Total
6982 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-22414 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In FrpBypassAlertActivity of FrpBypassAlertActivity.java, there is a possible way to bypass FRP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-36326 | 1 Amd | 3 Ryzen, Ryzen 7040, Ryzen Ai 300 | 2026-02-26 | 8.4 High |
| Missing authorization in AMD RomArmor could allow an attacker to bypass ROMArmor protections during system resume from a standby state, potentially resulting in a loss of confidentiality and integrity. | ||||
| CVE-2025-42912 | 1 Sap | 1 Fiori | 2026-02-26 | 6.5 Medium |
| SAP HCM My Timesheet Fiori 2.0 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This issue has a significant impact on the application's integrity, while confidentiality and availability remain unaffected. | ||||
| CVE-2025-42913 | 1 Sap | 1 Fiori | 2026-02-26 | 3.1 Low |
| Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to escalate privileges and perform activities that are otherwise restricted, resulting in a low impact on the integrity of the application. Confidentiality and availability are not impacted. | ||||
| CVE-2025-42914 | 1 Sap | 1 Fiori | 2026-02-26 | 3.1 Low |
| Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to escalate privileges and perform activities that are otherwise restricted, resulting in a low impact on the integrity of the application. Confidentiality and availability are not impacted. | ||||
| CVE-2025-42917 | 1 Sap | 1 Fiori | 2026-02-26 | 6.5 Medium |
| SAP HCM Approve Timesheets Fiori 2.0 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This issue has a significant impact on the application's integrity, while confidentiality and availability remain unaffected. | ||||
| CVE-2025-55145 | 1 Ivanti | 5 Connect Secure, Neurons For Secure Access, Policy Secure and 2 more | 2026-02-26 | 8.9 High |
| Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker to hijack existing HTML5 connections. | ||||
| CVE-2025-55141 | 1 Ivanti | 5 Connect Secure, Neurons For Secure Access, Policy Secure and 2 more | 2026-02-26 | 8.8 High |
| Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure authentication related settings. | ||||
| CVE-2025-55142 | 1 Ivanti | 5 Connect Secure, Neurons For Secure Access, Policy Secure and 2 more | 2026-02-26 | 8.8 High |
| Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure authentication related settings. | ||||
| CVE-2025-49459 | 3 Arm, Microsoft, Zoom | 5 Arm, Windows, Workplace and 2 more | 2026-02-26 | 7.8 High |
| Missing authorization in the installer for Zoom Workplace for Windows on ARM before version 6.5.0 may allow an authenticated user to conduct an escalation of privilege via local access. | ||||
| CVE-2025-43286 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2026-02-26 | 7.8 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to break out of its sandbox. | ||||
| CVE-2025-43316 | 1 Apple | 2 Macos, Visionos | 2026-02-26 | 7.8 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in visionOS 26. A malicious app may be able to gain root privileges. | ||||
| CVE-2025-43341 | 1 Apple | 3 Macos, Macos Sonoma, Macos Tahoe | 2026-02-26 | 7.8 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8. An app may be able to gain root privileges. | ||||
| CVE-2025-43358 | 1 Apple | 7 Ios, Ipados, Iphone Os and 4 more | 2026-02-26 | 8.8 High |
| A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14.8, iOS 26 and iPadOS 26, macOS Sequoia 15.7, iOS 18.7 and iPadOS 18.7. A shortcut may be able to bypass sandbox restrictions. | ||||
| CVE-2025-43329 | 1 Apple | 6 Ios, Ipados, Iphone Os and 3 more | 2026-02-26 | 8.8 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in tvOS 26, iOS 26 and iPadOS 26, watchOS 26. An app may be able to break out of its sandbox. | ||||
| CVE-2025-4046 | 1 Lexmark | 1 Cloud Services | 2026-02-26 | 8.5 High |
| A missing authorization vulnerability in Lexmark Cloud Services badge management allows attacker to reassign badges within their organization | ||||
| CVE-2025-20362 | 1 Cisco | 3 Adaptive Security Appliance Software, Firepower Threat Defense, Firepower Threat Defense Software | 2026-02-26 | 6.5 Medium |
| Update: On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisco Secure ASA Software or Cisco Secure FTD Software releases that are affected by CVE-2025-20333 and CVE-2025-20362. This attack can cause unpatched devices to unexpectedly reload, leading to denial of service (DoS) conditions. Cisco strongly recommends that all customers upgrade to the fixed software releases that are listed in the Fixed Software ["#fs"] section of this advisory. A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to access restricted URL endpoints that are related to remote access VPN that should otherwise be inaccessible without authentication. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web server on a device. A successful exploit could allow the attacker to access a restricted URL without authentication. | ||||
| CVE-2025-10871 | 1 Gitlab | 1 Gitlab | 2026-02-26 | 3.8 Low |
| An issue has been discovered in GitLab EE affecting all versions from 16.6 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1. Project Maintainers can exploit a vulnerability where they can assign custom roles to users with permissions exceeding their own, effectively granting themselves elevated privileges. | ||||
| CVE-2025-58334 | 1 Jetbrains | 1 Ide Services | 2026-02-26 | 8.1 High |
| In JetBrains IDE Services before 2025.5.0.1086, 2025.4.2.2164 users without appropriate permissions could assign high-privileged role for themselves | ||||
| CVE-2025-36367 | 1 Ibm | 1 I | 2026-02-26 | 8.8 High |
| IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalation caused by an invalid IBM i SQL services authorization check. A malicious actor can use the elevated privileges of another user profile to gain root access to the host operating system. | ||||