Export limit exceeded: 324770 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (324770 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-47181 | 1 Microsoft | 2 Edge Chromium Updater, Edge Update | 2026-02-13 | 8.8 High |
| Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-46305 | 1 Apple | 4 Ios And Ipados, Ipados, Iphone Os and 1 more | 2026-02-13 | 5.7 Medium |
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash. | ||||
| CVE-2025-46304 | 1 Apple | 4 Ios And Ipados, Ipados, Iphone Os and 1 more | 2026-02-13 | 5.7 Medium |
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash. | ||||
| CVE-2025-46303 | 1 Apple | 4 Ios And Ipados, Ipados, Iphone Os and 1 more | 2026-02-13 | 5.7 Medium |
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash. | ||||
| CVE-2025-46302 | 1 Apple | 4 Ios And Ipados, Ipados, Iphone Os and 1 more | 2026-02-13 | 5.7 Medium |
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash. | ||||
| CVE-2025-46301 | 1 Apple | 4 Ios And Ipados, Ipados, Iphone Os and 1 more | 2026-02-13 | 5.7 Medium |
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash. | ||||
| CVE-2025-46300 | 1 Apple | 4 Ios And Ipados, Ipados, Iphone Os and 1 more | 2026-02-13 | 5.7 Medium |
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash. | ||||
| CVE-2026-25763 | 1 Openproject | 1 Openproject | 2026-02-13 | 9.9 Critical |
| OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an arbitrary file write vulnerability exists in OpenProject’s repository changes endpoint (/projects/:project_id/repository/changes) when rendering the “latest changes” view via git log. By supplying a specially crafted rev value (for example, rev=--output=/tmp/poc.txt), an attacker can inject git log command-line options. When OpenProject executes the SCM command, Git interprets the attacker-controlled rev as an option and writes the output to an attacker-chosen path. As a result, any user with the :browse_repository permission on the project can create or overwrite arbitrary files that the OpenProject process user is permitted to write. The written contents consist of git log output, but by crafting custom commits the attacker can still upload valid shell scripts, ultimately leading to RCE. The RCE lets the attacker create a reverse shell to the target host and view confidential files outside of OpenProject, such as /etc/passwd. This issue has been patched in versions 16.6.7 and 17.0.3. | ||||
| CVE-2025-47999 | 1 Microsoft | 18 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 15 more | 2026-02-13 | 6.8 Medium |
| Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. | ||||
| CVE-2025-49722 | 1 Microsoft | 27 Windows, Windows 10, Windows 10 1507 and 24 more | 2026-02-13 | 5.7 Medium |
| Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network. | ||||
| CVE-2025-49718 | 1 Microsoft | 3 Sql Server, Sql Server 2019, Sql Server 2022 | 2026-02-13 | 7.5 High |
| Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-49704 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2026-02-13 | 8.8 High |
| Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-49702 | 1 Microsoft | 9 365 Apps, Office, Office 2016 and 6 more | 2026-02-13 | 7.8 High |
| Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-49679 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-13 | 7.8 High |
| Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-48821 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-13 | 7.1 High |
| Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network. | ||||
| CVE-2025-48819 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-13 | 7.1 High |
| Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network. | ||||
| CVE-2025-48815 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-13 | 7.8 High |
| Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-48799 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-02-13 | 7.8 High |
| Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-48002 | 1 Microsoft | 3 Windows 11 24h2, Windows 11 24h2, Windows Server 2025 | 2026-02-13 | 5.7 Medium |
| Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to disclose information over an adjacent network. | ||||
| CVE-2025-53771 | 1 Microsoft | 6 Sharepoint Enterprise Server, Sharepoint Enterprise Server 2016, Sharepoint Enterprise Server 2019 and 3 more | 2026-02-13 | 6.5 Medium |
| Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. | ||||