Export limit exceeded: 341845 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (7161 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-15538 | 1 Assimp | 1 Assimp | 2026-02-23 | 5.3 Medium |
| A security vulnerability has been detected in Open Asset Import Library Assimp up to 6.0.2. Affected by this vulnerability is the function Assimp::LWOImporter::FindUVChannels of the file /src/assimp/code/AssetLib/LWO/LWOMaterial.cpp. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. This and similar defects are tracked and handled via issue #6128. | ||||
| CVE-2025-59224 | 1 Microsoft | 13 365, 365 Apps, Excel and 10 more | 2026-02-22 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-59210 | 1 Microsoft | 8 Windows, Windows 11, Windows 11 24h2 and 5 more | 2026-02-22 | 7.4 High |
| Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability | ||||
| CVE-2025-59189 | 1 Microsoft | 8 Windows, Windows 11, Windows 11 24h2 and 5 more | 2026-02-22 | 7.4 High |
| Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2025-53768 | 1 Microsoft | 19 Windows, Windows 10, Windows 10 1507 and 16 more | 2026-02-22 | 7.8 High |
| Use after free in Xbox allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59290 | 1 Microsoft | 19 Windows, Windows 10, Windows 10 21h2 and 16 more | 2026-02-22 | 7.8 High |
| Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59195 | 1 Microsoft | 23 Graphics Component, Windows, Windows 10 and 20 more | 2026-02-22 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to deny service locally. | ||||
| CVE-2025-55687 | 1 Microsoft | 27 Windows, Windows 10, Windows 10 1507 and 24 more | 2026-02-22 | 7.4 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Resilient File System (ReFS) allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2026-26203 | 1 Pjsip | 2 Pjmedia-video, Pjsip | 2026-02-20 | 6.5 Medium |
| PJSIP is a free and open source multimedia communication library. Versions prior to 2.17 have a critical heap buffer underflow vulnerability in PJSIP's H.264 packetizer. The bug occurs when processing malformed H.264 bitstreams without NAL unit start codes, where the packetizer performs unchecked pointer arithmetic that can read from memory located before the allocated buffer. Version 2.17 contains a patch for the issue. | ||||
| CVE-2026-25507 | 1 Espressif | 1 Esp-idf | 2026-02-20 | 6.3 Medium |
| ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a use-after-free vulnerability was reported in the BLE provisioning transport (protocomm_ble) layer. The issue can be triggered by a remote BLE client while the device is in provisioning mode. The vulnerability occurred when provisioning was stopped with keep_ble_on = true. In this configuration, internal protocomm_ble state and GATT metadata were freed while the BLE stack and GATT services remained active. Subsequent BLE read or write callbacks dereferenced freed memory, allowing a connected or newly connected client to trigger invalid memory acces. This issue has been patched in versions 5.5.3, 5.4.4, 5.3.5, 5.2.7, and 5.1.7. | ||||
| CVE-2025-47164 | 1 Microsoft | 9 365 Apps, Office, Office 2016 and 6 more | 2026-02-20 | 8.4 High |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54912 | 1 Microsoft | 28 Bitlocker, Windows, Windows 10 and 25 more | 2026-02-20 | 7.8 High |
| Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54911 | 1 Microsoft | 28 Bitlocker, Windows, Windows 10 and 25 more | 2026-02-20 | 7.3 High |
| Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54112 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2026-02-20 | 7 High |
| Use after free in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54103 | 1 Microsoft | 18 Windows, Windows 10, Windows 10 21h2 and 15 more | 2026-02-20 | 7.4 High |
| Use after free in Windows Management Services allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2025-53807 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2026-02-20 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-32710 | 1 Microsoft | 11 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 8 more | 2026-02-20 | 8.1 High |
| Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-54913 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2026-02-20 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54903 | 1 Microsoft | 15 365, 365 Apps, Excel and 12 more | 2026-02-20 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54111 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2026-02-20 | 7.8 High |
| Use after free in Windows UI XAML Phone DatePickerFlyout allows an authorized attacker to elevate privileges locally. | ||||