ReportizFlow
Filtered by vendor
Subscriptions
Total
2534 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59247 | 1 Microsoft | 2 Azure, Azure Playfab | 2026-02-14 | 8.8 High |
| Azure PlayFab Elevation of Privilege Vulnerability | ||||
| CVE-2026-21533 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-02-14 | 7.8 High |
| Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2024-50619 | 1 Cipplanner | 1 Cipace | 2026-02-14 | 8.8 High |
| Vulnerabilities in the My Account and User Management components in CIPPlanner CIPAce before 9.17 allows attackers to escalate their access levels. A low-privileged authenticated user can gain access to other people's accounts by tampering with the client's user id to change their account information. A low-privileged authenticated user can elevate his or her system privileges by modifying the information of a user role that is disabled in the client. | ||||
| CVE-2026-26010 | 1 Open-metadata | 1 Openmetadata | 2026-02-14 | 7.6 High |
| OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services (Glue / Redshift / Postgres). Any read-only user can gain access to a highly privileged account, typically which has the Ingestion Bot Role. This enables destructive changes in OpenMetadata instances, and potential data leakage (e.g. sample data, or service metadata which would be unavailable per roles/policies). This vulnerability is fixed in 1.11.8. | ||||
| CVE-2026-24894 | 1 Php | 1 Frankenphp | 2026-02-14 | N/A |
| FrankenPHP is a modern application server for PHP. Prior to 1.11.2, when running FrankenPHP in worker mode, the $_SESSION superglobal is not correctly reset between requests. This allows a subsequent request processed by the same worker to access the $_SESSION data of the previous request (potentially belonging to a different user) before session_start() is called. This vulnerability is fixed in 1.11.2. | ||||
| CVE-2025-59514 | 1 Microsoft | 26 Windows 10, Windows 10 1607, Windows 10 1809 and 23 more | 2026-02-13 | 7.8 High |
| Improper privilege management in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21223 | 1 Microsoft | 1 Edge Chromium | 2026-02-13 | 5.1 Medium |
| Microsoft Edge Elevation Service exposes a privileged COM interface that inadequately validates the privileges of the calling process. A standard (non‑administrator) local user can invoke the IElevatorEdge interface method LaunchUpdateCmdElevatedAndWait, causing the service to execute privileged update commands as LocalSystem. This allows a non‑administrator to enable or disable Windows Virtualization‑Based Security (VBS) by modifying protected system registry keys under HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard. Disabling VBS weakens critical platform protections such as Credential Guard, Hypervisor‑protected Code Integrity (HVCI), and the Secure Kernel, resulting in a security feature bypass. | ||||
| CVE-2025-21360 | 1 Microsoft | 1 Autoupdate | 2026-02-13 | 7.8 High |
| Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | ||||
| CVE-2025-21343 | 1 Microsoft | 6 Windows 11 22h2, Windows 11 22h2, Windows 11 23h2 and 3 more | 2026-02-13 | 7.5 High |
| Windows Web Threat Defense User Service Information Disclosure Vulnerability | ||||
| CVE-2025-21287 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-13 | 7.8 High |
| Windows Installer Elevation of Privilege Vulnerability | ||||
| CVE-2025-21199 | 1 Microsoft | 3 Azure Agent, Azure Agent For Backup, Azure Agent For Site Recovery | 2026-02-13 | 6.7 Medium |
| Improper privilege management in Azure Agent Installer allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-24070 | 2 Microsoft, Redhat | 4 Asp.net Core, Visual Studio 2022, Enterprise Linux and 1 more | 2026-02-13 | 7 High |
| Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-29800 | 1 Microsoft | 1 Autoupdate | 2026-02-13 | 7.8 High |
| Improper privilege management in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-27468 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2026-02-13 | 7 High |
| Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-29976 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2026-02-13 | 7.8 High |
| Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-47955 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-13 | 7.8 High |
| Improper privilege management in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-33067 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2026-02-13 | 8.4 High |
| Improper privilege management in Windows Kernel allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2025-49758 | 1 Microsoft | 6 Sql 2016 Azure Connect Feature Pack, Sql Server, Sql Server 2016 and 3 more | 2026-02-13 | 8.8 High |
| Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-46310 | 1 Apple | 1 Macos | 2026-02-13 | 6 Medium |
| This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. An attacker with root privileges may be able to delete protected system files. | ||||
| CVE-2025-64487 | 1 Getoutline | 1 Outline | 2026-02-12 | 7.6 High |
| Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorization checks between user and group membership management endpoints. This vulnerability is fixed in 1.1.0. | ||||