Export limit exceeded: 11493 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11493 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-69985 | 1 Frangoteam | 1 Fuxa | 2026-02-26 | 9.8 Critical |
| FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution (RCE). The vulnerability exists in the server/api/jwt-helper.js middleware, which improperly trusts the HTTP "Referer" header to validate internal requests. A remote unauthenticated attacker can bypass JWT authentication by spoofing the Referer header to match the server's host. Successful exploitation allows the attacker to access the protected /api/runscript endpoint and execute arbitrary Node.js code on the server. | ||||
| CVE-2024-53704 | 1 Sonicwall | 24 Nsa 2700, Nsa 3700, Nsa 4700 and 21 more | 2026-02-26 | 8.2 High |
| An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication. | ||||
| CVE-2024-55591 | 1 Fortinet | 2 Fortios, Fortiproxy | 2026-02-26 | 9.6 Critical |
| An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module. | ||||
| CVE-2021-22126 | 1 Fortinet | 1 Fortiwlc | 2026-02-26 | 6.5 Medium |
| A use of hard-coded password vulnerability in FortiWLC version 8.5.2 and below, version 8.4.8 and below, version 8.3.3 to 8.3.2, version 8.2.7 to 8.2.6 may allow a local, authenticated attacker to connect to the managed Access Point (Meru AP and FortiAP-U) as root using the default hard-coded username and password. | ||||
| CVE-2023-47539 | 1 Fortinet | 1 Fortimail | 2026-02-26 | 9 Critical |
| An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request. | ||||
| CVE-2025-21293 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2026-02-26 | 8.8 High |
| Active Directory Domain Services Elevation of Privilege Vulnerability | ||||
| CVE-2024-51459 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2026-02-26 | 8.4 High |
| IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handling of permissions. | ||||
| CVE-2025-21348 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2026-02-26 | 7.2 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2025-2746 | 1 Kentico | 1 Xperience | 2026-02-26 | 9.8 Critical |
| An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.172. | ||||
| CVE-2025-2747 | 1 Kentico | 1 Xperience | 2026-02-26 | 9.8 Critical |
| An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.178. | ||||
| CVE-2024-58105 | 1 Trendmicro | 1 Apex One | 2026-02-26 | 7.3 High |
| A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. This CVE address an addtional bypass not covered in CVE-2024-58104. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2025-24418 | 1 Adobe | 1 Adobe Commerce | 2026-02-26 | 8.1 High |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. | ||||
| CVE-2025-20229 | 1 Splunk | 3 Splunk, Splunk Cloud Platform, Splunk Enterprise | 2026-02-26 | 8 High |
| In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) through a file upload to the "$SPLUNK_HOME/var/run/splunk/apptemp" directory due to missing authorization checks. | ||||
| CVE-2025-24411 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2026-02-26 | 8.1 High |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access affecting Confidentiality and Integrity. Exploitation of this issue does not require user interaction. | ||||
| CVE-2025-26683 | 1 Microsoft | 1 Azure Playwright | 2026-02-26 | 8.1 High |
| Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-21349 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2026-02-26 | 6.8 Medium |
| Windows Remote Desktop Configuration Service Tampering Vulnerability | ||||
| CVE-2025-21359 | 1 Microsoft | 17 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 14 more | 2026-02-26 | 7.8 High |
| Windows Kernel Security Feature Bypass Vulnerability | ||||
| CVE-2025-24042 | 1 Microsoft | 2 Visual Studio Code, Vscode-js-debug | 2026-02-26 | 7.3 High |
| Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability | ||||
| CVE-2025-30389 | 1 Microsoft | 1 Azure Ai Bot Service | 2026-02-26 | 8.7 High |
| Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-0159 | 1 Ibm | 1 Storage Virtualize | 2026-02-26 | 9.1 Critical |
| IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request. | ||||