Export limit exceeded: 75239 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75239 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-22567 | 1 Zscaler | 2 Zia Admin Ui, Zscaler Internet Access Admin Portal | 2026-02-26 | 7.6 High |
| Improper validation of user-supplied input in the ZIA Admin UI could allow an authenticated administrator to initiate backend functions through specific input fields in limited scenarios. | ||||
| CVE-2026-3179 | 1 Asustor | 2 Adm, Data Master | 2026-02-26 | 8.1 High |
| The FTP Backup on the ADM does not properly sanitize filenames received from the FTP server when parsing directory listings. A malicious server or MITM attacker can craft filenames containing path traversal sequences, causing the client to write files outside the intended backup directory. A path traversal vulnerability may allow an attacker to overwrite arbitrary files on the system and potentially achieve privilege escalation or remote code execution. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.ROF1 as well as from ADM 5.0.0 through ADM 5.1.2.RE51. | ||||
| CVE-2025-63945 | 1 Tencent | 1 Ioa | 2026-02-26 | 7.4 High |
| A privilege escalation (PE) vulnerability in the Tencent iOA app thru 210.9.28693.621001 on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition. | ||||
| CVE-2025-63946 | 1 Tencent | 2 Pc Manager, Pcmanager | 2026-02-26 | 7.4 High |
| A privilege escalation (PE) vulnerability in the Tencent PC Manager app thru 17.10.28554.205 on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition. | ||||
| CVE-2025-68930 | 1 Traccar | 1 Traccar | 2026-02-26 | 7.1 High |
| Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability in the `/api/socket` endpoint. The application fails to validate the `Origin` header during the WebSocket handshake. This allows a remote attacker to bypass the Same Origin Policy (SOP) and establish a full-duplex WebSocket connection using a legitimate user's credentials (JSESSIONID). As of time of publication, it is unclear whether a fix is available. | ||||
| CVE-2026-2927 | 2 D-link, Dlink | 3 Dwr-m960, Dwr-m960, Dwr-m960 Firmware | 2026-02-26 | 8.8 High |
| A vulnerability has been found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub_462590 of the file /boafrm/formOpMode of the component Operation Mode Configuration Endpoint. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-25648 | 1 Traccar | 1 Traccar | 2026-02-26 | 8.7 High |
| Versions of the Traccar open-source GPS tracking system starting with 6.11.1 contain an issue in which authenticated users can execute arbitrary JavaScript in the context of other users' browsers by uploading malicious SVG files as device images. The application accepts SVG file uploads without sanitization and serves them with the `image/svg+xml` Content-Type, allowing embedded JavaScript to execute when victims view the image. As of time of publication, it is unclear whether a fix is available. | ||||
| CVE-2026-2926 | 2 D-link, Dlink | 3 Dwr-m960, Dwr-m960, Dwr-m960 Firmware | 2026-02-26 | 8.8 High |
| A flaw has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4237AC of the file /boafrm/formLteSetup of the component LTE Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2026-2925 | 2 D-link, Dlink | 3 Dwr-m960, Dwr-m960, Dwr-m960 Firmware | 2026-02-26 | 8.8 High |
| A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_42B5A0 of the file /boafrm/formBridgeVlan of the component Bridge VLAN Configuration Endpoint. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used. | ||||
| CVE-2026-25649 | 1 Traccar | 1 Traccar | 2026-02-26 | 7.3 High |
| Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain an issue in which authenticated users can steal OAuth 2.0 authorization codes by exploiting an open redirect vulnerability in two OIDC-related endpoints. The `redirect_uri` parameter is not validated against a whitelist, allowing attackers to redirect authorization codes to attacker-controlled URLs, enabling account takeover on any OAuth-integrated application. As of time of publication, it is unclear whether a fix is available. | ||||
| CVE-2026-2904 | 1 Utt | 3 810g, 810g Firmware, Hiper 810g | 2026-02-26 | 8.8 High |
| A vulnerability was determined in UTT HiPER 810G 1.7.7-171114. This affects the function strcpy of the file /goform/ConfigExceptAli. Executing a manipulation can lead to buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-62455 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-02-26 | 7.8 High |
| Improper input validation in Windows Message Queuing allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-62461 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2026-02-26 | 7.8 High |
| Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-62462 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2026-02-26 | 7.8 High |
| Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-62464 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2026-02-26 | 7.8 High |
| Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55233 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2026-02-26 | 7.8 High |
| Out-of-bounds read in Windows Projected File System allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-62467 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2026-02-26 | 7.8 High |
| Integer overflow or wraparound in Windows Projected File System allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-58692 | 1 Fortinet | 1 Fortivoice | 2026-02-26 | 7.7 High |
| An improper neutralization of special elements used in an SQL Command ("SQL Injection") vulnerability [CWE-89] vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP or HTTPS requests. | ||||
| CVE-2025-62474 | 1 Microsoft | 22 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 19 more | 2026-02-26 | 7.8 High |
| Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-62550 | 1 Microsoft | 1 Azure Monitor Agent | 2026-02-26 | 8.8 High |
| Out-of-bounds write in Azure Monitor Agent allows an authorized attacker to execute code over a network. | ||||