Export limit exceeded: 338066 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338066 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49691 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2026-02-13 | 8 High |
| Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over an adjacent network. | ||||
| CVE-2025-49687 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2026-02-13 | 8.8 High |
| Out-of-bounds read in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49686 | 1 Microsoft | 27 Windows, Windows 10, Windows 10 1507 and 24 more | 2026-02-13 | 7.8 High |
| Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49677 | 1 Microsoft | 2 Windows 11 22h2, Windows 11 22h2 | 2026-02-13 | 7 High |
| Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49674 | 1 Microsoft | 11 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 8 more | 2026-02-13 | 8.8 High |
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-49671 | 1 Microsoft | 11 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 8 more | 2026-02-13 | 6.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-49658 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-13 | 5.5 Medium |
| Out-of-bounds read in Windows TDX.sys allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-47987 | 1 Microsoft | 27 Windows, Windows 10, Windows 10 1507 and 24 more | 2026-02-13 | 7.8 High |
| Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-47984 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-13 | 7.5 High |
| Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-47976 | 1 Microsoft | 27 Windows, Windows 10, Windows 10 1507 and 24 more | 2026-02-13 | 7.8 High |
| Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-47972 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2026-02-13 | 8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-21195 | 2 Azure, Microsoft | 3 Service Fabric, Azure Service Fabric, Service Fabric | 2026-02-13 | 6 Medium |
| Improper link resolution before file access ('link following') in Service Fabric allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-47159 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2026-02-13 | 7.8 High |
| Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-33054 | 1 Microsoft | 7 Windows 11 22h2, Windows 11 22h2, Windows 11 23h2 and 4 more | 2026-02-13 | 8.1 High |
| Insufficient UI warning of dangerous operations in Remote Desktop Client allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-26636 | 1 Microsoft | 3 Windows 11 24h2, Windows 11 24h2, Windows Server 2025 | 2026-02-13 | 5.5 Medium |
| Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-25764 | 1 Openproject | 1 Openproject | 2026-02-13 | 3.5 Low |
| OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an HTML injection vulnerability occurs in the time tracking function of OpenProject. The application does not escape HTML tags, an attacker with administrator privileges can create a work package with the name containing the HTML tags and add it to the Work package section when creating time tracking. This issue has been patched in versions 16.6.7 and 17.0.3. | ||||
| CVE-2026-20608 | 1 Apple | 6 Ios And Ipados, Ipados, Iphone Os and 3 more | 2026-02-13 | 5.5 Medium |
| This issue was addressed through improved state management. This issue is fixed in macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2026-20609 | 1 Apple | 7 Ios And Ipados, Ipados, Iphone Os and 4 more | 2026-02-13 | 4.4 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents. | ||||
| CVE-2025-49736 | 2 Google, Microsoft | 2 Android, Edge | 2026-02-13 | 4.3 Medium |
| The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-69229 | 3 Aio-libs, Aio-libs Project, Aiohttp | 4 Aiohttp Session, Aiohttp, Aio-libs and 1 more | 2026-02-13 | 5.3 Medium |
| AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. If an application makes use of the request.read() method in an endpoint, it may be possible for an attacker to cause the server to spend a moderate amount of blocking CPU time (e.g. 1 second) while processing the request. This could potentially lead to DoS as the server would be unable to handle other requests during that time. This issue is fixed in version 3.13.3. | ||||