an elevated status.</p> <p>The update addresses this vulnerability by correcting where the OneDrive updater performs file writes while running with elevation.</p> | ||||
| CVE-2020-16228 | 1 Philips | 24 Intellivue Mp2-mp90, Intellivue Mp2-mp90 Firmware, Intellivue Mx100 and 21 more | 2026-02-23 | 6.4 Medium |
| In Patient Information Center iX (PICiX) Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and prior, the software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a compromised certificate. | ||||
| CVE-2020-16224 | 1 Philips | 1 Patient Information Center Ix | 2026-02-23 | 6.5 Medium |
| In Patient Information Center iX (PICiX) Versions C.02, C.03, the software parses a formatted message or structure but does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data, causing the application on the surveillance station to restart. | ||||
| CVE-2020-16222 | 1 Philips | 2 Patient Information Center Ix, Performancebridge Focal Point | 2026-02-23 | 8.8 High |
| In Patient Information Center iX (PICiX) Version B.02, C.02, C.03, and PerformanceBridge Focal Point Version A.01, when an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct. | ||||
| CVE-2020-16220 | 1 Philips | 2 Patient Information Center Ix, Performancebridge Focal Point | 2026-02-23 | 4.3 Medium |
| In Patient Information Center iX (PICiX) Versions C.02, C.03, PerformanceBridge Focal Point Version A.01, the product receives input that is expected to be well-formed (i.e., to comply with a certain syntax) but it does not validate or incorrectly validates that the input complies with the syntax, causing the certificate enrollment service to crash. It does not impact monitoring but prevents new devices from enrolling. | ||||
| CVE-2020-16218 | 1 Philips | 1 Patient Information Center Ix | 2026-02-23 | 3.5 Low |
| In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access to patient data via a read-only web application. | ||||
| CVE-2020-16216 | 1 Philips | 24 Intellivue Mp2-mp90, Intellivue Mp2-mp90 Firmware, Intellivue Mx100 and 21 more | 2026-02-23 | 6.5 Medium |
| In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, the product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly, which can induce a denial-of-service condition through a system restart. | ||||
| CVE-2020-16214 | 1 Philips | 1 Patient Information Center Ix | 2026-02-23 | 5.0 Medium |
| In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. | ||||
| CVE-2020-14498 | 1 Hms-networks | 1 Ecatcher | 2026-02-23 | 9.6 Critical |
| HMS Industrial Networks AB eCatcher all versions prior to 6.5.5 is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2021-36343 | 1 Dell | 822 Alienware 13 R3, Alienware 13 R3 Firmware, Alienware 15 R3 and 819 more | 2026-02-23 | 7.5 High |
| Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | ||||
| CVE-2021-36342 | 1 Dell | 822 Alienware 13 R3, Alienware 13 R3 Firmware, Alienware 15 R3 and 819 more | 2026-02-23 | 7.5 High |
| Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | ||||
| CVE-2022-2290 | 1 Triliumnotes | 1 Trilium | 2026-02-23 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository zadam/trilium prior to 0.52.4, 0.53.1-beta. | ||||
| CVE-2025-70152 | 2 Code-projects, Fabian | 2 Scholars Tracking System, Scholars Tracking System | 2026-02-23 | 9.8 Critical |
| code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/save_user.php and /admin/update_user.php. These endpoints lack authentication checks and directly concatenate user-supplied POST parameters (firstname, lastname, username, password, user_id) into SQL queries without validation or parameterization. | ||||
| CVE-2025-13455 | 1 Lenovo | 8 Thinkplus Fu100, Thinkplus Fu100 Firmware, Thinkplus Fu200 and 5 more | 2026-02-23 | 7.8 High |
| A vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to bypass ThinkPlus device authentication and enroll an untrusted fingerprint. | ||||
| CVE-2025-70151 | 2 Code-projects, Fabian | 2 Scholars Tracking System, Scholars Tracking System | 2026-02-23 | 8.8 High |
| code-projects Scholars Tracking System 1.0 allows an authenticated attacker to achieve remote code execution via unrestricted file upload. The endpoints update_profile_picture.php and upload_picture.php store uploaded files in a web-accessible uploads/ directory using the original, user-supplied filename without validating the file type or extension. By uploading a PHP file and then requesting it from /uploads/, an attacker can execute arbitrary PHP code as the web server user. | ||||