Search Results (12821 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-24053 1 Microsoft 1 Dataverse 2026-02-13 7.2 High
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
CVE-2025-26645 1 Microsoft 28 Remote Desktop, Remote Desktop Client, Windows 10 1507 and 25 more 2026-02-13 8.8 High
Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2025-24994 1 Microsoft 6 Windows 11 22h2, Windows 11 22h2, Windows 11 23h2 and 3 more 2026-02-13 7.3 High
Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.
CVE-2025-24076 1 Microsoft 9 Windows 11 22h2, Windows 11 22h2, Windows 11 23h2 and 6 more 2026-02-13 7.3 High
Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.
CVE-2025-29810 1 Microsoft 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more 2026-02-13 7.5 High
Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.
CVE-2025-29804 1 Microsoft 1 Visual Studio 2022 2026-02-13 7.3 High
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
CVE-2025-27738 1 Microsoft 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more 2026-02-13 6.5 Medium
Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network.
CVE-2025-26678 1 Microsoft 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more 2026-02-13 8.4 High
Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally.
CVE-2025-21197 1 Microsoft 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more 2026-02-13 6.5 Medium
Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content.
CVE-2025-29794 1 Microsoft 4 Sharepoint Enterprise Server, Sharepoint Server, Sharepoint Server 2016 and 1 more 2026-02-13 8.8 High
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-27744 1 Microsoft 2 Office, Office 2016 2026-02-13 7.8 High
Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2025-29827 1 Microsoft 1 Azure Automation 2026-02-13 9.9 Critical
Improper authorization in Azure Automation allows an authorized attacker to elevate privileges over a network.
CVE-2025-26685 1 Microsoft 1 Defender For Identity 2026-02-13 6.5 Medium
Improper authentication in Microsoft Defender for Identity allows an unauthorized attacker to perform spoofing over an adjacent network.
CVE-2025-33072 1 Microsoft 2 Msagsfeedback.azurewebsites.net, Msagsfeedback Azurewebsites Net 2026-02-13 8.1 High
Improper access control in Azure allows an unauthorized attacker to disclose information over a network.
CVE-2025-49701 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-02-13 8.8 High
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-53771 1 Microsoft 6 Sharepoint Enterprise Server, Sharepoint Enterprise Server 2016, Sharepoint Enterprise Server 2019 and 3 more 2026-02-13 6.5 Medium
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-53793 1 Microsoft 4 Azure Stack Hub, Azure Stack Hub 2406, Azure Stack Hub 2408 and 1 more 2026-02-13 7.5 High
Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network.
CVE-2025-50170 1 Microsoft 20 Server, Windows, Windows 10 1809 and 17 more 2026-02-13 7.8 High
Improper handling of insufficient permissions or privileges in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-68721 1 Axigen 2 Axigen Mail Server, Mail Server 2026-02-13 8.1 High
Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint (page=sslcerts). This allows the attacker to view, download, upload, and delete SSL certificate files, despite lacking the necessary privileges to access the Security & Filtering section.
CVE-2025-67645 2 Open-emr, Openemr 2 Openemr, Openemr 2026-02-12 8.8 High
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a broken access control in the Profile Edit endpoint. An authenticated normal user can modify the request parameters (pubpid / pid) to reference another user’s record; the server accepts the modified IDs and applies the changes to that other user’s profile. This allows one user to alter another user’s profile data (name, contact info, etc.), and could enable account takeover. Version 7.0.4 fixes the issue.