Export limit exceeded: 339825 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 17717 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (17717 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-29373 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-04-08 | 8.8 High |
| Microsoft ODBC Driver Remote Code Execution Vulnerability | ||||
| CVE-2023-32008 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-04-08 | 7.8 High |
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | ||||
| CVE-2023-32011 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2025-04-08 | 7.5 High |
| Windows iSCSI Discovery Service Denial of Service Vulnerability | ||||
| CVE-2023-32014 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2025-04-08 | 9.8 Critical |
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | ||||
| CVE-2023-24937 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 8 more | 2025-04-08 | 6.5 Medium |
| Windows CryptoAPI Denial of Service Vulnerability | ||||
| CVE-2023-24938 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 8 more | 2025-04-08 | 6.5 Medium |
| Windows CryptoAPI Denial of Service Vulnerability | ||||
| CVE-2023-29346 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2025-04-08 | 7.8 High |
| NTFS Elevation of Privilege Vulnerability | ||||
| CVE-2023-29351 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2025-04-08 | 8.1 High |
| Windows Group Policy Elevation of Privilege Vulnerability | ||||
| CVE-2023-29358 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2025-04-08 | 7.8 High |
| Windows GDI Elevation of Privilege Vulnerability | ||||
| CVE-2023-29359 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2025-04-08 | 7.8 High |
| GDI Elevation of Privilege Vulnerability | ||||
| CVE-2023-29361 | 1 Microsoft | 9 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-04-08 | 7 High |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | ||||
| CVE-2023-29363 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2025-04-08 | 9.8 Critical |
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | ||||
| CVE-2023-22947 | 2 Microsoft, Shibboleth | 2 Windows, Service Provider | 2025-04-07 | 7.3 High |
| Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\opt (rather than C:\Program Files) by default. NOTE: the vendor disputes the significance of this report, stating that "We consider the ACLs a best effort thing" and "it was a documentation mistake." | ||||
| CVE-2018-0878 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-04 | 3.1 Low |
| Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how XML External Entities (XXE) are processed, aka "Windows Remote Assistance Information Disclosure Vulnerability". | ||||
| CVE-2022-48191 | 2 Microsoft, Trendmicro | 2 Windows, Maximum Security 2022 | 2025-04-03 | 7 High |
| A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowing a escalation of privileges on an affected system. | ||||
| CVE-2023-22863 | 3 Ibm, Microsoft, Redhat | 5 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 2 more | 2025-04-03 | 5.9 Medium |
| IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 244109. | ||||
| CVE-2023-22594 | 3 Ibm, Microsoft, Redhat | 5 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 2 more | 2025-04-03 | 4.6 Medium |
| IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244075. | ||||
| CVE-2021-26642 | 2 Microsoft, Xpressengine | 2 Windows, Xpressengine | 2025-04-03 | 8.8 High |
| When uploading an image file to a bulletin board developed with XpressEngine, a vulnerability in which an arbitrary file can be uploaded due to insufficient verification of the file. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running. | ||||
| CVE-2021-26644 | 2 Mangboard, Microsoft | 2 Mangboard Wp, Windows | 2025-04-03 | 8.8 High |
| SQL-Injection vulnerability caused by the lack of verification of input values for the table name of DB used by the Mangboard bulletin board. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running. | ||||
| CVE-2024-12672 | 2 Microsoft, Rockwellautomation | 2 Windows, Arena | 2025-04-03 | 7.3 High |
| A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | ||||