Export limit exceeded: 335648 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 74842 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74842 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-9458 | 1 Autodesk | 16 3ds Max, Advance Steel, Autocad and 13 more | 2026-02-26 | 7.8 High |
| A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2025-55693 | 1 Microsoft | 8 Windows, Windows 11, Windows 11 24h2 and 5 more | 2026-02-26 | 7.4 High |
| Use after free in Windows Kernel allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2025-36186 | 1 Ibm | 1 Db2 | 2026-02-26 | 7.4 High |
| IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) under specific configurations could allow a local user to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level. | ||||
| CVE-2025-55694 | 1 Microsoft | 10 Windows, Windows 11, Windows 11 24h2 and 7 more | 2026-02-26 | 7.8 High |
| Improper access control in Windows Error Reporting allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-37736 | 1 Elastic | 1 Elastic Cloud Enterprise | 2026-02-26 | 8.8 High |
| Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is: post:/platform/configuration/security/service-accounts delete:/platform/configuration/security/service-accounts/{user_id} patch:/platform/configuration/security/service-accounts/{user_id} post:/platform/configuration/security/service-accounts/{user_id}/keys delete:/platform/configuration/security/service-accounts/{user_id}/keys/{api_key_id} patch:/user post:/users post:/users/auth/keys delete:/users/auth/keys delete:/users/auth/keys/_all delete:/users/auth/keys/{api_key_id} delete:/users/{user_id}/auth/keys delete:/users/{user_id}/auth/keys/{api_key_id} delete:/users/{user_name} patch:/users/{user_name} | ||||
| CVE-2025-55697 | 1 Microsoft | 7 Azure, Azure Local, Windows Server and 4 more | 2026-02-26 | 7.8 High |
| Heap-based buffer overflow in Azure Local allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-12907 | 1 Google | 1 Chrome | 2026-02-26 | 8.8 High |
| Insufficient validation of untrusted input in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to execute arbitrary code via user action in Devtools. (Chromium security severity: Low) | ||||
| CVE-2025-58718 | 1 Microsoft | 35 Remote, Remote Desktop, Remote Desktop Client and 32 more | 2026-02-26 | 8.8 High |
| Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-64685 | 1 Jetbrains | 1 Youtrack | 2026-02-26 | 8.1 High |
| In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure | ||||
| CVE-2025-58720 | 1 Microsoft | 22 Windows, Windows 10, Windows 10 1809 and 19 more | 2026-02-26 | 7.8 High |
| Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-64456 | 1 Jetbrains | 1 Resharper | 2026-02-26 | 8.4 High |
| In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation | ||||
| CVE-2025-58724 | 1 Microsoft | 6 Arc Enabled Servers Azure Connected Machine Agent, Azure, Azure Agent and 3 more | 2026-02-26 | 7.8 High |
| Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-58726 | 1 Microsoft | 30 Windows, Windows 10, Windows 10 1507 and 27 more | 2026-02-26 | 7.5 High |
| Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-58730 | 1 Microsoft | 30 Windows, Windows 10, Windows 10 1507 and 27 more | 2026-02-26 | 7 High |
| Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-46430 | 1 Dell | 1 Display And Peripheral Manager | 2026-02-26 | 7.3 High |
| Dell Display and Peripheral Manager, versions prior to 2.1.2.12, contains an Execution with Unnecessary Privileges vulnerability in the Installer. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. | ||||
| CVE-2025-58731 | 1 Microsoft | 15 Windows, Windows 11, Windows 11 22h2 and 12 more | 2026-02-26 | 7 High |
| Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-58733 | 1 Microsoft | 32 Windows, Windows 10, Windows 10 1507 and 29 more | 2026-02-26 | 7 High |
| Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-12967 | 1 Amazon | 2 Aurora, Rds | 2026-02-26 | 8 High |
| An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users. We recommend customers upgrade to the following versions: AWS JDBC Wrapper to v2.6.5, AWS Go Wrapper to 2025-10-17, AWS NodeJS Wrapper to v2.0.1, AWS Python Wrapper to v1.4.0 and AWS PGSQL ODBC driver to v1.0.1 | ||||
| CVE-2025-58734 | 1 Microsoft | 24 Windows, Windows 10 1507, Windows 10 1607 and 21 more | 2026-02-26 | 7 High |
| Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-12428 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-26 | 8.8 High |
| Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | ||||