Export limit exceeded: 335142 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335142 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-25835 | 1 Esri | 1 Portal For Arcgis | 2026-02-13 | 8.4 High |
| There is a stored Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS Sites versions 11.1 and below that may allow a remote, authenticated attacker with high‑privileged access to create a crafted link that is persisted within the site configuration. When accessed by a victim, the stored payload may execute arbitrary JavaScript code in the victim’s browser. Successful exploitation could allow the attacker to access sensitive user data and session information, alter trusted site content and user actions, and disrupt normal site functionality, resulting in a high impact to confidentiality, integrity, and availability. | ||||
| CVE-2025-24053 | 1 Microsoft | 1 Dataverse | 2026-02-13 | 7.2 High |
| Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-26645 | 1 Microsoft | 28 Remote Desktop, Remote Desktop Client, Windows 10 1507 and 25 more | 2026-02-13 | 8.8 High |
| Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-26643 | 1 Microsoft | 1 Edge Chromium | 2026-02-13 | 5.4 Medium |
| The UI performs the wrong action in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-26631 | 1 Microsoft | 1 Visual Studio Code | 2026-02-13 | 7.3 High |
| Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-26630 | 1 Microsoft | 8 365 Apps, Access, Access 2016 and 5 more | 2026-02-13 | 7.8 High |
| Use after free in Microsoft Office Access allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-26629 | 1 Microsoft | 3 365 Apps, Office 2024, Office Long Term Servicing Channel | 2026-02-13 | 7.8 High |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-26627 | 1 Microsoft | 1 Azure Arc | 2026-02-13 | 7 High |
| Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-24049 | 1 Microsoft | 1 Azure Command-line Interface | 2026-02-13 | 8.4 High |
| Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2025-24994 | 1 Microsoft | 6 Windows 11 22h2, Windows 11 22h2, Windows 11 23h2 and 3 more | 2026-02-13 | 7.3 High |
| Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-24992 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-13 | 5.5 Medium |
| Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2025-24084 | 1 Microsoft | 10 Windows 11 22h2, Windows 11 22h2, Windows 11 23h2 and 7 more | 2026-02-13 | 8.4 High |
| Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-24076 | 1 Microsoft | 9 Windows 11 22h2, Windows 11 22h2, Windows 11 23h2 and 6 more | 2026-02-13 | 7.3 High |
| Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-24075 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-02-13 | 7.8 High |
| Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-24072 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-13 | 7.8 High |
| Use after free in Microsoft Local Security Authority Server (lsasrv) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-24071 | 1 Microsoft | 18 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 15 more | 2026-02-13 | 6.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-24067 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2026-02-13 | 7.8 High |
| Heap-based buffer overflow in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-24066 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2026-02-13 | 7.8 High |
| Heap-based buffer overflow in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-24064 | 1 Microsoft | 11 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 8 more | 2026-02-13 | 8.1 High |
| Use after free in DNS Server allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-24061 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2026-02-13 | 7.8 High |
| Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature locally. | ||||