Export limit exceeded: 331317 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 331317 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (331317 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59221 | 1 Microsoft | 15 365, 365 Apps, Office and 12 more | 2026-02-26 | 7 High |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-12727 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-26 | 8.8 High |
| Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-59222 | 1 Microsoft | 15 365, 365 Apps, Office and 12 more | 2026-02-26 | 7.8 High |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-42890 | 1 Sap | 1 Sql Anywhere | 2026-02-26 | 10 Critical |
| SQL Anywhere Monitor (Non-GUI) baked credentials into the code,exposing the resources or functionality to unintended users and providing attackers with the possibility of arbitrary code execution.This could cause high impact on confidentiality integrity and availability of the system. | ||||
| CVE-2025-59223 | 1 Microsoft | 13 365, 365 Apps, Excel and 10 more | 2026-02-26 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-42894 | 1 Sap | 1 Business Connector | 2026-02-26 | 6.8 Medium |
| Due to a Path Traversal vulnerability in SAP Business Connector, an attacker authenticated as an administrator with adjacent access could read, write, overwrite, and delete arbitrary files on the host system. Successful exploitation could enable the attacker to execute arbitrary operating system commands on the server, resulting in a complete compromise of the confidentiality, integrity, and availability of the affected system. | ||||
| CVE-2025-59225 | 1 Microsoft | 12 365, 365 Apps, Excel and 9 more | 2026-02-26 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-4645 | 2 Axis, Axis Communications Ab | 234 A1210 \(-b\), A1214, A1601 and 231 more | 2026-02-26 | 6.7 Medium |
| An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | ||||
| CVE-2025-59226 | 1 Microsoft | 6 365, 365 Apps, Office 2021 and 3 more | 2026-02-26 | 7.8 High |
| Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-5454 | 2 Axis, Axis Communications Ab | 234 A1210 \(-b\), A1214, A1601 and 231 more | 2026-02-26 | 6.4 Medium |
| An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | ||||
| CVE-2025-59227 | 1 Microsoft | 12 365, 365 Apps, Office and 9 more | 2026-02-26 | 7.8 High |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-5718 | 2 Axis, Axis Communications Ab | 234 A1210 \(-b\), A1214, A1601 and 231 more | 2026-02-26 | 6.8 Medium |
| The ACAP Application framework could allow privilege escalation through a symlink attack. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | ||||
| CVE-2025-59238 | 1 Microsoft | 10 365, 365 Apps, Office and 7 more | 2026-02-26 | 7.8 High |
| Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-2624 | 2 Epati, Epati Cyber security Technologies | 2 Antikor Next Generation Firewall, Antikor Next Generation Firewall | 2026-02-26 | 9.8 Critical |
| Missing Authentication for Critical Function vulnerability in ePati Cyber Security Technologies Inc. Antikor Next Generation Firewall (NGFW) allows Authentication Bypass.This issue affects Antikor Next Generation Firewall (NGFW): from v.2.0.1298 before v.2.0.1301. | ||||
| CVE-2025-15589 | 1 Muyucms | 1 Muyucms | 2026-02-26 | 3.8 Low |
| A vulnerability was determined in MuYuCMS 2.7. Affected is the function delete_dir_file of the file application/admin/controller/Template.php of the component Template Management Page. This manipulation of the argument temn/tp causes path traversal. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-3131 | 1 Devolutions | 2 Devolutions Server, Server | 2026-02-26 | 6.5 Medium |
| Improper access control in multiple DVLS REST API endpoints in Devolutions Server 2025.3.14.0 and earlier allows an authenticated user with view-only permission to access sensitive connection data. | ||||
| CVE-2026-1768 | 1 Devolutions | 1 Devolutions Server | 2026-02-26 | 4.3 Medium |
| A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devolutions Server: before 2025.3.15. | ||||
| CVE-2026-22990 | 1 Linux | 1 Linux Kernel | 2026-02-26 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() If the osdmap is (maliciously) corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. Instead, just declare the incremental osdmap to be invalid. | ||||
| CVE-2025-1272 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-02-26 | 7.7 High |
| The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux has the lockdown mode disabled without any warning. This may allow an attacker to gain access to sensitive information such kernel memory mappings, I/O ports, BPF and kprobes. Additionally unsigned modules can be loaded, leading to execution of untrusted code breaking breaking any Secure Boot protection. This vulnerability affects only Fedora Linux. | ||||
| CVE-2025-15087 | 1 Youlai | 1 Youlai-mall | 2026-02-26 | 4.3 Medium |
| A security vulnerability has been detected in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function submitOrderPayment of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java. Such manipulation of the argument orderSn leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||