Export limit exceeded: 351640 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 18316 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18316 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-41246 | 2 Microsoft, Vmware | 2 Windows, Tools | 2026-04-15 | 7.6 High |
| VMware Tools for Windows contains an improper authorisation vulnerability due to the way it handles user access controls. A malicious actor with non-administrative privileges on a guest VM, who is already authenticated through vCenter or ESX may exploit this issue to access other guest VMs. Successful exploitation requires knowledge of credentials of the targeted VMs and vCenter or ESX. | ||||
| CVE-2025-6181 | 2 Microsoft, Strongdm | 2 Windows, Sdm-cli | 2026-04-15 | N/A |
| The StrongDM Windows service incorrectly handled input validation. Authenticated attackers could potentially exploit this leading to privilege escalation. | ||||
| CVE-2025-57699 | 2 Microsoft, Western Digital | 2 Windows, Kitfox | 2026-04-15 | N/A |
| Western Digital Kitfox for Windows provided by Western Digital Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with the SYSTEM privilege. | ||||
| CVE-2025-59844 | 2 Microsoft, Sonarsource | 2 Windows, Sonarqube Scanner | 2026-04-15 | N/A |
| SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. A command injection vulnerability exists in SonarQube GitHub Action in version 4.0.0 to before version 6.0.0 when workflows pass user-controlled input to the args parameter on Windows runners without proper validation. This vulnerability bypasses a previous security fix and allows arbitrary command execution, potentially leading to exposure of sensitive environment variables and compromise of the runner environment. The vulnerability has been fixed in version 6.0.0. Users should upgrade to this version or later. | ||||
| CVE-2025-9267 | 2 Microsoft, Seagate | 2 Windows, Toolkit | 2026-04-15 | N/A |
| In Seagate Toolkit on Windows a vulnerability exists in the Toolkit Installer prior to versions 2.35.0.6 where it attempts to load DLLs from the current working directory without validating their origin or integrity. This behavior can be exploited by placing a malicious DLL in the same directory as the installer executable, leading to arbitrary code execution with the privileges of the user running the installer. The issue stems from the use of insecure DLL loading practices, such as relying on relative paths or failing to specify fully qualified paths when invoking system libraries. | ||||
| CVE-2025-12507 | 2 Bizerba, Microsoft | 2 Communication Server, Windows | 2026-04-15 | 8.8 High |
| The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed. | ||||
| CVE-2025-53947 | 2 Cognex, Microsoft | 3 In-sight Camera Firmware, In-sight Explorer, Windows | 2026-04-15 | 7.7 High |
| A local attacker with low privileges on the Windows system where the software is installed can exploit this vulnerability to corrupt sensitive data. A data folder is created with very weak privileges, allowing any user logged into the Windows system to modify its content. | ||||
| CVE-2022-50238 | 1 Microsoft | 1 Windows | 2026-04-15 | 7.4 High |
| The on-endpoint Microsoft vulnerable driver blocklist is not fully synchronized with the online Microsoft recommended driver block rules. Some entries present on the online list have been excluded from the on-endpoint blocklist longer than the expected periodic monthly Windows updates. It is possible to fully synchronize the driver blocklist using WDAC policies. NOTE: The vendor explains that Windows Update provides a smaller, compatibility-focused driver blocklist for general users, while the full XML list is available for advanced users and organizations to customize at the risk of usability issues. | ||||
| CVE-2011-10028 | 2 Microsoft, Realnetworks | 3 Windows, Realarcade, Realarcade Installer | 2026-04-15 | N/A |
| The RealNetworks RealArcade platform includes an ActiveX control (InstallerDlg.dll, version 2.6.0.445) that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim's Windows machine without proper validation or restrictions. This platform was sometimes referred to or otherwise known as RealArcade or Arcade Games and has since consolidated with RealNetworks' platform, GameHouse. | ||||
| CVE-2025-58400 | 2 Microsoft, Ratocsystems | 2 Windows, Raid Monitoring Manager | 2026-04-15 | N/A |
| RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | ||||
| CVE-2025-64701 | 2 Microsoft, Qualitysoft | 2 Windows, Qnd | 2026-04-15 | N/A |
| QND Premium/Advance/Standard Ver.11.0.9i and prior contains a privilege escalation vulnerability, which may allow a user who can log in to a Windows system with the affected product to gain administrator privileges. As a result, sensitive information may be accessed or altered, and arbitrary actions may be performed. | ||||
| CVE-2025-30075 | 2 Microsoft, Mindmanager | 2 Windows, Mindmanager | 2026-04-15 | 2.2 Low |
| In Alludo MindManager before 25.0.208 on Windows, attackers could potentially execute code as other local users on the same machine if they could write DLL files to directories within victims' DLL search paths. | ||||
| CVE-2025-4617 | 2 Microsoft, Paloaltonetworks | 2 Windows, Prisma Browser | 2026-04-15 | N/A |
| An insufficient policy enforcement vulnerability in Palo Alto Networks Prisma® Browser on Windows allows a locally authenticated non-admin user to bypass the screenshot control feature of the browser. Browser self-protection should be enabled to mitigate this issue. | ||||
| CVE-2025-49459 | 3 Arm, Microsoft, Zoom | 5 Arm, Windows, Workplace and 2 more | 2026-04-15 | 7.8 High |
| Missing authorization in the installer for Zoom Workplace for Windows on ARM before version 6.5.0 may allow an authenticated user to conduct an escalation of privilege via local access. | ||||
| CVE-2025-11535 | 2 Microsoft, Mongodb | 3 Windows, Connector For Bi, Mongodb | 2026-04-15 | N/A |
| MongoDB Connector for BI installation via MSI on Windows leaves ACLs unset on custom install directories allows Privilege Escalation.This issue affects MongoDB Connector for BI: from 2.0.0 through 2.14.24. | ||||
| CVE-2025-10639 | 2 Efficientlab, Microsoft | 2 Workexaminer Professional, Windows | 2026-04-15 | 8.8 High |
| The WorkExaminer Professional server installation comes with an FTP server that is used to receive the client logs on TCP port 12304. An attacker with network access to this port can use weak hardcoded credentials to login to the FTP server and modify or read data, log files and gain remote code execution as NT Authority\SYSTEM on the server by exchanging accessible service binaries in the WorkExaminer installation directory (e.g. "C:\Program File (x86)\Work Examiner Professional Server"). | ||||
| CVE-2021-47828 | 2 Microsoft, Weird Solutions | 2 Windows, Bootpturbo | 2026-04-15 | 7.8 High |
| BOOTP Turbo 2.0.0.1253 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path to execute arbitrary code with elevated LocalSystem privileges during system startup or reboot. | ||||
| CVE-2025-44002 | 2 Microsoft, Teamviewer | 3 Windows, Full Client, Host | 2026-04-15 | 6.1 Medium |
| Race Condition in the Directory Validation Logic in the TeamViewer Full Client and Host prior version 15.69 on Windows allows a local non-admin user to create arbitrary files with SYSTEM privileges, potentially leading to a denial-of-service condition, via symbolic link manipulation during directory verification. | ||||
| CVE-2025-62577 | 5 Fsas Technologies, Linux, Microsoft and 2 more | 5 Eternus Sf, Linux, Windows Server and 2 more | 2026-04-15 | N/A |
| ETERNUS SF provided by Fsas Technologies Inc. contains an incorrect default permissions vulnerability. A low-privileged user with access to the management server may obtain database credentials, potentially allowing execution of OS commands with administrator privileges. | ||||
| CVE-2025-29864 | 2 Estsoft, Microsoft | 2 Alzip, Windows | 2026-04-15 | N/A |
| Protection Mechanism Failure vulnerability in ESTsoft ALZip on Windows allows SmartScreen bypass.This issue affects ALZip: from 12.01 before 12.29. | ||||