Export limit exceeded: 334873 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9804 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21201 | 1 Microsoft | 17 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 14 more | 2026-02-13 | 8.8 High |
| Windows Telephony Server Remote Code Execution Vulnerability | ||||
| CVE-2025-21200 | 1 Microsoft | 17 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 14 more | 2026-02-13 | 8.8 High |
| Windows Telephony Service Remote Code Execution Vulnerability | ||||
| CVE-2025-21190 | 1 Microsoft | 17 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 14 more | 2026-02-13 | 8.8 High |
| Windows Telephony Service Remote Code Execution Vulnerability | ||||
| CVE-2025-21410 | 1 Microsoft | 11 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 8 more | 2026-02-13 | 8.8 High |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||||
| CVE-2025-21407 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-13 | 8.8 High |
| Windows Telephony Service Remote Code Execution Vulnerability | ||||
| CVE-2025-21406 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-13 | 8.8 High |
| Windows Telephony Service Remote Code Execution Vulnerability | ||||
| CVE-2025-21208 | 1 Microsoft | 11 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 8 more | 2026-02-13 | 8.8 High |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||||
| CVE-2025-21408 | 1 Microsoft | 1 Edge Chromium | 2026-02-13 | 8.8 High |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||||
| CVE-2025-21283 | 1 Microsoft | 1 Edge Chromium | 2026-02-13 | 6.5 Medium |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||||
| CVE-2025-21279 | 1 Microsoft | 1 Edge Chromium | 2026-02-13 | 6.5 Medium |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||||
| CVE-2025-21342 | 1 Microsoft | 1 Edge Chromium | 2026-02-13 | 8.8 High |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||||
| CVE-2025-21379 | 1 Microsoft | 3 Windows 11 24h2, Windows 11 24h2, Windows Server 2025 | 2026-02-13 | 7.1 High |
| DHCP Client Service Remote Code Execution Vulnerability | ||||
| CVE-2025-21376 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-13 | 8.1 High |
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | ||||
| CVE-2025-21369 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-13 | 8.8 High |
| Microsoft Digest Authentication Remote Code Execution Vulnerability | ||||
| CVE-2025-21368 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-13 | 8.8 High |
| Microsoft Digest Authentication Remote Code Execution Vulnerability | ||||
| CVE-2025-34153 | 1 Hyland | 1 Onbase | 2026-02-13 | N/A |
| Hyland OnBase versions prior to 17.0.2.87 (other versions may be affected) are vulnerable to unauthenticated remote code execution via insecure deserialization on the .NET Remoting TCP channel. The service registers a listener on port 6031 with the URI endpoint TimerServer, implemented in Hyland.Core.Timers.dll. This endpoint deserializes untrusted input using the .NET BinaryFormatter, allowing attackers to execute arbitrary code under the context of NT AUTHORITY\SYSTEM. | ||||
| CVE-2024-43468 | 1 Microsoft | 4 Configuration Manager, Configuration Manager 2403, Configuration Manager 2409 and 1 more | 2026-02-13 | 9.8 Critical |
| Microsoft Configuration Manager Remote Code Execution Vulnerability | ||||
| CVE-2026-23830 | 1 Nyariv | 1 Sandboxjs | 2026-02-12 | 10 Critical |
| SandboxJS is a JavaScript sandboxing library. Versions prior to 0.8.26 have a sandbox escape vulnerability due to `AsyncFunction` not being isolated in `SandboxFunction`. The library attempts to sandbox code execution by replacing the global `Function` constructor with a safe, sandboxed version (`SandboxFunction`). This is handled in `utils.ts` by mapping `Function` to `sandboxFunction` within a map used for lookups. However, before version 0.8.26, the library did not include mappings for `AsyncFunction`, `GeneratorFunction`, and `AsyncGeneratorFunction`. These constructors are not global properties but can be accessed via the `.constructor` property of an instance (e.g., `(async () => {}).constructor`). In `executor.ts`, property access is handled. When code running inside the sandbox accesses `.constructor` on an async function (which the sandbox allows creating), the `executor` retrieves the property value. Since `AsyncFunction` was not in the safe-replacement map, the `executor` returns the actual native host `AsyncFunction` constructor. Constructors for functions in JavaScript (like `Function`, `AsyncFunction`) create functions that execute in the global scope. By obtaining the host `AsyncFunction` constructor, an attacker can create a new async function that executes entirely outside the sandbox context, bypassing all restrictions and gaining full access to the host environment (Remote Code Execution). Version 0.8.26 patches this vulnerability. | ||||
| CVE-2020-37113 | 2 Gunet, Openeclass | 2 Open Eclass Platform, Openeclass | 2026-02-12 | 8.8 High |
| GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the intended file type checks in the exercise submission feature. | ||||
| CVE-2026-24881 | 2 Gnupg, Gpg4win | 2 Gnupg, Gpg4win | 2026-02-12 | 8.1 High |
| In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution. | ||||