Export limit exceeded: 72529 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (72529 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21362 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-02-26 | 8.4 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2024-40591 | 1 Fortinet | 1 Fortios | 2026-02-26 | 8 High |
| An incorrect privilege assignment vulnerability [CWE-266] in Fortinet FortiOS version 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.9 and before 7.0.15 allows an authenticated admin whose access profile has the Security Fabric permission to escalate their privileges to super-admin by connecting the targetted FortiGate to a malicious upstream FortiGate they control. | ||||
| CVE-2025-21363 | 1 Microsoft | 5 365 Apps, Office 2024, Office Long Term Servicing Channel and 2 more | 2026-02-26 | 7.8 High |
| Microsoft Word Remote Code Execution Vulnerability | ||||
| CVE-2025-29795 | 1 Microsoft | 2 Edge Update, Edge Update Setup | 2026-02-26 | 7.8 High |
| Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2024-35279 | 1 Fortinet | 1 Fortios | 2026-02-26 | 7.7 High |
| A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.4 through 7.2.8 and version 7.4.0 through 7.4.4 allows a remote unauthenticated attacker to execute arbitrary code or commands via crafted UDP packets through the CAPWAP control, provided the attacker were able to evade FortiOS stack protections and provided the fabric service is running on the exposed interface. | ||||
| CVE-2025-21365 | 1 Microsoft | 3 365 Apps, Office 2024, Office Long Term Servicing Channel | 2026-02-26 | 7.8 High |
| Microsoft Office Remote Code Execution Vulnerability | ||||
| CVE-2025-21366 | 1 Microsoft | 8 365 Apps, Access, Access 2016 and 5 more | 2026-02-26 | 7.8 High |
| Microsoft Access Remote Code Execution Vulnerability | ||||
| CVE-2025-21395 | 1 Microsoft | 8 365 Apps, Access, Access 2016 and 5 more | 2026-02-26 | 7.8 High |
| Microsoft Access Remote Code Execution Vulnerability | ||||
| CVE-2025-21157 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2026-02-26 | 7.8 High |
| InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-21158 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2026-02-26 | 7.8 High |
| InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-21335 | 1 Microsoft | 13 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 10 more | 2026-02-26 | 7.8 High |
| Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | ||||
| CVE-2025-21156 | 1 Adobe | 1 Incopy | 2026-02-26 | 7.8 High |
| InCopy versions 20.0, 19.5.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-1097 | 1 Kubernetes | 1 Ingress-nginx | 2026-02-26 | 8.8 High |
| A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) | ||||
| CVE-2025-21187 | 1 Microsoft | 1 Power Automate For Desktop | 2026-02-26 | 7.8 High |
| Microsoft Power Automate Remote Code Execution Vulnerability | ||||
| CVE-2025-21159 | 1 Adobe | 1 Illustrator | 2026-02-26 | 7.8 High |
| Illustrator versions 29.1, 28.7.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-21186 | 1 Microsoft | 8 365 Apps, Access, Access 2016 and 5 more | 2026-02-26 | 7.8 High |
| Microsoft Access Remote Code Execution Vulnerability | ||||
| CVE-2025-1098 | 1 Kubernetes | 1 Ingress-nginx | 2026-02-26 | 8.8 High |
| A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) | ||||
| CVE-2025-21163 | 1 Adobe | 1 Illustrator | 2026-02-26 | 7.8 High |
| Illustrator versions 29.1, 28.7.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-21224 | 1 Microsoft | 14 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 11 more | 2026-02-26 | 8.1 High |
| Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability | ||||
| CVE-2025-24514 | 1 Kubernetes | 1 Ingress-nginx | 2026-02-26 | 8.8 High |
| A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) | ||||