Export limit exceeded: 15487 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11494 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53791 | 1 Microsoft | 1 Edge Chromium | 2026-02-20 | 4.7 Medium |
| Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2025-33056 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-20 | 7.5 High |
| Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2025-54116 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2026-02-20 | 7.3 High |
| Improper access control in Windows MultiPoint Services allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-32722 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2026-02-20 | 5.5 Medium |
| Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-32714 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-20 | 7.8 High |
| Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54918 | 1 Microsoft | 28 Windows, Windows 10, Windows 10 1507 and 25 more | 2026-02-20 | 8.8 High |
| Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-70866 | 1 Lavalite | 2 Cms, Lavalite | 2026-02-19 | 8.8 High |
| LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges (User role) can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider without role-based access control verification. | ||||
| CVE-2025-61879 | 1 Infoblox | 1 Nios | 2026-02-19 | 7.7 High |
| In Infoblox NIOS through 9.0.7, a High-Privileged User Can Trigger an Arbitrary File Write via the Account Creation Mechanism. | ||||
| CVE-2023-29130 | 1 Siemens | 1 Simatic Cn 4100 Firmware | 2026-02-18 | 9.9 Critical |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of improper access controls in the configuration files that leads to privilege escalation. An attacker could gain admin access with this vulnerability leading to complete device control. | ||||
| CVE-2025-14714 | 3 Apple, Libreoffice, The Document Foundation | 3 Macos, Libreoffice, Libreoffice | 2026-02-18 | 6.5 Medium |
| An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle By executing the bundled interpreter directly the attacker's scripts run with the application's TCC privileges In fixed versions parent-constraints are used to allow only the main application to launch interpreter with those permissions This issue affects LibreOffice on macOS: from 25.2 before < 25.2.4. | ||||
| CVE-2024-50617 | 1 Cipplanner | 1 Cipace | 2026-02-13 | 7.5 High |
| Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files. An authenticated user can easily change the file id parameter or pass the physical file path in the URL query string to retrieve the files. (Retrieval is not intended without correct data access configured for documents.) | ||||
| CVE-2025-68707 | 1 Tycc | 2 Tongyu Ax1800, Tongyu Ax1800 Firmware | 2026-02-13 | 8.8 High |
| An authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Router with firmware 1.0.0 allows unauthenticated network-adjacent attackers to perform arbitrary configuration changes without providing credentials, as long as a valid admin session is active. This can result in full compromise of the device (i.e., via unauthenticated access to /boaform/formSaveConfig and /boaform/admin endpoints). | ||||
| CVE-2019-12749 | 3 Canonical, Freedesktop, Redhat | 5 Ubuntu Linux, Dbus, Enterprise Linux and 2 more | 2026-02-13 | 7.1 High |
| dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass. | ||||
| CVE-2025-21185 | 1 Microsoft | 1 Edge Chromium | 2026-02-13 | 6.5 Medium |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | ||||
| CVE-2025-21380 | 1 Microsoft | 2 Azure Marketplace, Marketplace Saas | 2026-02-13 | 8.8 High |
| Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network. | ||||
| CVE-2025-21340 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2026-02-13 | 5.5 Medium |
| Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability | ||||
| CVE-2025-21275 | 1 Microsoft | 14 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 11 more | 2026-02-13 | 7.8 High |
| Windows App Package Installer Elevation of Privilege Vulnerability | ||||
| CVE-2025-21213 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2026-02-13 | 4.6 Medium |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2025-21202 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2026-02-13 | 6.1 Medium |
| Windows Recovery Environment Agent Elevation of Privilege Vulnerability | ||||
| CVE-2025-21405 | 1 Microsoft | 1 Visual Studio 2022 | 2026-02-13 | 7.3 High |
| Visual Studio Elevation of Privilege Vulnerability | ||||