Export limit exceeded: 17444 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (17444 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-53912 | 2 Malwarebytes, Microsoft | 2 Binosoft Usb Flash Drives Control, Windows | 2025-12-18 | 6.2 Medium |
| USB Flash Drives Control 4.1.0.0 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\USB Flash Drives Control\usbcs.exe' to inject malicious executables and escalate privileges on Windows systems. | ||||
| CVE-2024-30096 | 1 Microsoft | 15 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 12 more | 2025-12-17 | 5.5 Medium |
| Windows Cryptographic Services Information Disclosure Vulnerability | ||||
| CVE-2024-30088 | 1 Microsoft | 18 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 15 more | 2025-12-17 | 7 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2024-30067 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2025-12-17 | 5.5 Medium |
| Winlogon Elevation of Privilege Vulnerability | ||||
| CVE-2024-30066 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2025-12-17 | 5.5 Medium |
| Winlogon Elevation of Privilege Vulnerability | ||||
| CVE-2024-30080 | 1 Microsoft | 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more | 2025-12-17 | 9.8 Critical |
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | ||||
| CVE-2024-30069 | 1 Microsoft | 18 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 15 more | 2025-12-17 | 4.7 Medium |
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | ||||
| CVE-2023-44372 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-12-16 | 7.8 High |
| Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-29106 | 1 Microsoft | 5 Windows 10, Windows Server 2016, Windows Server 2019 and 2 more | 2025-12-16 | 7 High |
| Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability | ||||
| CVE-2025-0502 | 4 Apple, Craftercms, Linux and 1 more | 4 Macos, Craftercms, Linux Kernel and 1 more | 2025-12-15 | 9.1 Critical |
| Transmission of Private Resources into a New Sphere ('Resource Leak') vulnerability in CrafterCMS Engine on Linux, MacOS, x86, Windows, 64 bit, ARM allows Directory Indexing, Resource Leak Exposure.This issue affects CrafterCMS: from 4.0.0 before 4.0.8, from 4.1.0 before 4.1.6. | ||||
| CVE-2025-59803 | 3 Apple, Foxit, Microsoft | 4 Macos, Pdf Editor, Pdf Reader and 1 more | 2025-12-15 | 5.3 Medium |
| Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker can embed triggers (e.g., JavaScript) in a PDF document that execute during the signing process. When a signer reviews the document, the content appears normal. However, once the signature is applied, the triggers modify content on other pages or optional content layers without explicit warning. This can cause the signed PDF to differ from what the signer saw, undermining the trustworthiness of the digital signature. The fixed versions are 2025.2.1, 14.0.1, and 13.2.1. | ||||
| CVE-2025-59775 | 2 Apache, Microsoft | 2 Http Server, Windows | 2025-12-10 | 7.5 High |
| Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes the issue. | ||||
| CVE-2025-61865 | 2 Iodata, Microsoft | 2 Narsus App, Windows | 2025-12-10 | N/A |
| Multiple NAS management applications provided by I-O DATA DEVICE, INC. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | ||||
| CVE-2025-9491 | 1 Microsoft | 2 Windows, Windows 11 23h2 | 2025-12-05 | 3.3 Low |
| Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of .LNK files. Crafted data in an .LNK file can cause hazardous content in the file to be invisible to a user who inspects the file via the Windows-provided user interface. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25373. | ||||
| CVE-2025-32919 | 2 Checkmk, Microsoft | 2 Checkmk, Windows | 2025-12-04 | 7.8 High |
| Use of an insecure temporary directory in the Windows License plugin for the Checkmk Windows Agent allows Privilege Escalation. This issue affects Checkmk: from 2.4.0 before 2.4.0p13, from 2.3.0 before 2.3.0p38, from 2.2.0 before 2.2.0p46, and all versions of 2.1.0 (EOL). | ||||
| CVE-2021-26828 | 3 Linux, Microsoft, Scadabr | 3 Linux Kernel, Windows, Scadabr | 2025-12-04 | 8.8 High |
| OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm. | ||||
| CVE-2024-27303 | 2 Electron, Microsoft | 2 Electron-builder, Windows | 2025-12-03 | 7.3 High |
| electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the `.nsh` installer script. NSExec by default searches the current directory of where the installer is located before searching `PATH`. This means that if an attacker can place a malicious executable file named cmd.exe in the same folder as the installer, the installer will run the malicious file. Version 24.13.2 fixes this issue. No known workaround exists. The code executes at the installer-level before the app is present on the system, so there's no way to check if it exists in a current installer. | ||||
| CVE-2023-38039 | 4 Fedoraproject, Haxx, Microsoft and 1 more | 11 Fedora, Curl, Windows 10 1809 and 8 more | 2025-12-02 | 7.5 High |
| When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of headers and eventually cause curl to run out of heap memory. | ||||
| CVE-2021-26829 | 3 Linux, Microsoft, Scadabr | 3 Linux Kernel, Windows, Scadabr | 2025-12-02 | 5.4 Medium |
| OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm. | ||||
| CVE-2025-34028 | 3 Commvault, Linux, Microsoft | 3 Commvault, Linux Kernel, Windows | 2025-11-29 | 10.0 Critical |
| The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP. This issue affects Command Center Innovation Release: 11.38.0 to 11.38.20. The vulnerability is fixed in 11.38.20 with SP38-CU20-433 and SP38-CU20-436 and also fixed in 11.38.25 with SP38-CU25-434 and SP38-CU25-438. | ||||