Export limit exceeded: 74891 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74891 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-11493 | 1 Connectwise | 1 Automate | 2026-02-26 | 8.8 High |
| The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. This creates a risk where an on-path attacker could perform a man-in-the-middle attack and substitute malicious files for legitimate ones by impersonating a legitimate server. This risk is mitigated when HTTPS is enforced and is related to CVE-2025-11492. | ||||
| CVE-2025-48565 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In multiple locations, there is a possible way to bypass the cross profile intent filter due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-60715 | 1 Microsoft | 28 Remote, Windows, Windows 10 and 25 more | 2026-02-26 | 8 High |
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-48566 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In multiple locations, there is a possible bypass of user profile boundary with a forwarded intent due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-60716 | 1 Microsoft | 20 Directx, Windows 10, Windows 10 1809 and 17 more | 2026-02-26 | 7 High |
| Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-48572 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In multiple locations, there is a possible way to launch activities from the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-60717 | 1 Microsoft | 20 Windows, Windows 10, Windows 10 1809 and 17 more | 2026-02-26 | 7 High |
| Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-48573 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In sendCommand of MediaSessionRecord.java, there is a possible way to launch the foreground service while the app is in the background due to FGS while-in-use abuse. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-60718 | 1 Microsoft | 6 Windows, Windows 11, Windows 11 24h2 and 3 more | 2026-02-26 | 7.8 High |
| Untrusted search path in Windows Administrator Protection allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-8078 | 1 Zyxel | 21 Atp100, Atp100w, Atp200 and 18 more | 2026-02-26 | 7.2 High |
| A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on the affected device by passing a crafted string as an argument to a CLI command. | ||||
| CVE-2025-48575 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In multiple functions of CertInstaller.java, there is a possible way to install certificates due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-60720 | 1 Microsoft | 27 Windows, Windows 10, Windows 10 1607 and 24 more | 2026-02-26 | 7.8 High |
| Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-9133 | 1 Zyxel | 21 Atp100, Atp100w, Atp200 and 18 more | 2026-02-26 | 8.1 High |
| A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow a semi-authenticated attacker—who has completed only the first stage of the two-factor authentication (2FA) process—to view and download the system configuration from an affected device. | ||||
| CVE-2025-48580 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In connectInternal of MediaBrowser.java, there is a possible way to access while in use permission while the app is in background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-9428 | 1 Zohocorp | 1 Manageengine Analytics Plus | 2026-02-26 | 8.3 High |
| Zohocorp ManageEngine Analytics Plus versions 6171 and prior are vulnerable to authenticated SQL Injection via the key update api. | ||||
| CVE-2025-48583 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In multiple functions of BaseBundle.java, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-62200 | 1 Microsoft | 10 365, 365 Apps, Excel and 7 more | 2026-02-26 | 7.8 High |
| Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-10020 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2026-02-26 | 8.5 High |
| Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component. | ||||
| CVE-2025-48586 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In onActivityResult of EditFdnContactScreen.java, there is a possible way to leak contacts from the work profile due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-62201 | 1 Microsoft | 14 365, 365 Apps, Excel and 11 more | 2026-02-26 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||