Export limit exceeded: 361620 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2561 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59887 | 1 Eaton | 1 Ups Companion | 2026-02-18 | 8.6 High |
| Improper authentication of library files in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security issue has been fixed in the latest version of EUC which is available on the Eaton download center. | ||||
| CVE-2025-21399 | 1 Microsoft | 3 Edge, Edge Update, Edge Update Setup | 2026-02-13 | 7.4 High |
| Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability | ||||
| CVE-2025-24039 | 1 Microsoft | 1 Visual Studio Code | 2026-02-13 | 7.3 High |
| Visual Studio Code Elevation of Privilege Vulnerability | ||||
| CVE-2025-21206 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2026-02-13 | 7.3 High |
| Visual Studio Installer Elevation of Privilege Vulnerability | ||||
| CVE-2025-26631 | 1 Microsoft | 1 Visual Studio Code | 2026-02-13 | 7.3 High |
| Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-25003 | 1 Microsoft | 2 Visual Studio 2019, Visual Studio 2022 | 2026-02-13 | 7.3 High |
| Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-24998 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2026-02-13 | 7.3 High |
| Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-29802 | 1 Microsoft | 1 Visual Studio 2022 | 2026-02-13 | 7.3 High |
| Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-29803 | 1 Microsoft | 7 .vsta Sdk, Sql Server Management Studio, Visual Studio Tools For Applications and 4 more | 2026-02-13 | 7.3 High |
| Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-29817 | 1 Microsoft | 1 Power Automate For Desktop | 2026-02-13 | 5.7 Medium |
| Uncontrolled search path element in Power Automate allows an authorized attacker to disclose information over a network. | ||||
| CVE-2025-27743 | 1 Microsoft | 20 System Center Data Protection Manager, System Center Data Protection Manager 2019, System Center Data Protection Manager 2022 and 17 more | 2026-02-13 | 7.8 High |
| Untrusted search path in System Center allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-52024 | 1 Aptsys | 2 Gemscms Backend, Pos Platform Web Services | 2026-02-11 | 9.4 Critical |
| A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services, each with an HTML form for submitting test input. These panels are intended for developer use, but are accessible in production environments with no authentication or session validation. This grants any external actor the ability to discover, test, and execute API endpoints that perform critical functions including but not limited to user transaction retrieval, credit adjustments, POS actions, and internal data queries. | ||||
| CVE-2025-15321 | 1 Tanium | 1 Tanos | 2026-02-10 | 2.7 Low |
| Tanium addressed an improper input validation vulnerability in Tanium Appliance. | ||||
| CVE-2023-22841 | 1 Intel | 2 C621a, Server Firmware Update Utility | 2026-02-10 | 6.7 Medium |
| Unquoted search path in the software installer for the System Firmware Update Utility (SysFwUpdt) for some Intel(R) Server Boards and Intel(R) Server Systems Based on Intel(R) 621A Chipset before version 16.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-36928 | 1 Brother | 1 Bragent | 2026-02-09 | 7.8 High |
| Brother BRAgent 1.38 contains an unquoted service path vulnerability in the WBA_Agent_Client service running with LocalSystem privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Brother\BRAgent\ to inject and execute malicious code with elevated system permissions. | ||||
| CVE-2020-36929 | 1 Brother | 1 Brprint Auditor | 2026-02-09 | 7.8 High |
| Brother BRPrint Auditor 3.0.7 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted file paths in BrAuSvc and BRPA_Agent services to inject malicious executables and escalate privileges on the system. | ||||
| CVE-2024-10930 | 1 Carrier | 1 Block Load | 2026-02-05 | 7.8 High |
| An Uncontrolled Search Path Element vulnerability exists which could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges. | ||||
| CVE-2025-20094 | 1 Hummingheads | 1 Defense Platform | 2026-02-04 | N/A |
| Unprotected Windows messaging channel ('Shatter') issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the specific process of the Windows system where the product is running, arbitrary code may be executed with SYSTEM privilege. | ||||
| CVE-2025-22894 | 1 Hummingheads | 1 Defense Platform | 2026-02-04 | 8.8 High |
| Unprotected Windows messaging channel ('Shatter') issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the specific process of the Windows system where the product is running, arbitrary files in the system may be altered. As a result, an arbitrary DLL may be executed with SYSTEM privilege. | ||||
| CVE-2022-50933 | 1 Malavida | 2 Cain \& Abel, Cain And Abel | 2026-02-02 | 7.8 High |
| Cain & Abel 4.9.56 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions. | ||||