Export limit exceeded: 347172 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 23797 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (23797 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-21398 | 1 Microsoft | 5 Sql Server, Sql Server 2016, Sql Server 2017 and 2 more | 2025-12-09 | 8.8 High |
| SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | ||||
| CVE-2024-21373 | 1 Microsoft | 5 Sql Server, Sql Server 2016, Sql Server 2017 and 2 more | 2025-12-09 | 8.8 High |
| SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | ||||
| CVE-2024-21335 | 1 Microsoft | 5 Sql Server, Sql Server 2016, Sql Server 2017 and 2 more | 2025-12-09 | 8.8 High |
| SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | ||||
| CVE-2024-21333 | 1 Microsoft | 5 Sql Server, Sql Server 2016, Sql Server 2017 and 2 more | 2025-12-09 | 8.8 High |
| SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | ||||
| CVE-2024-21332 | 1 Microsoft | 5 Sql Server, Sql Server 2016, Sql Server 2017 and 2 more | 2025-12-09 | 8.8 High |
| SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | ||||
| CVE-2024-38087 | 1 Microsoft | 5 Sql Server, Sql Server 2016, Sql Server 2017 and 2 more | 2025-12-09 | 8.8 High |
| SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | ||||
| CVE-2024-38088 | 1 Microsoft | 5 Sql Server, Sql Server 2016, Sql Server 2017 and 2 more | 2025-12-09 | 8.8 High |
| SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | ||||
| CVE-2024-30061 | 1 Microsoft | 1 Dynamics 365 | 2025-12-09 | 7.3 High |
| Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | ||||
| CVE-2022-24522 | 1 Microsoft | 1 Skype Extension | 2025-12-09 | 6.5 Medium |
| Skype Extension for Chrome Information Disclosure Vulnerability | ||||
| CVE-2022-24526 | 1 Microsoft | 1 Visual Studio Code | 2025-12-09 | 6.1 Medium |
| Visual Studio Code Spoofing Vulnerability | ||||
| CVE-2022-24498 | 1 Microsoft | 22 Windows 10, Windows 10 1507, Windows 10 1607 and 19 more | 2025-12-09 | 6.5 Medium |
| Windows iSCSI Target Service Information Disclosure Vulnerability | ||||
| CVE-2022-24539 | 1 Microsoft | 4 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 1 more | 2025-12-09 | 8.1 High |
| Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability | ||||
| CVE-2022-24548 | 1 Microsoft | 1 Malware Protection Engine | 2025-12-09 | 5.5 Medium |
| Microsoft Defender Denial of Service Vulnerability | ||||
| CVE-2022-26784 | 1 Microsoft | 6 Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and 3 more | 2025-12-09 | 6.5 Medium |
| Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability | ||||
| CVE-2025-13639 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-12-08 | 8.1 High |
| Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2025-13032 | 3 Avast, Avg, Microsoft | 3 Antivirus, Antivirus, Windows | 2025-12-08 | 9.9 Critical |
| Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3 on windows allows local attacker to escalate privelages via pool overflow. | ||||
| CVE-2025-33202 | 3 Linux, Microsoft, Nvidia | 4 Linux, Linux Kernel, Windows and 1 more | 2025-12-08 | 6.5 Medium |
| NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where an attacker could cause a stack overflow by sending extra-large payloads. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2025-12893 | 3 Apple, Microsoft, Mongodb | 3 Macos, Windows, Mongodb | 2025-12-05 | 4.2 Medium |
| Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage (EKU) requirements. A certificate that specifies extendedKeyUsage but is missing extendedKeyUsage = clientAuth may still be successfully authenticated via the TLS handshake as a client. This issue is specific to MongoDB servers running on Windows or Apple as the expected validation behavior functions correctly on Linux systems. Additionally, MongoDB servers may successfully establish egress TLS connections with servers that present server certificates not aligning with the documented Extended Key Usage (EKU) requirements. A certificate that specifies extendedKeyUsage but is missing extendedKeyUsage = serverAuth may still be successfully authenticated via the TLS handshake as a server. This issue is specific to MongoDB servers running on Apple as the expected validation behavior functions correctly on both Linux and Windows systems. This vulnerability affects MongoDB Server v7.0 versions prior to 7.0.26, MongoDB Server v8.0 versions prior to 8.0.16 and MongoDB Server v8.2 versions prior to 8.2.2 | ||||
| CVE-2025-9491 | 1 Microsoft | 2 Windows, Windows 11 23h2 | 2025-12-05 | 3.3 Low |
| Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of .LNK files. Crafted data in an .LNK file can cause hazardous content in the file to be invisible to a user who inspects the file via the Windows-provided user interface. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25373. | ||||
| CVE-2025-61949 | 3 Linux, Microsoft, Secuavail | 4 Linux, Linux Kernel, Windows and 1 more | 2025-12-05 | N/A |
| LogStare Collector contains a stored cross-site scripting vulnerability in UserManagement. If crafted user information is stored, an arbitrary script may be executed on the web browser of the user who logs in to the product's management page. | ||||