Total
4595 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-64897 | 1 Adobe | 1 Coldfusion | 2026-02-26 | 5.6 Medium |
| ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability. A low privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized write access potentially resulting in denial of service. Exploitation of this issue requires user interaction. | ||||
| CVE-2025-64669 | 1 Microsoft | 1 Windows Admin Center | 2026-02-26 | 7.8 High |
| Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-64660 | 1 Microsoft | 1 Visual Studio Code | 2026-02-26 | 8 High |
| Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-3187 | 2 Feiyuchuixue, Szadmin | 2 Sz-boot-parent, Sz-boot-parent | 2026-02-26 | 6.3 Medium |
| A vulnerability was identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this issue is some unknown functionality of the file /api/admin/sys-file/upload of the component API Endpoint. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly available and might be used. Upgrading to version 1.3.3-beta can resolve this issue. The name of the patch is aefaabfd7527188bfba3c8c9eee17c316d094802. Upgrading the affected component is recommended. The project was informed beforehand and acted very professional: "We have introduced a whitelist restriction on the /api/admin/sys-file/upload endpoint via the oss.allowedExts and oss.allowedMimeTypes configuration options, allowing the specification of permitted file extensions and MIME types for uploads." | ||||
| CVE-2026-0386 | 1 Microsoft | 11 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 8 more | 2026-02-26 | 7.5 High |
| Improper access control in Windows Deployment Services allows an unauthorized attacker to execute code over an adjacent network. | ||||
| CVE-2026-20843 | 1 Microsoft | 23 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 20 more | 2026-02-26 | 7.8 High |
| Improper access control in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-20929 | 1 Microsoft | 18 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 15 more | 2026-02-26 | 7.5 High |
| Improper access control in Windows HTTP.sys allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-20949 | 1 Microsoft | 6 365 Apps, Office 2021, Office 2024 and 3 more | 2026-02-26 | 7.8 High |
| Improper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2025-61973 | 1 Epic Games | 1 Epic Games Store | 2026-02-26 | 8.8 High |
| A local privilege escalation vulnerability exists during the installation of Epic Games Store via the Microsoft Store. A low-privilege user can replace a DLL file during the installation process, which may result in unintended elevation of privileges. | ||||
| CVE-2023-24489 | 1 Citrix | 1 Sharefile Storage Zones Controller | 2026-02-26 | 9.8 Critical |
| A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller. | ||||
| CVE-2026-21960 | 1 Oracle | 1 Applications Dba | 2026-02-26 | 6.5 Medium |
| Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: Java utils). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications DBA. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications DBA accessible data as well as unauthorized access to critical data or complete access to all Oracle Applications DBA accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N). | ||||
| CVE-2026-21982 | 1 Oracle | 1 Vm Virtualbox | 2026-02-26 | 7.5 High |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). | ||||
| CVE-2026-21984 | 1 Oracle | 1 Vm Virtualbox | 2026-02-26 | 7.5 High |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). | ||||
| CVE-2026-24304 | 1 Microsoft | 1 Azure Resource Manager | 2026-02-26 | 9.9 Critical |
| Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-23856 | 1 Dell | 1 Idrac Service Module | 2026-02-26 | 7.8 High |
| Dell iDRAC Service Module (iSM) for Windows, versions prior to 6.0.3.1, and Dell iDRAC Service Module (iSM) for Linux, versions prior to 5.4.1.1, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | ||||
| CVE-2023-23752 | 1 Joomla | 1 Joomla\! | 2026-02-26 | 5.3 Medium |
| An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. | ||||
| CVE-2026-2861 | 1 Foswiki | 1 Foswiki | 2026-02-26 | 5.3 Medium |
| A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is possible to launch the attack remotely. The exploit is now public and may be used. Upgrading to version 2.1.11 is sufficient to fix this issue. The patch is identified as 31aeecb58b64/d8ed86b10e46. Upgrading the affected component is recommended. | ||||
| CVE-2026-2849 | 1 Yeqifu | 1 Warehouse | 2026-02-26 | 5.4 Medium |
| A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function deleteCache/removeAllCache/syncCache of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\CacheController.java of the component Cache Sync Handler. Such manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-2850 | 1 Yeqifu | 1 Warehouse | 2026-02-26 | 6.3 Medium |
| A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addCustomer/updateCustomer/deleteCustomer of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\CustomerController.java of the component Customer Endpoint. Performing a manipulation results in improper access controls. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-2851 | 1 Yeqifu | 1 Warehouse | 2026-02-26 | 6.3 Medium |
| A vulnerability was determined in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addInport/updateInport/deleteInport of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\InportController.java of the component Inport Endpoint. Executing a manipulation can lead to improper access controls. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet. | ||||