Export limit exceeded: 362578 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 12572 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12572 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-50108 1 Oracle 1 Hyperion Financial Reporting 2026-02-26 5.4 Medium
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Workspace). The supported version that is affected is 11.2.20.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hyperion Financial Reporting accessible data as well as unauthorized read access to a subset of Oracle Hyperion Financial Reporting accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).
CVE-2025-53028 1 Oracle 1 Vm Virtualbox 2026-02-26 8.2 High
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
CVE-2025-49746 1 Microsoft 1 Azure Machine Learning 2026-02-26 9.9 Critical
Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
CVE-2025-6556 1 Google 1 Chrome 2026-02-26 5.4 Medium
Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
CVE-2025-6675 2 Drupal, Miniorange 2 Drupal, Miniorange 2fa 2026-02-26 4.8 Medium
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.8.0, from 5.2.0 before 5.2.1, from 0.0.0 before 5.0.*, from 0.0.0 before 5.1.*.
CVE-2024-40653 1 Google 1 Android 2026-02-26 7.3 High
In multiple functions of ConnectionServiceWrapper.java, there is a possible way to retain a permission forever in the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2025-53792 1 Microsoft 2 Azure, Azure Portal 2026-02-26 9.1 Critical
Azure Portal Elevation of Privilege Vulnerability
CVE-2025-26420 1 Google 1 Android 2026-02-26 4.4 Medium
In multiple functions of GrantPermissionsActivity.java , there is a possible way to trick the user into granting the incorrect permission due to permission overload. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-26430 1 Google 1 Android 2026-02-26 7.8 High
In getDestinationForApp of SpaAppBridgeActivity, there is a possible cross-user file reveal due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-26438 1 Google 1 Android 2026-02-26 8.8 High
In smp_process_secure_connection_oob_data of smp_act.cc, there is a possible way to bypass SMP authentication due to Incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-53729 1 Microsoft 1 Azure File Sync 2026-02-26 7.8 High
Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally.
CVE-2025-24999 1 Microsoft 5 Sql Server, Sql Server 2016, Sql Server 2017 and 2 more 2026-02-26 8.8 High
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-55244 1 Microsoft 3 Azure, Azure Ai Bot Service, Azure Bot Service 2026-02-26 9 Critical
Azure Bot Service Elevation of Privilege Vulnerability
CVE-2025-54914 1 Microsoft 2 Azure, Azure Networking 2026-02-26 10 Critical
Azure Networking Elevation of Privilege Vulnerability
CVE-2025-55241 1 Microsoft 2 Entra Id, Microsoft Entra Id 2026-02-26 10 Critical
Azure Entra ID Elevation of Privilege Vulnerability
CVE-2025-53778 1 Microsoft 29 Windows, Windows 10, Windows 10 1507 and 26 more 2026-02-26 8.8 High
Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.
CVE-2025-49707 1 Microsoft 33 Dcadsv5 Series Azure Vm, Dcasv5 Series Azure Vm, Dcedsv5 Series Azure Vm and 30 more 2026-02-26 7.9 High
Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.
CVE-2025-49692 1 Microsoft 2 Azure, Azure Connected Machine Agent 2026-02-26 7.8 High
Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2025-54098 1 Microsoft 27 Windows, Windows 10, Windows 10 1507 and 24 more 2026-02-26 7.8 High
Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2025-55234 1 Microsoft 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more 2026-02-26 8.8 High
SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already supports mechanisms for hardening against relay attacks: SMB Server signing SMB Server Extended Protection for Authentication (EPA) Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess their environment and to identify any potential device or software incompatibility issues before deploying SMB Server hardening measures that protect against relay attacks. If you have not already enabled SMB Server hardening measures, we advise customers to take the following actions to be protected from these relay attacks: Assess your environment by utilizing the audit capabilities that we are exposing in the September 2025 security updates. See Support for Audit Events to deploy SMB Server Hardening—SMB Server Signing & SMB Server EPA. Adopt appropriate SMB Server hardening measures.