Export limit exceeded: 335034 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335034 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-46430 | 1 Dell | 1 Display And Peripheral Manager | 2026-02-26 | 7.3 High |
| Dell Display and Peripheral Manager, versions prior to 2.1.2.12, contains an Execution with Unnecessary Privileges vulnerability in the Installer. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. | ||||
| CVE-2025-58731 | 1 Microsoft | 15 Windows, Windows 11, Windows 11 22h2 and 12 more | 2026-02-26 | 7 High |
| Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-43079 | 2 Linux, Qualys | 3 Linux, Cloud Agent, Cloud Agent For Linux | 2026-02-26 | 6.3 Medium |
| The Qualys Cloud Agent included a bundled uninstall script (qagent_uninstall.sh), specific to Mac and Linux supported versions that invoked multiple system commands without using absolute paths and without sanitizing the $PATH environment. If the uninstall script is executed with elevated privileges (e.g., via sudo) in an environment where $PATH has been manipulated, an attacker with root/sudo privileges could cause malicious executables to be run in place of the intended system binaries. This behavior can be leveraged for local privilege escalation and arbitrary command execution under elevated privileges. | ||||
| CVE-2025-58733 | 1 Microsoft | 32 Windows, Windows 10, Windows 10 1507 and 29 more | 2026-02-26 | 7 High |
| Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-12967 | 1 Amazon | 2 Aurora, Rds | 2026-02-26 | 8 High |
| An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users. We recommend customers upgrade to the following versions: AWS JDBC Wrapper to v2.6.5, AWS Go Wrapper to 2025-10-17, AWS NodeJS Wrapper to v2.0.1, AWS Python Wrapper to v1.4.0 and AWS PGSQL ODBC driver to v1.0.1 | ||||
| CVE-2025-58734 | 1 Microsoft | 24 Windows, Windows 10 1507, Windows 10 1607 and 21 more | 2026-02-26 | 7 High |
| Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-12428 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-26 | 8.8 High |
| Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-58736 | 1 Microsoft | 30 Windows, Windows 10, Windows 10 1507 and 27 more | 2026-02-26 | 7 High |
| Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-12429 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-26 | 8.8 High |
| Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-58737 | 1 Microsoft | 11 Remote Desktop, Windows, Windows Server and 8 more | 2026-02-26 | 7 High |
| Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-12432 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-26 | 8.8 High |
| Race in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-58738 | 1 Microsoft | 23 Windows, Windows 10, Windows 10 1507 and 20 more | 2026-02-26 | 7 High |
| Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-12437 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-26 | 7.5 High |
| Use after free in PageInfo in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-59192 | 1 Microsoft | 25 Windows, Windows 10, Windows 10 1507 and 22 more | 2026-02-26 | 7.8 High |
| Buffer over-read in Storport.sys Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-12438 | 2 Google, Linux | 3 Chrome, Chrome Os, Linux Kernel | 2026-02-26 | 8.8 High |
| Use after free in Ozone in Google Chrome on Linux and ChromeOS prior to 142.0.7444.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-59193 | 1 Microsoft | 23 Services, Windows, Windows 10 and 20 more | 2026-02-26 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-12725 | 4 Apple, Google, Linux and 1 more | 5 Macos, Android, Chrome and 2 more | 2026-02-26 | 8.8 High |
| Out of bounds read in WebGPU in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-59213 | 1 Microsoft | 4 Configuration Manager, Configuration Manager 2403, Configuration Manager 2409 and 1 more | 2026-02-26 | 8.8 High |
| Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges over an adjacent network. | ||||
| CVE-2025-12726 | 2 Google, Microsoft | 2 Chrome, Windows | 2026-02-26 | 7.5 High |
| Inappropriate implementation in Views in Google Chrome on Windows prior to 142.0.7444.137 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-59221 | 1 Microsoft | 15 365, 365 Apps, Office and 12 more | 2026-02-26 | 7 High |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||