Export limit exceeded: 23473 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (23473 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-20965 | 1 Microsoft | 2 Azure Portal Windows Admin Center, Windows Admin Center | 2026-04-01 | 7.5 High |
| Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-20803 | 1 Microsoft | 2 Sql Server 2022, Sql Server 2025 | 2026-04-01 | 7.2 High |
| Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-0386 | 1 Microsoft | 11 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 8 more | 2026-04-01 | 7.5 High |
| Improper access control in Windows Deployment Services allows an unauthorized attacker to execute code over an adjacent network. | ||||
| CVE-2026-21265 | 1 Microsoft | 20 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 17 more | 2026-04-01 | 6.4 Medium |
| Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificates are approaching expiration, and devices containing affected certificate versions must update them to maintain Secure Boot functionality and avoid compromising security by losing security fixes related to Windows boot manager or Secure Boot. The operating system’s certificate update protection mechanism relies on firmware components that might contain defects, which can cause certificate trust updates to fail or behave unpredictably. This leads to potential disruption of the Secure Boot trust chain and requires careful validation and deployment to restore intended security guarantees. Certificate Authority (CA) Location Purpose Expiration Date Microsoft Corporation KEK CA 2011 KEK Signs updates to the DB and DBX 06/24/2026 Microsoft Corporation UEFI CA 2011 DB Signs 3rd party boot loaders, Option ROMs, etc. 06/27/2026 Microsoft Windows Production PCA 2011 DB Signs the Windows Boot Manager 10/19/2026 For more information see this CVE and Windows Secure Boot certificate expiration and CA updates. | ||||
| CVE-2026-20962 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2026-04-01 | 4.4 Medium |
| Use of uninitialized resource in Dynamic Root of Trust for Measurement (DRTM) allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-27309 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2026-03-31 | 7.8 High |
| Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-14790 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2026-03-30 | 6.5 Medium |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due to insufficiently protected credentials. | ||||
| CVE-2026-1561 | 4 Apple, Ibm, Linux and 1 more | 7 Macos, Aix, I and 4 more | 2026-03-30 | 5.4 Medium |
| IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | ||||
| CVE-2025-14915 | 4 Apple, Ibm, Linux and 1 more | 8 Macos, Aix, I and 5 more | 2026-03-30 | 6.5 Medium |
| IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user could gain additional access to the application server. | ||||
| CVE-2025-14917 | 4 Apple, Ibm, Linux and 1 more | 8 Macos, Aix, I and 5 more | 2026-03-30 | 6.7 Medium |
| IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when administering security settings. | ||||
| CVE-2026-21513 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-03-30 | 8.8 High |
| Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2026-21525 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-03-30 | 6.2 Medium |
| Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally. | ||||
| CVE-2026-21533 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-03-30 | 7.8 High |
| Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-26137 | 1 Microsoft | 3 365 Copilot Business Chat, 365 Copilot Chat, Exchange Online | 2026-03-29 | 9.9 Critical |
| Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-23667 | 1 Microsoft | 14 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 11 more | 2026-03-29 | 7 High |
| Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-23669 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-03-29 | 8.8 High |
| Use after free in RPC Runtime allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-23671 | 1 Microsoft | 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more | 2026-03-29 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-23672 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-03-29 | 7.8 High |
| Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability | ||||
| CVE-2026-23673 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-03-29 | 7.8 High |
| Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-24282 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 12 more | 2026-03-29 | 5.5 Medium |
| Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally. | ||||