Export limit exceeded: 11091 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11091 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-26328 | 1 Openclaw | 2 Clawdbot, Openclaw | 2026-02-26 | 6.5 Medium |
| OpenClaw is a personal AI assistant. Prior to version 2026.2.14, under iMessage `groupPolicy=allowlist`, group authorization could be satisfied by sender identities coming from the DM pairing store, broadening DM trust into group contexts. Version 2026.2.14 fixes the issue. | ||||
| CVE-2025-30389 | 1 Microsoft | 1 Azure Ai Bot Service | 2026-02-26 | 8.7 High |
| Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-0159 | 1 Ibm | 1 Storage Virtualize | 2026-02-26 | 9.1 Critical |
| IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request. | ||||
| CVE-2025-30390 | 1 Microsoft | 1 Azure Machine Learning | 2026-02-26 | 9.9 Critical |
| Improper authorization in Azure allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-30392 | 1 Microsoft | 1 Azure Ai Bot Service | 2026-02-26 | 9.8 Critical |
| Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2024-49842 | 1 Qualcomm | 358 Aqt1000, Aqt1000 Firmware, Ar8035 and 355 more | 2026-02-26 | 7.8 High |
| Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions. | ||||
| CVE-2025-21469 | 1 Qualcomm | 40 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 37 more | 2026-02-26 | 7.8 High |
| Memory corruption while processing image encoding, when input buffer length is 0 in IOCTL call. | ||||
| CVE-2025-21470 | 1 Qualcomm | 66 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 63 more | 2026-02-26 | 7.8 High |
| Memory corruption while processing image encoding, when configuration is NULL in IOCTL parameter. | ||||
| CVE-2025-22477 | 1 Dell | 1 Storage Manager | 2026-02-26 | 8.3 High |
| Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of privileges. | ||||
| CVE-2025-21425 | 1 Qualcomm | 67 Qam8255p, Qam8255p Firmware, Qam8295p and 64 more | 2026-02-26 | 7.3 High |
| Memory corruption may occur due top improper access control in HAB process. | ||||
| CVE-2025-29813 | 1 Microsoft | 2 Azure Devops, Azure Devops Server | 2026-02-26 | 10 Critical |
| Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-4427 | 1 Ivanti | 1 Endpoint Manager Mobile | 2026-02-26 | 5.3 Medium |
| An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API. | ||||
| CVE-2025-29973 | 1 Microsoft | 1 Azure File Sync | 2026-02-26 | 7 High |
| Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-29826 | 1 Microsoft | 1 Dataverse | 2026-02-26 | 7.3 High |
| Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-30288 | 1 Adobe | 1 Coldfusion | 2026-02-26 | 8.2 High |
| ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low privileged attacker with local access could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application and scope is changed. | ||||
| CVE-2025-23389 | 1 Suse | 1 Rancher | 2026-02-26 | 8.4 High |
| A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login. This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3. | ||||
| CVE-2025-32726 | 1 Microsoft | 1 Visual Studio Code | 2026-02-26 | 6.8 Medium |
| Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-29984 | 1 Dell | 1 Trusted Device Agent | 2026-02-26 | 6.7 Medium |
| Dell Trusted Device, versions prior to 7.0.3.0, contain an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | ||||
| CVE-2025-21573 | 1 Oracle | 1 Financial Services Revenue Management And Billing | 2026-02-26 | 6 Medium |
| Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Chatbot). Supported versions that are affected are 5.1.0.0.0, 6.1.0.0.0 and 7.0.0.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Revenue Management and Billing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Revenue Management and Billing. CVSS 3.1 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L). | ||||
| CVE-2025-21587 | 2 Oracle, Redhat | 13 Graalvm, Graalvm For Jdk, Java Se and 10 more | 2026-02-26 | 7.4 High |
| Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE:8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK:17.0.14, 21.0.6, 24; Oracle GraalVM Enterprise Edition:20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). | ||||