ReportizFlow
Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
9185 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-21344 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2026-02-25 | 7.8 High |
| Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2018-20029 | 3 Dokan-dev, Microsoft, Nomachine | 3 Dokany, Windows, Nomachine | 2026-02-25 | 5.5 Medium |
| The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be read. | ||||
| CVE-2026-1769 | 2 Microsoft, Xerox | 2 Windows, Centreware Web | 2026-02-24 | 5.3 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xerox CentreWare on Windows allows Stored XSS.This issue affects CentreWare: through 7.0.6. Consider upgrading Xerox® CentreWare Web® to v7.2.2.25 via the software available on Xerox.com | ||||
| CVE-2026-2026 | 2 Microsoft, Tenable | 3 Windows, Agent, Nessus Agent | 2026-02-24 | 6.1 Medium |
| A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks. | ||||
| CVE-2022-22528 | 2 Microsoft, Sap | 2 Windows, Adaptive Server Enterprise | 2026-02-24 | 7.8 High |
| SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. The issue is with the ASE installer and does not impact other ASE binaries. | ||||
| CVE-2022-1316 | 2 Microsoft, Zerotier | 2 Windows, Zerotierone | 2026-02-24 | 8.8 High |
| Incorrect Permission Assignment for Critical Resource in GitHub repository zerotier/zerotierone prior to 1.8.8. Local Privilege Escalation | ||||
| CVE-2021-36958 | 1 Microsoft | 18 Windows, Windows 10 1507, Windows 10 1607 and 15 more | 2026-02-24 | 7.8 High |
| <p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> | ||||
| CVE-2026-25766 | 2 Labstack, Microsoft | 2 Echo, Windows | 2026-02-23 | 5.3 Medium |
| Echo is a Go web framework. In versions 5.0.0 through 5.0.2 on Windows, Echo’s `middleware.Static` using the default filesystem allows path traversal via backslashes, enabling unauthenticated remote file read outside the static root. In `middleware/static.go`, the requested path is unescaped and normalized with `path.Clean` (URL semantics). `path.Clean` does not treat `\` as a path separator, so `..\` sequences remain in the cleaned path. The resulting path is then passed to `currentFS.Open(...)`. When the filesystem is left at the default (nil), Echo uses `defaultFS` which calls `os.Open` (`echo.go:792`). On Windows, `os.Open` treats `\` as a path separator and resolves `..\`, allowing traversal outside the static root. Version 5.0.3 fixes the issue. | ||||
| CVE-2026-21218 | 3 Apple, Linux, Microsoft | 4 Macos, Linux Kernel, .net and 1 more | 2026-02-23 | 7.5 High |
| Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2019-2390 | 2 Microsoft, Mongodb | 2 Windows, Mongodb | 2026-02-23 | 8.2 High |
| An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility. This issue MongoDB Server v4.0 versions prior to 4.0.11; MongoDB Server v3.6 versions prior to 3.6.14 and MongoDB Server v3.4 prior to 3.4.22. | ||||
| CVE-2026-2441 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-23 | 8.8 High |
| Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-0213 | 2 M-files, Microsoft | 2 M-files, Windows | 2026-02-23 | 8.8 High |
| Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking. | ||||
| CVE-2025-59289 | 1 Microsoft | 19 Windows, Windows 10, Windows 10 21h2 and 16 more | 2026-02-22 | 7 High |
| Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59278 | 1 Microsoft | 28 Windows, Windows 10, Windows 10 1507 and 25 more | 2026-02-22 | 7.8 High |
| Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59275 | 1 Microsoft | 28 Windows, Windows 10, Windows 10 1507 and 25 more | 2026-02-22 | 7.8 High |
| Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59261 | 1 Microsoft | 16 Graphics Component, Windows, Windows 11 and 13 more | 2026-02-22 | 7 High |
| Time-of-check time-of-use (toctou) race condition in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59253 | 1 Microsoft | 28 Windows, Windows 10, Windows 10 1507 and 25 more | 2026-02-22 | 5.5 Medium |
| Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally. | ||||
| CVE-2025-59230 | 1 Microsoft | 31 Remote, Windows, Windows 10 and 28 more | 2026-02-22 | 7.8 High |
| Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59244 | 1 Microsoft | 28 Windows, Windows 10, Windows 10 1507 and 25 more | 2026-02-22 | 6.5 Medium |
| External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-59241 | 1 Microsoft | 6 Windows, Windows 11, Windows 11 24h2 and 3 more | 2026-02-22 | 7.8 High |
| Improper link resolution before file access ('link following') in Windows Health and Optimized Experiences Service allows an authorized attacker to elevate privileges locally. | ||||