Export limit exceeded: 345004 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9077 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-36633 | 2 Microsoft, Tenable | 2 Windows, Nessus Agent | 2026-02-26 | 8.8 High |
| In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could arbitrarily delete local system files with SYSTEM privilege, potentially leading to local privilege escalation. | ||||
| CVE-2025-50069 | 1 Oracle | 2 Database - Java Vm, Java Virtual Machine | 2026-02-26 | 7.7 High |
| Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.27 and 21.3-21.18. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java VM accessible data. CVSS 3.1 Base Score 7.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). | ||||
| CVE-2025-6177 | 1 Google | 1 Chrome Os | 2026-02-26 | 7.4 High |
| Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell (VT3 console) accessible through specific key combinations during developer mode entry and MiniOS access, even when developer mode is blocked by device policy or Firmware Write Protect (FWMP). | ||||
| CVE-2025-53024 | 1 Oracle | 1 Vm Virtualbox | 2026-02-26 | 8.2 High |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). | ||||
| CVE-2025-53025 | 1 Oracle | 1 Vm Virtualbox | 2026-02-26 | 6 Medium |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). | ||||
| CVE-2025-4879 | 1 Citrix | 1 Workspace | 2026-02-26 | 7.8 High |
| Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows | ||||
| CVE-2025-53027 | 1 Oracle | 1 Vm Virtualbox | 2026-02-26 | 8.2 High |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). | ||||
| CVE-2025-0320 | 2 Citrix, Microsoft | 2 Secure Access Client, Windows | 2026-02-26 | 7.8 High |
| Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows | ||||
| CVE-2025-53030 | 1 Oracle | 1 Vm Virtualbox | 2026-02-26 | 6 Medium |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). | ||||
| CVE-2025-20282 | 1 Cisco | 2 Identity Services Engine, Identity Services Engine Passive Identity Connector | 2026-02-26 | 10 Critical |
| A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root. This vulnerability is due a lack of file validation checks that would prevent uploaded files from being placed in privileged directories on an affected system. An attacker could exploit this vulnerability by uploading a crafted file to the affected device. A successful exploit could allow the attacker to store malicious files on the affected system and then execute arbitrary code or obtain root privileges on the system. | ||||
| CVE-2025-22165 | 1 Atlassian | 1 Sourcetree | 2026-02-26 | 7.3 High |
| This Medium severity ACE (Arbitrary Code Execution) vulnerability was introduced in version 4.2.8 of Sourcetree for Mac. This ACE (Arbitrary Code Execution) vulnerability, with a CVSS Score of 5.9, allows a locally authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Sourcetree for Mac users upgrade to the latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://www.sourcetreeapp.com/download-archives . You can download the latest version of Sourcetree for Mac from the download center https://www.sourcetreeapp.com/download-archives . This vulnerability was found through the Atlassian Bug Bounty Program by Karol Mazurek (AFINE). | ||||
| CVE-2025-26513 | 1 Netapp | 2 San Host Utilities, Windows Host Utilities | 2026-02-26 | 7 High |
| The installer for SAN Host Utilities for Windows versions prior to 8.0 is susceptible to a vulnerability which when successfully exploited could allow a local user to escalate their privileges. | ||||
| CVE-2025-42936 | 1 Sap | 2 Netweaver Application Server For Abap, Sap Basis | 2026-02-26 | 5.4 Medium |
| The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user roles, this issue allows authenticated users to access restricted objects in the barcode interface, leading to privilege escalation. This results in a low impact on the confidentiality and integrity of the application, there is no impact on availability. | ||||
| CVE-2025-36890 | 1 Google | 1 Android | 2026-02-26 | 9.8 Critical |
| Elevation of Privilege | ||||
| CVE-2025-36891 | 1 Google | 1 Android | 2026-02-26 | 8.8 High |
| Elevation of privilege | ||||
| CVE-2025-36896 | 1 Google | 1 Android | 2026-02-26 | 9.8 Critical |
| WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-394765106. | ||||
| CVE-2025-36901 | 1 Google | 2 Android, Pixel | 2026-02-26 | 8.8 High |
| WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396462223. | ||||
| CVE-2025-36904 | 1 Google | 1 Android | 2026-02-26 | 9.8 Critical |
| WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396458384. | ||||
| CVE-2025-26425 | 1 Google | 1 Android | 2026-02-26 | 4 Medium |
| In multiple functions of RoleService.java, there is a possible permission squatting vulnerability due to a logic error in the code. This could lead to local escalation of privilege on versions of Android where android.permission.MANAGE_DEFAULT_APPLICATIONS was not defined with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-26435 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||