Export limit exceeded: 335857 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74900 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-48639 | 1 Google | 1 Android | 2026-02-26 | 7.3 High |
| In DefaultTransitionHandler.java, there is a possible way to unknowingly grant permissions to an app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2025-13042 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-26 | 8.8 High |
| Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-48625 | 1 Google | 1 Android | 2026-02-26 | 7 High |
| In multiple locations of UsbDataAdvancedProtectionHook.java, there is a possible way to access USB data when the screen is off due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-12100 | 1 Mongodb | 2 Connector For Bi, Mongodb | 2026-02-26 | 7.8 High |
| Incorrect Default Permissions vulnerability in MongoDB BI Connector ODBC driver allows Privilege Escalation.This issue affects BI Connector ODBC driver: from 1.0.0 through 1.4.6. | ||||
| CVE-2025-10495 | 1 Lenovo | 5 App Store, Browser, Legion Zone and 2 more | 2026-02-26 | 7.5 High |
| A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker on the same logical network to execute arbitrary code. | ||||
| CVE-2025-59500 | 1 Microsoft | 2 Azure, Azure Notification Service | 2026-02-26 | 7.7 High |
| Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-59273 | 1 Microsoft | 3 Azure, Azure Event Grid, Azure Event Grid System | 2026-02-26 | 7.3 High |
| Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-46428 | 1 Dell | 1 Smartfabric Os10 | 2026-02-26 | 8.8 High |
| Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. | ||||
| CVE-2025-14322 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-02-26 | 8 High |
| Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. | ||||
| CVE-2025-46427 | 1 Dell | 1 Smartfabric Os10 | 2026-02-26 | 8.8 High |
| Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. | ||||
| CVE-2025-14323 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-02-26 | 8.8 High |
| Privilege escalation in the DOM: Notifications component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. | ||||
| CVE-2025-10680 | 1 Openvpn | 1 Openvpn | 2026-02-26 | 8.8 High |
| OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use | ||||
| CVE-2025-14328 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-02-26 | 8.8 High |
| Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. | ||||
| CVE-2025-14329 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-02-26 | 8.8 High |
| Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. | ||||
| CVE-2025-14333 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-02-26 | 8.1 High |
| Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. | ||||
| CVE-2025-64740 | 2 Microsoft, Zoom | 6 Windows, Workplace, Workplace App and 3 more | 2026-02-26 | 7.5 High |
| Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access. | ||||
| CVE-2025-64741 | 2 Google, Zoom | 5 Android, Meeting Software Development Kit, Workplace and 2 more | 2026-02-26 | 8.1 High |
| Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access. | ||||
| CVE-2025-13659 | 1 Ivanti | 1 Endpoint Manager | 2026-02-26 | 8.8 High |
| Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required. | ||||
| CVE-2025-13661 | 1 Ivanti | 1 Endpoint Manager | 2026-02-26 | 7.1 High |
| Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required. | ||||
| CVE-2025-62484 | 1 Zoom | 4 Meeting Software Development Kit, Workplace, Workplace App and 1 more | 2026-02-26 | 8.1 High |
| Inefficient regular expression complexity in certain Zoom Workplace Clients before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access. | ||||