Export limit exceeded: 17782 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (17782 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-0648 | 1 Microsoft | 18 Windows 10, Windows 10 1607, Windows 10 1803 and 15 more | 2026-02-23 | 7.8 High |
| <p>An elevation of privilege vulnerability exists when the Windows RSoP Service Application improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.</p> <p>The security update addresses the vulnerability by correcting how the Windows RSoP Service Application handles memory.</p> | ||||
| CVE-2019-2390 | 2 Microsoft, Mongodb | 2 Windows, Mongodb | 2026-02-23 | 8.2 High |
| An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility. This issue MongoDB Server v4.0 versions prior to 4.0.11; MongoDB Server v3.6 versions prior to 3.6.14 and MongoDB Server v3.4 prior to 3.4.22. | ||||
| CVE-2023-0213 | 2 M-files, Microsoft | 2 M-files, Windows | 2026-02-23 | 8.8 High |
| Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking. | ||||
| CVE-2025-59289 | 1 Microsoft | 19 Windows, Windows 10, Windows 10 21h2 and 16 more | 2026-02-22 | 7 High |
| Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59278 | 1 Microsoft | 28 Windows, Windows 10, Windows 10 1507 and 25 more | 2026-02-22 | 7.8 High |
| Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59275 | 1 Microsoft | 28 Windows, Windows 10, Windows 10 1507 and 25 more | 2026-02-22 | 7.8 High |
| Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59261 | 1 Microsoft | 16 Graphics Component, Windows, Windows 11 and 13 more | 2026-02-22 | 7 High |
| Time-of-check time-of-use (toctou) race condition in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59260 | 1 Microsoft | 8 Server, Windows Server, Windows Server 2016 and 5 more | 2026-02-22 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Microsoft Failover Cluster Virtual Driver allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-59253 | 1 Microsoft | 28 Windows, Windows 10, Windows 10 1507 and 25 more | 2026-02-22 | 5.5 Medium |
| Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally. | ||||
| CVE-2025-59244 | 1 Microsoft | 28 Windows, Windows 10, Windows 10 1507 and 25 more | 2026-02-22 | 6.5 Medium |
| External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-59210 | 1 Microsoft | 8 Windows, Windows 11, Windows 11 24h2 and 5 more | 2026-02-22 | 7.4 High |
| Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability | ||||
| CVE-2025-59209 | 1 Microsoft | 27 Windows, Windows 10, Windows 10 1507 and 24 more | 2026-02-22 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-59208 | 1 Microsoft | 30 Windows, Windows 10, Windows 10 1507 and 27 more | 2026-02-22 | 7.1 High |
| Out-of-bounds read in Windows MapUrlToZone allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-59205 | 1 Microsoft | 31 Graphics Component, Windows, Windows 10 and 28 more | 2026-02-22 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59203 | 1 Microsoft | 25 Windows, Windows 10, Windows 10 1507 and 22 more | 2026-02-22 | 5.5 Medium |
| Insertion of sensitive information into log file in Windows StateRepository API allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-59198 | 1 Microsoft | 31 Windows, Windows 10, Windows 10 1507 and 28 more | 2026-02-22 | 5 Medium |
| Improper input validation in Microsoft Windows Search Component allows an authorized attacker to deny service locally. | ||||
| CVE-2025-59197 | 1 Microsoft | 25 Windows, Windows 10, Windows 10 1507 and 22 more | 2026-02-22 | 5.5 Medium |
| Insertion of sensitive information into log file in Windows ETL Channel allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-59194 | 1 Microsoft | 15 Windows, Windows 11, Windows 11 22h2 and 12 more | 2026-02-22 | 7 High |
| Use of uninitialized resource in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59191 | 1 Microsoft | 23 Connected Devices Platform Service, Windows, Windows 10 and 20 more | 2026-02-22 | 7.8 High |
| Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59190 | 1 Microsoft | 31 Windows, Windows 10, Windows 10 1507 and 28 more | 2026-02-22 | 5.5 Medium |
| Improper input validation in Microsoft Windows Search Component allows an unauthorized attacker to deny service locally. | ||||