Export limit exceeded: 10373 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10373 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-47173 | 1 Microsoft | 9 365 Apps, Office, Office 2016 and 6 more | 2026-02-26 | 7.8 High |
| Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-52521 | 2 Microsoft, Trendmicro | 3 Windows, Maximum Security 2022, Maximum Security 2023 | 2026-02-26 | 7.8 High |
| Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. | ||||
| CVE-2025-52837 | 1 Trendmicro | 1 Password Manager | 2026-02-26 | 7.8 High |
| Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow an attacker the opportunity to abuse symbolic links and other methods to delete any file/folder and achieve privilege escalation. | ||||
| CVE-2025-50067 | 1 Oracle | 1 Application Express | 2026-02-26 | 9 Critical |
| Vulnerability in Oracle Application Express (component: Strategic Planner Starter App). Supported versions that are affected are 24.2.4 and 24.2.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Application Express. CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H). | ||||
| CVE-2024-27779 | 1 Fortinet | 2 Fortiisolator, Fortisandbox | 2026-02-26 | 6.3 Medium |
| An insufficient session expiration vulnerability [CWE-613] in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions, 3.2 all versions and FortiIsolator version 2.4 and below, 2.3 all versions, 2.2 all versions, 2.1 all versions, 2.0 all versions, 1.2 all versions may allow a remote attacker in possession of an admin session cookie to keep using that admin's session even after the admin user was deleted. | ||||
| CVE-2025-21120 | 1 Dell | 3 Avamar, Avamar Data Store, Avamar Server | 2026-02-26 | 8.3 High |
| Dell Avamar, versions prior to 19.10 SP1 with patch 338904, contains a Trusting HTTP Permission Methods on the Server-Side vulnerability in Security. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. | ||||
| CVE-2025-46810 | 1 Opensuse | 1 Tumbleweed | 2026-02-26 | 7.8 High |
| A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of openSUSE Tumbleweed traefik2 allows the traefik user to escalate to root. This issue affects Tumbleweed: from ? before 2.11.29. | ||||
| CVE-2024-49720 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In multiple functions of Permissions.java, there is a possible way to override the state of the user's location permissions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-22422 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In multiple locations, there is a possible way to mislead a user into approving an authentication prompt for one app when its result will be used in another due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-22427 | 1 Google | 1 Android | 2026-02-26 | 7.3 High |
| In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to grant notification access above the lock screen due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2025-22433 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In canForward of IntentForwarderActivity.java, there is a possible bypass of the cross profile intent filter most commonly used in Work Profile scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-22434 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In handleKeyGestureEvent of PhoneWindowManager.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-22437 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-9866 | 1 Google | 1 Chrome | 2026-02-26 | 8.8 High |
| Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-36898 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| There is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36905 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In gxp_mapping_create of gxp_mapping.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-20109 | 1 Intel | 1 Processors | 2026-02-26 | 7.8 High |
| Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-22853 | 1 Intel | 1 Tdx Module Software | 2026-02-26 | 2.3 Low |
| Improper synchronization in the firmware for some Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-22893 | 2 Intel, Linux | 2 Ethernet 800 Series Software, Linux Kernel | 2026-02-26 | 7.8 High |
| Insufficient control flow management in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-26444 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In onHandleForceStop of VoiceInteractionManagerService.java, there is a bug that could cause the system to incorrectly revert to the default assistant application when a user-selected assistant is forcibly stopped due to a logic error in the code. This could lead to local escalation of privilege where the default assistant app is automatically granted ROLE_ASSISTANT with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||