Export limit exceeded: 76324 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76324 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-0407 | 1 Netgear | 8 Ex2800, Ex2800 Firmware, Ex3110 and 5 more | 2026-02-26 | 8.0 High |
| An insufficient authentication vulnerability in NETGEAR WiFi range extenders allows a network adjacent attacker with WiFi authentication or a physical Ethernet port connection to bypass the authentication process and access the admin panel. | ||||
| CVE-2026-0408 | 1 Netgear | 8 Ex2800, Ex2800 Firmware, Ex3110 and 5 more | 2026-02-26 | 8.0 High |
| A path traversal vulnerability in NETGEAR WiFi range extenders allows an attacker with LAN authentication to access the router's IP and review the contents of the dynamically generated webproc file, which records the username and password submitted to the router GUI. | ||||
| CVE-2026-0404 | 1 Netgear | 24 Rbr750, Rbr750 Firmware, Rbr840 and 21 more | 2026-02-26 | 8.0 High |
| An insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 functionality allows network adjacent attackers authenticated over WiFi or on LAN to execute OS command injections on the router. DHCPv6 is not enabled by default. | ||||
| CVE-2025-25249 | 1 Fortinet | 3 Fortios, Fortisase, Fortiswitchmanager | 2026-02-26 | 7.4 High |
| A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows attacker to execute unauthorized code or commands via specially crafted packets | ||||
| CVE-2025-62348 | 1 Salt Project | 1 Salt | 2026-02-26 | 7.8 High |
| Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process. | ||||
| CVE-2025-46685 | 1 Dell | 1 Supportassist Os Recovery | 2026-02-26 | 7.5 High |
| Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | ||||
| CVE-2026-0386 | 1 Microsoft | 11 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 8 more | 2026-02-26 | 7.5 High |
| Improper access control in Windows Deployment Services allows an unauthorized attacker to execute code over an adjacent network. | ||||
| CVE-2025-36384 | 1 Ibm | 1 Db2 | 2026-02-26 | 8.4 High |
| IBM Db2 for Windows 12.1.0 - 12.1.3 could allow a local user with filesystem access to escalate their privileges due to the use of an unquoted search path element. | ||||
| CVE-2026-20803 | 1 Microsoft | 2 Sql Server 2022, Sql Server 2025 | 2026-02-26 | 7.2 High |
| Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-20965 | 1 Microsoft | 2 Azure Portal Windows Admin Center, Windows Admin Center | 2026-02-26 | 7.5 High |
| Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-36184 | 1 Ibm | 1 Db2 | 2026-02-26 | 7.2 High |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 could allow an instance owner to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level. | ||||
| CVE-2026-20804 | 1 Microsoft | 18 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 15 more | 2026-02-26 | 7.7 High |
| Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally. | ||||
| CVE-2026-20808 | 1 Microsoft | 7 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 4 more | 2026-02-26 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Printer Association Object allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-20809 | 1 Microsoft | 20 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 17 more | 2026-02-26 | 7.8 High |
| Time-of-check time-of-use (toctou) race condition in Windows Kernel Memory allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-20810 | 1 Microsoft | 6 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 3 more | 2026-02-26 | 7.8 High |
| Free of memory not on the heap in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-20408 | 2 Mediatek, Openwrt | 8 Mt6890, Mt7615, Mt7915 and 5 more | 2026-02-26 | 8.8 High |
| In wlan, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00461651; Issue ID: MSV-4758. | ||||
| CVE-2026-20811 | 1 Microsoft | 10 Windows 11 23h2, Windows 11 23h2, Windows 11 24h2 and 7 more | 2026-02-26 | 7.8 High |
| Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-20409 | 3 Google, Mediatek, Mediatk | 4 Android, Mt6897, Mt6989 and 1 more | 2026-02-26 | 7.8 High |
| In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10363246; Issue ID: MSV-5779. | ||||
| CVE-2026-20814 | 1 Microsoft | 18 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 15 more | 2026-02-26 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-20815 | 1 Microsoft | 5 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 2 more | 2026-02-26 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally. | ||||