Export limit exceeded: 328214 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 73157 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (73157 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25808 | 2 Fedify, Fedify-dev | 2 Hollo, Hollo | 2026-02-28 | 7.5 High |
| Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpoint without authorization. This vulnerability is fixed in 0.6.20 and 0.7.2. | ||||
| CVE-2026-25925 | 1 Modery | 1 Powerdocu | 2026-02-28 | 7.8 High |
| PowerDocu contains a Windows GUI executable to perform technical documentations. Prior to 2.4.0, PowerDocu contains a critical security vulnerability in how it parses JSON files within Flow or App packages. The application blindly trusts the $type property in JSON files, allowing an attacker to instantiate arbitrary .NET objects and execute code. This vulnerability is fixed in 2.4.0. | ||||
| CVE-2025-11142 | 2 Axis, Axis Communications Ab | 2 Axis Os, Axis Os | 2026-02-28 | 7.1 High |
| The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account. | ||||
| CVE-2025-8054 | 1 Opentext | 1 Xm Fax | 2026-02-27 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText™ XM Fax allows Path Traversal. The vulnerability could allow an attacker to arbitrarily disclose content of files on the local filesystem. This issue affects XM Fax: 24.2. | ||||
| CVE-2024-37212 | 1 Ali2woo | 1 Aliexpress Dropshipping With Alinext | 2026-02-27 | 8.3 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Ali2Woo Lite.This issue affects Ali2Woo Lite: from n/a through 3.3.5. | ||||
| CVE-2023-47512 | 1 Gravitymaster | 1 Product Enquiry For Woocommerce | 2026-02-27 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Gravity Master Product Enquiry for WooCommerce plugin <= 3.0 versions. | ||||
| CVE-2023-34153 | 3 Fedoraproject, Imagemagick, Redhat | 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more | 2026-02-27 | 7.8 High |
| A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding. | ||||
| CVE-2026-27572 | 1 Bytecodealliance | 1 Wasmtime | 2026-02-27 | 7.5 High |
| Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implementation of the `wasi:http/types.fields` resource is susceptible to panics when too many fields are added to the set of headers. Wasmtime's implementation in the `wasmtime-wasi-http` crate is backed by a data structure which panics when it reaches excessive capacity and this condition was not handled gracefully in Wasmtime. Panicking in a WASI implementation is a Denial of Service vector for embedders and is treated as a security vulnerability in Wasmtime. Wasmtime 24.0.6, 36.0.6, 40.0.4, 41.0.4, and 42.0.0 patch this vulnerability and return a trap to the guest instead of panicking. There are no known workarounds at this time. Embedders are encouraged to update to a patched version of Wasmtime. | ||||
| CVE-2026-21523 | 1 Microsoft | 2 Visual Studio Code, Visual Studio Code Copilot Chat Extension | 2026-02-27 | 8 High |
| Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-21518 | 1 Microsoft | 2 Visual Studio Code, Visual Studio Code Copilot Chat Extension | 2026-02-27 | 8.8 High |
| Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2026-26119 | 1 Microsoft | 1 Windows Admin Center | 2026-02-27 | 8.8 High |
| Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-20841 | 1 Microsoft | 2 Window Notepad, Windows Notepad | 2026-02-27 | 7.8 High |
| Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-20846 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-02-27 | 7.5 High |
| Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-21228 | 1 Microsoft | 1 Azure Local | 2026-02-27 | 8.1 High |
| Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-21231 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-02-27 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21232 | 1 Microsoft | 14 Windows 11 22h3, Windows 11 23h2, Windows 11 23h2 and 11 more | 2026-02-27 | 7.8 High |
| Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21237 | 1 Microsoft | 19 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 16 more | 2026-02-27 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21238 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-02-27 | 7.8 High |
| Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21239 | 1 Microsoft | 28 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 25 more | 2026-02-27 | 7.8 High |
| Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21241 | 1 Microsoft | 15 Windows 11 22h3, Windows 11 23h2, Windows 11 23h2 and 12 more | 2026-02-27 | 7 High |
| Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||