Export limit exceeded: 335279 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74723 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-22434 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In handleKeyGestureEvent of PhoneWindowManager.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-22437 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-22438 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In afterKeyEventLockedInterruptable of InputDispatcher.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-22439 | 1 Google | 1 Android | 2026-02-26 | 7.3 High |
| In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2025-53787 | 1 Microsoft | 4 365, 365 Copilot, 365 Copilot Business Chat and 1 more | 2026-02-26 | 8.2 High |
| Microsoft 365 Copilot BizChat Information Disclosure Vulnerability | ||||
| CVE-2025-22442 | 1 Google | 1 Android | 2026-02-26 | 7 High |
| In multiple functions of DevicePolicyManagerService.java, there is a possible way to install unauthorized applications into a newly created work profile due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-8088 | 3 Dtsearch, Microsoft, Rarlab | 3 Dtsearch, Windows, Winrar | 2026-02-26 | 8.8 High |
| A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. | ||||
| CVE-2023-21475 | 1 Samsung | 3 Android, Mobile, Samsung Mobile | 2026-02-26 | 8 High |
| Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code. | ||||
| CVE-2023-21476 | 1 Samsung | 3 Android, Mobile, Samsung Mobile | 2026-02-26 | 8 High |
| Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code. | ||||
| CVE-2025-36119 | 1 Ibm | 1 I | 2026-02-26 | 7.1 High |
| IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i (DCM) due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions in DCM as an administrator. | ||||
| CVE-2023-21477 | 1 Samsung | 3 Android, Mobile, Samsung Mobile | 2026-02-26 | 7.9 High |
| Access of Memory Location After End of Buffer vulnerability in TIGERF trustlet prior to SMR Apr-2023 Release 1 allows local attackers to access protected data. | ||||
| CVE-2025-8747 | 1 Keras | 1 Keras | 2026-02-26 | 7.8 High |
| A safe mode bypass vulnerability in the `Model.load_model` method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted `.keras` model archive. | ||||
| CVE-2025-9817 | 1 Wireshark | 1 Wireshark | 2026-02-26 | 7.8 High |
| SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service | ||||
| CVE-2025-9866 | 1 Google | 1 Chrome | 2026-02-26 | 8.8 High |
| Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-42951 | 1 Sap | 1 Business One | 2026-02-26 | 8.8 High |
| Due to broken authorization, SAP Business One (SLD) allows an authenticated attacker to gain administrator privileges of a database by invoking the corresponding API.�As a result , it has a high impact on the confidentiality, integrity, and availability of the application. | ||||
| CVE-2025-36891 | 1 Google | 1 Android | 2026-02-26 | 8.8 High |
| Elevation of privilege | ||||
| CVE-2025-36898 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| There is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36899 | 1 Google | 1 Android | 2026-02-26 | 8.4 High |
| There is a possible escalation of privilege due to test/debugging code left in a production build. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-8296 | 1 Ivanti | 1 Avalanche | 2026-02-26 | 7.2 High |
| SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this can also lead to remote code execution | ||||
| CVE-2025-8297 | 1 Ivanti | 1 Avalanche | 2026-02-26 | 7.2 High |
| Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution | ||||