Total
29817 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-26117 | 1 Microsoft | 1 Arc Enabled Servers Azure Connected Machine Agent | 2026-03-13 | N/A | 7.8 HIGH |
| Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-26113 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2026-03-13 | N/A | 8.4 HIGH |
| Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2026-26112 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2026-03-13 | N/A | 7.8 HIGH |
| Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2026-3796 | 1 Qianxin | 1 Qax Internet Control Gateway | 2026-03-10 | 4.3 MEDIUM | 5.3 MEDIUM |
| A weakness has been identified in Qi-ANXIN QAX Virus Removal up to 2025-10-22. The affected element is the function ZwTerminateProcess in the library QKSecureIO_Imp.sys of the component Mini Filter Driver. Executing a manipulation can lead to improper access controls. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-47565 | 1 Siemens | 1 Sinec Security Monitor | 2026-03-10 | N/A | 4.3 MEDIUM |
| A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate that user input complies with a list of allowed values. This could allow an authenticated remote attacker to compromise the integrity of the configuration of the affected application. | |||||
| CVE-2025-46691 | 1 Dell | 1 Premiercolor | 2026-03-09 | N/A | 7.8 HIGH |
| Dell PremierColor Panel Driver, versions prior to 1.0.0.1 A01, contains an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. | |||||
| CVE-2025-7016 | 1 Akinsoft | 1 Qr Menu | 2026-03-09 | N/A | 8.0 HIGH |
| Improper Access Control vulnerability in Akın Software Computer Import Export Industry and Trade Ltd. QR Menu allows Authentication Abuse.This issue affects QR Menu: before s1.05.12. | |||||
| CVE-1999-0073 | 2 Digital, Sgi | 3 Osf 1, Unix, Irix | 2026-03-08 | 10.0 HIGH | N/A |
| Telnet allows a remote client to specify environment variables including LD_LIBRARY_PATH, allowing an attacker to bypass the normal system libraries and gain root access. | |||||
| CVE-2026-29086 | 1 Hono | 1 Hono | 2026-03-06 | N/A | 5.4 MEDIUM |
| Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, the setCookie() utility did not validate semicolons (;), carriage returns (\r), or newline characters (\n) in the domain and path options when constructing the Set-Cookie header. Because cookie attributes are delimited by semicolons, this could allow injection of additional cookie attributes if untrusted input was passed into these fields. This issue has been patched in version 4.12.4. | |||||
| CVE-2026-1680 | 1 Danofficeit | 1 Local Admin Service | 2026-03-03 | N/A | 7.8 HIGH |
| Improper access control in the WCF endpoint in Edgemo (now owned by Danoffice IT) Local Admin Service 1.2.7.23180 on Windows allows a local user to escalate their privileges to local administrator via direct communication with the LocalAdminService.exe named pipe, bypassing client-side group membership restrictions. | |||||
| CVE-2022-50539 | 1 Linux | 1 Linux Kernel | 2026-02-26 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: omap4-common: Fix refcount leak bug In omap4_sram_init(), of_find_compatible_node() will return a node pointer with refcount incremented. We should use of_node_put() when it is not used anymore. | |||||
| CVE-2025-71150 | 1 Linux | 1 Linux Kernel | 2026-02-26 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix refcount leak when invalid session is found on session lookup When a session is found but its state is not SMB2_SESSION_VALID, It indicates that no valid session was found, but it is missing to decrement the reference count acquired by the session lookup, which results in a reference count leak. This patch fixes the issue by explicitly calling ksmbd_user_session_put to release the reference to the session. | |||||
| CVE-2025-71145 | 1 Linux | 1 Linux Kernel | 2026-02-26 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: usb: phy: isp1301: fix non-OF device reference imbalance A recent change fixing a device reference leak in a UDC driver introduced a potential use-after-free in the non-OF case as the isp1301_get_client() helper only increases the reference count for the returned I2C device in the OF case. Increment the reference count also for non-OF so that the caller can decrement it unconditionally. Note that this is inherently racy just as using the returned I2C device is since nothing is preventing the PHY driver from being unbound while in use. | |||||
| CVE-2026-22994 | 1 Linux | 1 Linux Kernel | 2026-02-26 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: bpf: Fix reference count leak in bpf_prog_test_run_xdp() syzbot is reporting unregister_netdevice: waiting for sit0 to become free. Usage count = 2 problem. A debug printk() patch found that a refcount is obtained at xdp_convert_md_to_buff() from bpf_prog_test_run_xdp(). According to commit ec94670fcb3b ("bpf: Support specifying ingress via xdp_md context in BPF_PROG_TEST_RUN"), the refcount obtained by xdp_convert_md_to_buff() will be released by xdp_convert_buff_to_md(). Therefore, we can consider that the error handling path introduced by commit 1c1949982524 ("bpf: introduce frags support to bpf_prog_test_run_xdp()") forgot to call xdp_convert_buff_to_md(). | |||||
| CVE-2025-68351 | 1 Linux | 1 Linux Kernel | 2026-02-26 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: exfat: fix refcount leak in exfat_find Fix refcount leaks in `exfat_find` related to `exfat_get_dentry_set`. Function `exfat_get_dentry_set` would increase the reference counter of `es->bh` on success. Therefore, `exfat_put_dentry_set` must be called after `exfat_get_dentry_set` to ensure refcount consistency. This patch relocate two checks to avoid possible leaks. | |||||
| CVE-2024-1709 | 1 Connectwise | 1 Screenconnect | 2026-02-26 | N/A | 10.0 CRITICAL |
| ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems. | |||||
| CVE-2023-24489 | 1 Citrix | 1 Sharefile Storage Zones Controller | 2026-02-26 | N/A | 9.8 CRITICAL |
| A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller. | |||||
| CVE-2026-24443 | 1 Netikus | 1 Eventsentry | 2026-02-26 | N/A | 8.8 HIGH |
| EventSentry versions prior to 6.0.1.20 contain an unverified password change vulnerability in the account management functionality of the Web Reports interface. The password change mechanism does not require validation of the current password before allowing a new password to be set. An attacker who gains temporary access to an authenticated user session can change the account password without knowledge of the original credentials. This enables persistent account takeover and, if administrative accounts are affected, may result in privilege escalation. | |||||
| CVE-2024-7557 | 1 Redhat | 2 Openshift Ai, Openshift Data Science | 2026-02-25 | N/A | 8.8 HIGH |
| A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credentials from one model can be used to access other models and APIs within the same namespace. The exposed ServiceAccount tokens, visible in the UI, can be utilized with oc --token={token} to exploit the elevated view privileges associated with the ServiceAccount, leading to unauthorized access to additional resources. | |||||
| CVE-2023-46813 | 1 Linux | 1 Linux Kernel | 2026-02-25 | N/A | 7.0 HIGH |
| An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it. | |||||