Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1592 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12480 | 1 Gladinet | 1 Triofox | 2026-02-26 | 9.1 Critical |
| Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete. | ||||
| CVE-2025-59230 | 1 Microsoft | 31 Remote, Windows, Windows 10 and 28 more | 2026-02-26 | 7.8 High |
| Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59287 | 1 Microsoft | 12 Server, Server Service, Windows Server and 9 more | 2026-02-26 | 9.8 Critical |
| Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-55182 | 2 Facebook, Vercel | 5 React, React-server-dom-parcel, React-server-dom-turbopack and 2 more | 2026-02-26 | 10 Critical |
| A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints. | ||||
| CVE-2025-66644 | 1 Arraynetworks | 15 Ag1000, Ag1000t, Ag1000v5 and 12 more | 2026-02-26 | 7.2 High |
| Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025. | ||||
| CVE-2025-48572 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In multiple locations, there is a possible way to launch activities from the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-61932 | 1 Motex | 1 Lanscope Endpoint Manager | 2026-02-26 | N/A |
| Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets. | ||||
| CVE-2025-61757 | 1 Oracle | 1 Identity Manager | 2026-02-26 | 9.8 Critical |
| Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in takeover of Identity Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | ||||
| CVE-2025-62215 | 1 Microsoft | 19 Windows 10, Windows 10 1809, Windows 10 21h2 and 16 more | 2026-02-26 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-48633 | 1 Google | 1 Android | 2026-02-26 | 5.5 Medium |
| In hasAccountsOnAnyUser of DevicePolicyManagerService.java, there is a possible way to add a Device Owner after provisioning due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-64446 | 1 Fortinet | 1 Fortiweb | 2026-02-26 | 9.4 Critical |
| A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests. | ||||
| CVE-2025-13223 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-26 | 8.8 High |
| Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-58034 | 1 Fortinet | 1 Fortiweb | 2026-02-26 | 6.7 Medium |
| An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands. | ||||
| CVE-2025-8110 | 1 Gogs | 1 Gogs | 2026-02-26 | 8.8 High |
| Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code. | ||||
| CVE-2025-14174 | 4 Apple, Google, Linux and 1 more | 11 Ipados, Iphone Os, Macos and 8 more | 2026-02-26 | 8.8 High |
| Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-14611 | 1 Gladinet | 2 Centrestack, Triofox | 2026-02-26 | 9.8 Critical |
| Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted request without authentication. This opens the door for future exploitation and can be leveraged with previous vulnerabilities to gain a full system compromise. | ||||
| CVE-2025-37164 | 1 Hpe | 1 Oneview | 2026-02-26 | 10 Critical |
| A remote code execution issue exists in HPE OneView. | ||||
| CVE-2025-59374 | 1 Asus | 1 Live Update | 2026-02-26 | 9.8 Critical |
| "UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected. The Live Update client has already reached End-of-Support (EOS) in October 2021, and no currently supported devices or products are affected by this issue. | ||||
| CVE-2025-20393 | 1 Cisco | 24 Asyncos, Secure Email, Secure Email And Web Manager and 21 more | 2026-02-26 | 10 Critical |
| A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is due to insufficient validation of HTTP requests by the Spam Quarantine feature. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. | ||||
| CVE-2025-68461 | 1 Roundcube | 1 Webmail | 2026-02-26 | 7.2 High |
| Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document. | ||||