Export limit exceeded: 18043 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18043 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-11535 | 2 Microsoft, Mongodb | 3 Windows, Connector For Bi, Mongodb | 2026-04-15 | N/A |
| MongoDB Connector for BI installation via MSI on Windows leaves ACLs unset on custom install directories allows Privilege Escalation.This issue affects MongoDB Connector for BI: from 2.0.0 through 2.14.24. | ||||
| CVE-2025-11575 | 2 Microsoft, Mongodb | 2 Windows, Mongodb | 2026-04-15 | 7.8 High |
| Incorrect Default Permissions vulnerability in MongoDB Atlas SQL ODBC driver on Windows allows Privilege Escalation.This issue affects MongoDB Atlas SQL ODBC driver: from 1.0.0 through 2.0.0. | ||||
| CVE-2025-10639 | 2 Efficientlab, Microsoft | 2 Workexaminer Professional, Windows | 2026-04-15 | 8.8 High |
| The WorkExaminer Professional server installation comes with an FTP server that is used to receive the client logs on TCP port 12304. An attacker with network access to this port can use weak hardcoded credentials to login to the FTP server and modify or read data, log files and gain remote code execution as NT Authority\SYSTEM on the server by exchanging accessible service binaries in the WorkExaminer installation directory (e.g. "C:\Program File (x86)\Work Examiner Professional Server"). | ||||
| CVE-2025-11955 | 2 Microsoft, Thegreenbow | 6 Windows, Ipsec Vpn Client, Thegreenbow Vpn Client and 3 more | 2026-04-15 | N/A |
| Incorrect validation of OCSP certificates vulnerability in TheGreenBow VPN, versions 7.5 and 7.6. During the IKEv2 authentication step, the OCSP-enabled VPN client establishes the tunnel even if it does not receive an OCSP response or if the OCSP response signature is invalid. | ||||
| CVE-2019-25269 | 1 Microsoft | 1 Windows | 2026-04-15 | 7.8 High |
| Amiti Antivirus 25.0.640 contains an unquoted service path vulnerability in its Windows service configurations. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges by placing executable files in specific directory locations. | ||||
| CVE-2025-11940 | 2 Librewolf, Microsoft | 2 Librewolf, Windows | 2026-04-15 | 7 High |
| A security vulnerability has been detected in LibreWolf up to 143.0.4-1 on Windows. This affects an unknown function of the file assets/setup.nsi of the component Installer. Such manipulation leads to uncontrolled search path. The attack must be carried out locally. Attacks of this nature are highly complex. The exploitability is reported as difficult. Upgrading to version 144.0-1 mitigates this issue. The name of the patch is dd10e31dd873e9cb309fad8aed921d45bf905a55. It is suggested to upgrade the affected component. | ||||
| CVE-2021-47828 | 2 Microsoft, Weird Solutions | 2 Windows, Bootpturbo | 2026-04-15 | 7.8 High |
| BOOTP Turbo 2.0.0.1253 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path to execute arbitrary code with elevated LocalSystem privileges during system startup or reboot. | ||||
| CVE-2025-13051 | 2 Asustor, Microsoft | 3 Abp, Aes, Windows | 2026-04-15 | N/A |
| When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under the LocalSystem account, resulting in unauthorized code execution with elevated privileges. This issue affects ABP and AES: from ABP 2.0 through 2.0.7.9050, from AES 1.0 through 1.0.6.8290. | ||||
| CVE-2024-14012 | 2 Microsoft, Revenera | 2 Windows, Installshield | 2026-04-15 | N/A |
| Potential privilege escalation issue in Revenera InstallShield version 2023 R1 running a renamed Setup.exe on Windows. When a local administrator executes a renamed Setup.exe, the MPR.dll may get loaded from an insecure location and can result in a privilege escalation. The issue has been fixed in versions 2023 R2 and later. | ||||
| CVE-2025-4044 | 2 Lexmark, Microsoft | 2 Universal Print Driver, Windows | 2026-04-15 | 8.2 High |
| Improper Restriction of XML External Entity Reference in various Lexmark printer drivers for Windows allows attacker to disclose sensitive information to an arbitrary URL. | ||||
| CVE-2025-62225 | 2 Microsoft, Sony | 2 Windows, Optical Disc Archive Software | 2026-04-15 | N/A |
| Optical Disc Archive Software provided by Sony Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | ||||
| CVE-2025-13524 | 4 Amazon, Apple, Linux and 1 more | 4 Aws Wickr, Macos, Linux and 1 more | 2026-04-15 | 5.7 Medium |
| Improper resource release in the call termination process in AWS Wickr before version 6.62.13 on Windows, macOS and Linux may allow a call participant to continue receiving audio input from another user after they close their call window. This issue occurs under certain conditions, which require the affected user to take a particular action within the application To mitigate this issue, users should upgrade AWS Wickr, Wickr Gov and Wickr Enterprise desktop version to version 6.62.13. | ||||
| CVE-2025-12507 | 2 Bizerba, Microsoft | 2 Communication Server, Windows | 2026-04-15 | 8.8 High |
| The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed. | ||||
| CVE-2025-62376 | 2 Microsoft, Pwncollege | 2 Windows, Dojo | 2026-04-15 | N/A |
| pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef, the /workspace endpoint contains an improper authentication vulnerability that allows an attacker to access any active Windows VM without proper authorization. The vulnerability occurs in the view_desktop function where the user is retrieved via a URL parameter without verifying that the requester has administrative privileges. An attacker can supply any user ID and arbitrary password in the request parameters to impersonate another user. When requesting a Windows desktop service, the function does not validate the supplied password before generating access credentials, allowing the attacker to obtain an iframe source URL that grants full access to the target user's Windows VM. This impacts all users with active Windows VMs, as an attacker can access and modify data on the Windows machine and in the home directory of the associated Linux machine via the Z: drive. This issue has been patched in commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef. No known workarounds exist. | ||||
| CVE-2025-49459 | 3 Arm, Microsoft, Zoom | 5 Arm, Windows, Workplace and 2 more | 2026-04-15 | 7.8 High |
| Missing authorization in the installer for Zoom Workplace for Windows on ARM before version 6.5.0 may allow an authenticated user to conduct an escalation of privilege via local access. | ||||
| CVE-2025-4952 | 2 Eset, Microsoft | 13 Endpoint Antivirus, Endpoint Security, File Security and 10 more | 2026-04-15 | N/A |
| Tampering of the registry entries might have led to preventing the ESET security products from starting correctly on the next system startup or to unauthorized changes in the product's configuration. | ||||
| CVE-2025-29864 | 2 Estsoft, Microsoft | 2 Alzip, Windows | 2026-04-15 | N/A |
| Protection Mechanism Failure vulnerability in ESTsoft ALZip on Windows allows SmartScreen bypass.This issue affects ALZip: from 12.01 before 12.29. | ||||
| CVE-2025-62776 | 2 Microsoft, Wireless Tsukamoto | 2 Windows, Wtw Eagle | 2026-04-15 | N/A |
| The installer of WTW EAGLE (for Windows) 3.0.8.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application. | ||||
| CVE-2025-30075 | 2 Microsoft, Mindmanager | 2 Windows, Mindmanager | 2026-04-15 | 2.2 Low |
| In Alludo MindManager before 25.0.208 on Windows, attackers could potentially execute code as other local users on the same machine if they could write DLL files to directories within victims' DLL search paths. | ||||
| CVE-2024-6768 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2026-04-15 | N/A |
| A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the KeBugCheckEx function. | ||||