Export limit exceeded: 10700 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10700 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21210 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-13 | 4.2 Medium |
| Windows BitLocker Information Disclosure Vulnerability | ||||
| CVE-2025-21401 | 1 Microsoft | 1 Edge Chromium | 2026-02-13 | 4.5 Medium |
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | ||||
| CVE-2025-24061 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2026-02-13 | 7.8 High |
| Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2025-24059 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-13 | 7.8 High |
| Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-24986 | 1 Microsoft | 2 Azure Promptflow Core, Azure Promptflow Tools | 2026-02-13 | 6.5 Medium |
| Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-27732 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-13 | 7 High |
| Sensitive data storage in improperly locked memory in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-27472 | 1 Microsoft | 3 Windows 10 1507, Windows Server 2012, Windows Server 2012 R2 | 2026-02-13 | 5.4 Medium |
| Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2025-26684 | 1 Microsoft | 1 Defender For Endpoint | 2026-02-13 | 6.7 Medium |
| External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49740 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2026-02-13 | 8.8 High |
| Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2025-48800 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2026-02-13 | 6.8 Medium |
| Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||||
| CVE-2025-48003 | 1 Microsoft | 20 Bitlocker, Windows, Windows 10 and 17 more | 2026-02-13 | 6.8 Medium |
| Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||||
| CVE-2025-47984 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-13 | 7.5 High |
| Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-47159 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2026-02-13 | 7.8 High |
| Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-53733 | 1 Microsoft | 19 365, 365 Apps, Office and 16 more | 2026-02-13 | 8.4 High |
| Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-63226 | 1 Sencore | 6 Decoder-ccv2, Decoder-ccv2 Firmware, En2sdi-2hd and 3 more | 2026-02-13 | 5.7 Medium |
| The Sencore SMP100 SMP Media Platform (firmware versions V4.2.160, V60.1.4, V60.1.29) is vulnerable to session hijacking due to improper session management on the /UserManagement.html endpoint. Attackers who are on the same network as the victim and have access to the target's logged-in session can access the endpoint and add new users without any authentication. This allows attackers to gain unauthorized access to the system and perform malicious activities. | ||||
| CVE-2025-14594 | 1 Gitlab | 1 Gitlab | 2026-02-13 | 3.5 Low |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to view certain pipeline values by querying the API. | ||||
| CVE-2025-55705 | 1 Evmapa | 1 Evmapa | 2026-02-12 | 7.3 High |
| This vulnerability occurs when the system permits multiple simultaneous connections to the backend using the same charging station ID. This can result in unauthorized access, data inconsistency, or potential manipulation of charging sessions. The lack of proper session management and expiration control allows attackers to exploit this weakness by reusing valid charging station IDs to establish multiple sessions concurrently. | ||||
| CVE-2025-12131 | 1 Silabs | 2 Simplicity Sdk, Simplicity Software Development Kit | 2026-02-12 | 6.5 Medium |
| A truncated 802.15.4 packet can lead to an assert, resulting in a denial of service. | ||||
| CVE-2023-36419 | 1 Microsoft | 1 Azure Hdinsight | 2026-02-11 | 8.8 High |
| Azure HDInsight Apache Oozie Workflow Scheduler XXE Elevation of Privilege Vulnerability | ||||
| CVE-2025-67852 | 1 Moodle | 1 Moodle | 2026-02-11 | 3.5 Low |
| A flaw was found in Moodle. An open redirect vulnerability in the OAuth login flow allows a remote attacker to redirect users to attacker-controlled pages after they have successfully authenticated. This occurs due to insufficient validation of redirect parameters, which could lead to phishing attacks or information disclosure. | ||||