Export limit exceeded: 335034 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335034 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-29807 | 1 Microsoft | 1 Dataverse | 2026-02-26 | 8.7 High |
| Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network. | ||||
| CVE-2024-47908 | 1 Ivanti | 1 Cloud Services Appliance | 2026-02-26 | 9.1 Critical |
| OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2025-21354 | 1 Microsoft | 9 365 Apps, Office, Office 2019 and 6 more | 2026-02-26 | 8.4 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2025-29814 | 1 Microsoft | 1 Partner Center | 2026-02-26 | 9.3 Critical |
| Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-22467 | 1 Ivanti | 1 Connect Secure | 2026-02-26 | 9.9 Critical |
| A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution. | ||||
| CVE-2025-21356 | 1 Microsoft | 6 365 Apps, Office, Office 2019 and 3 more | 2026-02-26 | 7.8 High |
| Microsoft Office Visio Remote Code Execution Vulnerability | ||||
| CVE-2025-24915 | 1 Tenable | 1 Nessus Agent | 2026-02-26 | 7.8 High |
| When installing Nessus Agent to a non-default location on a Windows host, Nessus Agent versions prior to 10.8.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. | ||||
| CVE-2024-10644 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2026-02-26 | 9.1 Critical |
| Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2025-21357 | 1 Microsoft | 8 365 Apps, Office, Office 2019 and 5 more | 2026-02-26 | 6.7 Medium |
| Microsoft Outlook Remote Code Execution Vulnerability | ||||
| CVE-2024-50569 | 1 Fortinet | 1 Fortiweb | 2026-02-26 | 6.3 Medium |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input. | ||||
| CVE-2025-29806 | 1 Microsoft | 1 Edge Chromium | 2026-02-26 | 6.5 Medium |
| No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-21362 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-02-26 | 8.4 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2024-40591 | 1 Fortinet | 1 Fortios | 2026-02-26 | 8 High |
| An incorrect privilege assignment vulnerability [CWE-266] in Fortinet FortiOS version 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.9 and before 7.0.15 allows an authenticated admin whose access profile has the Security Fabric permission to escalate their privileges to super-admin by connecting the targetted FortiGate to a malicious upstream FortiGate they control. | ||||
| CVE-2025-21363 | 1 Microsoft | 5 365 Apps, Office 2024, Office Long Term Servicing Channel and 2 more | 2026-02-26 | 7.8 High |
| Microsoft Word Remote Code Execution Vulnerability | ||||
| CVE-2025-29795 | 1 Microsoft | 2 Edge Update, Edge Update Setup | 2026-02-26 | 7.8 High |
| Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2024-35279 | 1 Fortinet | 1 Fortios | 2026-02-26 | 7.7 High |
| A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.4 through 7.2.8 and version 7.4.0 through 7.4.4 allows a remote unauthenticated attacker to execute arbitrary code or commands via crafted UDP packets through the CAPWAP control, provided the attacker were able to evade FortiOS stack protections and provided the fabric service is running on the exposed interface. | ||||
| CVE-2025-21365 | 1 Microsoft | 3 365 Apps, Office 2024, Office Long Term Servicing Channel | 2026-02-26 | 7.8 High |
| Microsoft Office Remote Code Execution Vulnerability | ||||
| CVE-2025-2746 | 1 Kentico | 1 Xperience | 2026-02-26 | 9.8 Critical |
| An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.172. | ||||
| CVE-2024-50567 | 1 Fortinet | 1 Fortiweb | 2026-02-26 | 6.8 Medium |
| An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.4.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input. | ||||
| CVE-2025-21366 | 1 Microsoft | 8 365 Apps, Access, Access 2016 and 5 more | 2026-02-26 | 7.8 High |
| Microsoft Access Remote Code Execution Vulnerability | ||||