Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 11725 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11725 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-22021 | 1 Veeam | 3 Availability Orchestrator, Disaster Recovery Orchestrator, Recovery Orchestrator | 2026-03-02 | 4.3 Medium |
| Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to. | ||||
| CVE-2025-53786 | 1 Microsoft | 5 Exchange, Exchange Server, Exchange Server 2016 and 2 more | 2026-02-27 | 8 High |
| On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation, Microsoft identified specific security implications tied to the guidance and configuration steps outlined in the April announcement. Microsoft is issuing CVE-2025-53786 to document a vulnerability that is addressed by taking the steps documented with the April 18th announcement. Microsoft strongly recommends reading the information, installing the April 2025 (or later) Hot Fix and implementing the changes in your Exchange Server and hybrid environment. | ||||
| CVE-2026-1707 | 1 Pgadmin | 1 Pgadmin 4 | 2026-02-26 | 7.4 High |
| pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract the `\restrict` key in real time, and race the restore process by overwriting the restore script with a payload that re-enables meta-commands using `\unrestrict <key>`. This results in reliable command execution on the pgAdmin host during the restore operation. | ||||
| CVE-2025-70833 | 2 Lkw199711, Pocketmanga | 2 Smanga, Smanga | 2026-02-26 | 9.4 Critical |
| An Authentication Bypass vulnerability in Smanga 3.2.7 allows an unauthenticated attacker to reset the password of any user (including the administrator) and fully takeover the account by manipulating POST parameters. The issue stems from insecure permission validation in check-power.php. | ||||
| CVE-2025-64121 | 2 Nuvation Energy, Nuvationenergy | 6 Multi-stack Controller, Nplatform, Nuvmsc3-04s-c and 3 more | 2026-02-26 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Authentication Bypass.This issue affects Multi-Stack Controller (MSC): from 2.3.8 before 2.5.1. | ||||
| CVE-2025-63409 | 2 Gcom, Gcomtw | 3 Epon 1ge C00r371v00b01, Gcom Epon 1ge, Gcom Epon 1ge Firmware | 2026-02-26 | 8.8 High |
| Privilege escalation and improper access control in GCOM EPON 1GE C00R371V00B01 allows remote authenticated users to modify administrator only settings and extract administrator credentials. | ||||
| CVE-2025-69985 | 1 Frangoteam | 1 Fuxa | 2026-02-26 | 9.8 Critical |
| FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution (RCE). The vulnerability exists in the server/api/jwt-helper.js middleware, which improperly trusts the HTTP "Referer" header to validate internal requests. A remote unauthenticated attacker can bypass JWT authentication by spoofing the Referer header to match the server's host. Successful exploitation allows the attacker to access the protected /api/runscript endpoint and execute arbitrary Node.js code on the server. | ||||
| CVE-2024-53704 | 1 Sonicwall | 24 Nsa 2700, Nsa 3700, Nsa 4700 and 21 more | 2026-02-26 | 8.2 High |
| An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication. | ||||
| CVE-2024-55591 | 1 Fortinet | 2 Fortios, Fortiproxy | 2026-02-26 | 9.6 Critical |
| An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module. | ||||
| CVE-2021-22126 | 1 Fortinet | 1 Fortiwlc | 2026-02-26 | 6.5 Medium |
| A use of hard-coded password vulnerability in FortiWLC version 8.5.2 and below, version 8.4.8 and below, version 8.3.3 to 8.3.2, version 8.2.7 to 8.2.6 may allow a local, authenticated attacker to connect to the managed Access Point (Meru AP and FortiAP-U) as root using the default hard-coded username and password. | ||||
| CVE-2023-47539 | 1 Fortinet | 1 Fortimail | 2026-02-26 | 9 Critical |
| An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request. | ||||
| CVE-2025-21293 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2026-02-26 | 8.8 High |
| Active Directory Domain Services Elevation of Privilege Vulnerability | ||||
| CVE-2024-51459 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2026-02-26 | 8.4 High |
| IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handling of permissions. | ||||
| CVE-2025-21348 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2026-02-26 | 7.2 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2025-2746 | 1 Kentico | 1 Xperience | 2026-02-26 | 9.8 Critical |
| An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.172. | ||||
| CVE-2025-2747 | 1 Kentico | 1 Xperience | 2026-02-26 | 9.8 Critical |
| An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.178. | ||||
| CVE-2024-58105 | 1 Trendmicro | 1 Apex One | 2026-02-26 | 7.3 High |
| A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. This CVE address an addtional bypass not covered in CVE-2024-58104. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2025-24418 | 1 Adobe | 1 Adobe Commerce | 2026-02-26 | 8.1 High |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. | ||||
| CVE-2025-20229 | 1 Splunk | 3 Splunk, Splunk Cloud Platform, Splunk Enterprise | 2026-02-26 | 8 High |
| In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) through a file upload to the "$SPLUNK_HOME/var/run/splunk/apptemp" directory due to missing authorization checks. | ||||
| CVE-2025-24411 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2026-02-26 | 8.1 High |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access affecting Confidentiality and Integrity. Exploitation of this issue does not require user interaction. | ||||