Export limit exceeded: 343518 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (654 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-1181 | 1 Microsoft | 16 Remote Desktop, Windows 10, Windows 10 1507 and 13 more | 2026-02-20 | 9.8 Critical |
| A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests. | ||||
| CVE-2019-0736 | 1 Microsoft | 15 Windows 10, Windows 10 1507, Windows 10 1607 and 12 more | 2026-02-20 | 9.8 Critical |
| A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine. To exploit the vulnerability, an attacker could send specially crafted DHCP responses to a client. The security update addresses the vulnerability by correcting how Windows DHCP clients handle certain DHCP responses. | ||||
| CVE-2025-55232 | 1 Microsoft | 2 Hpc Pack, Microsoft Hpc Pack 2019 | 2026-02-20 | 9.8 Critical |
| Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-25592 | 1 Microsoft | 1 Semantic-kernel | 2026-02-19 | 10 Critical |
| Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.71.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. The problem has been fixed in Microsoft.SemanticKernel.Core version 1.71.0. As a mitigation, users can create a Function Invocation Filter which checks the arguments being passed to any calls to DownloadFileAsync or UploadFileAsync and ensures the provided localFilePath is allow listed. | ||||
| CVE-2025-21311 | 1 Microsoft | 5 Windows 11 24h2, Windows 11 24h2, Windows Server 2022 23h2 and 2 more | 2026-02-13 | 9.8 Critical |
| Windows NTLM V1 Elevation of Privilege Vulnerability | ||||
| CVE-2025-21307 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-13 | 9.8 Critical |
| Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability | ||||
| CVE-2025-47733 | 1 Microsoft | 2 Power Apps, Power Pages | 2026-02-13 | 9.1 Critical |
| Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network | ||||
| CVE-2025-29827 | 1 Microsoft | 1 Azure Automation | 2026-02-13 | 9.9 Critical |
| Improper authorization in Azure Automation allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-30387 | 1 Microsoft | 1 Azure Ai Document Intelligence Studio | 2026-02-13 | 9.8 Critical |
| Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-47981 | 1 Microsoft | 26 Windows, Windows 10, Windows 10 1507 and 23 more | 2026-02-13 | 9.8 Critical |
| Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-53766 | 1 Microsoft | 29 Gdi+, Gdiplus, Office and 26 more | 2026-02-13 | 9.8 Critical |
| Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-50171 | 1 Microsoft | 12 Server, Windows, Windows 10 21h2 and 9 more | 2026-02-13 | 9.1 Critical |
| Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2024-43468 | 1 Microsoft | 4 Configuration Manager, Configuration Manager 2403, Configuration Manager 2409 and 1 more | 2026-02-13 | 9.8 Critical |
| Microsoft Configuration Manager Remote Code Execution Vulnerability | ||||
| CVE-2024-38164 | 1 Microsoft | 1 Groupme | 2026-02-10 | 9.6 Critical |
| An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link. | ||||
| CVE-2024-38076 | 1 Microsoft | 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more | 2026-02-10 | 9.8 Critical |
| Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | ||||
| CVE-2024-38074 | 1 Microsoft | 9 Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 and 6 more | 2026-02-10 | 9.8 Critical |
| Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | ||||
| CVE-2024-38182 | 1 Microsoft | 1 Dynamics 365 | 2026-02-10 | 9 Critical |
| Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network. | ||||
| CVE-2024-38077 | 1 Microsoft | 10 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 7 more | 2026-02-10 | 9.8 Critical |
| Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | ||||
| CVE-2024-37385 | 2 Microsoft, Roundcube | 3 Windows, Roundcube Webmail, Webmail | 2026-02-06 | 9.8 Critical |
| Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via im_convert_path and im_identify_path. NOTE: this issue exists because of an incomplete fix for CVE-2020-12641. | ||||
| CVE-2026-0907 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-01-29 | 9.8 Critical |
| Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||