Export limit exceeded: 23185 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (23185 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-67460 | 2 Microsoft, Zoom | 3 Windows, Rooms, Zoom | 2026-02-26 | 7.8 High |
| Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access. | ||||
| CVE-2025-64669 | 1 Microsoft | 1 Windows Admin Center | 2026-02-26 | 7.8 High |
| Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-11001 | 2 7-zip, Microsoft | 2 7-zip, Windows | 2026-02-26 | 7.8 High |
| 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26753. | ||||
| CVE-2025-64655 | 1 Microsoft | 1 Dynamics Omnichannel Sdk Storage Containers | 2026-02-26 | 8.8 High |
| Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-59245 | 1 Microsoft | 1 Sharepoint Online | 2026-02-26 | 9.8 Critical |
| Microsoft SharePoint Online Elevation of Privilege Vulnerability | ||||
| CVE-2025-49752 | 1 Microsoft | 1 Azure Bastion Developer | 2026-02-26 | 10 Critical |
| Azure Bastion Elevation of Privilege Vulnerability | ||||
| CVE-2025-62207 | 1 Microsoft | 2 Azure Monitor, Azure Monitor Control Service | 2026-02-26 | 8.6 High |
| Azure Monitor Elevation of Privilege Vulnerability | ||||
| CVE-2025-14174 | 4 Apple, Google, Linux and 1 more | 11 Ipados, Iphone Os, Macos and 8 more | 2026-02-26 | 8.8 High |
| Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-64660 | 1 Microsoft | 1 Visual Studio Code | 2026-02-26 | 8 High |
| Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-62459 | 1 Microsoft | 1 365 Defender Portal | 2026-02-26 | 8.3 High |
| Microsoft Defender Portal Spoofing Vulnerability | ||||
| CVE-2025-14765 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-26 | 8.8 High |
| Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-14766 | 4 Apple, Google, Linux and 1 more | 5 Macos, Chrome, V8 and 2 more | 2026-02-26 | 8.8 High |
| Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-64656 | 1 Microsoft | 2 Azure App Gateway, Azure Application Gateway | 2026-02-26 | 9.4 Critical |
| Out-of-bounds read in Application Gateway allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-64657 | 1 Microsoft | 2 Azure App Gateway, Azure Application Gateway | 2026-02-26 | 9.8 Critical |
| Stack-based buffer overflow in Azure Application Gateway allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-64663 | 1 Microsoft | 2 Azure Cognitive Service For Language, Azure Language | 2026-02-26 | 9.9 Critical |
| Custom Question Answering Elevation of Privilege Vulnerability | ||||
| CVE-2025-65041 | 1 Microsoft | 1 Partner Center | 2026-02-26 | 10 Critical |
| Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-65037 | 1 Microsoft | 1 Azure Container Apps | 2026-02-26 | 10 Critical |
| Improper control of generation of code ('code injection') in Azure Container Apps allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-64676 | 1 Microsoft | 2 Office Purview, Purview | 2026-02-26 | 7.2 High |
| '.../...//' in Microsoft Purview allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-22035 | 3 Getgreenshot, Greenshot, Microsoft | 3 Greenshot, Greenshot, Windows | 2026-02-26 | 7.8 High |
| Greenshot is an open source Windows screenshot utility. Versions 1.3.310 and below arvulnerable to OS Command Injection through unsanitized filename processing. The FormatArguments method in ExternalCommandDestination.cs:269 uses string.Format() to insert user-controlled filenames directly into shell commands without sanitization, allowing attackers to execute arbitrary commands by crafting malicious filenames containing shell metacharacters. This issue is fixed in version 1.3.311. | ||||
| CVE-2025-69258 | 2 Microsoft, Trendmicro | 3 Windows, Apex Central, Apexcentral | 2026-02-26 | 9.8 Critical |
| A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations. | ||||