Total
4579 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-2668 | 1 Rongzhitong | 1 Visual Integrated Command And Dispatch Platform | 2026-02-26 | 7.3 High |
| A vulnerability was found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This affects an unknown function of the file /dm/dispatch/user/add of the component User Handler. The manipulation results in improper access controls. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-2669 | 1 Rongzhitong | 1 Visual Integrated Command And Dispatch Platform | 2026-02-26 | 6.5 Medium |
| A vulnerability was determined in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This impacts an unknown function of the file /dm/dispatch/user/delete of the component User Handler. This manipulation of the argument ID causes improper access controls. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-63409 | 2 Gcom, Gcomtw | 3 Epon 1ge C00r371v00b01, Gcom Epon 1ge, Gcom Epon 1ge Firmware | 2026-02-26 | 8.8 High |
| Privilege escalation and improper access control in GCOM EPON 1GE C00R371V00B01 allows remote authenticated users to modify administrator only settings and extract administrator credentials. | ||||
| CVE-2021-22126 | 1 Fortinet | 1 Fortiwlc | 2026-02-26 | 6.5 Medium |
| A use of hard-coded password vulnerability in FortiWLC version 8.5.2 and below, version 8.4.8 and below, version 8.3.3 to 8.3.2, version 8.2.7 to 8.2.6 may allow a local, authenticated attacker to connect to the managed Access Point (Meru AP and FortiAP-U) as root using the default hard-coded username and password. | ||||
| CVE-2023-47539 | 1 Fortinet | 1 Fortimail | 2026-02-26 | 9 Critical |
| An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request. | ||||
| CVE-2025-21293 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2026-02-26 | 8.8 High |
| Active Directory Domain Services Elevation of Privilege Vulnerability | ||||
| CVE-2025-20229 | 1 Splunk | 3 Splunk, Splunk Cloud Platform, Splunk Enterprise | 2026-02-26 | 8 High |
| In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) through a file upload to the "$SPLUNK_HOME/var/run/splunk/apptemp" directory due to missing authorization checks. | ||||
| CVE-2025-24411 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2026-02-26 | 8.1 High |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access affecting Confidentiality and Integrity. Exploitation of this issue does not require user interaction. | ||||
| CVE-2025-23083 | 1 Redhat | 2 Enterprise Linux, Rhel Eus | 2026-02-26 | N/A |
| With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. This vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23. | ||||
| CVE-2025-21359 | 1 Microsoft | 17 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 14 more | 2026-02-26 | 7.8 High |
| Windows Kernel Security Feature Bypass Vulnerability | ||||
| CVE-2025-24042 | 1 Microsoft | 2 Visual Studio Code, Vscode-js-debug | 2026-02-26 | 7.3 High |
| Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability | ||||
| CVE-2024-37355 | 2026-02-26 | 8.8 High | ||
| Improper access control in some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2026-26328 | 1 Openclaw | 2 Clawdbot, Openclaw | 2026-02-26 | 6.5 Medium |
| OpenClaw is a personal AI assistant. Prior to version 2026.2.14, under iMessage `groupPolicy=allowlist`, group authorization could be satisfied by sender identities coming from the DM pairing store, broadening DM trust into group contexts. Version 2026.2.14 fixes the issue. | ||||
| CVE-2024-49842 | 1 Qualcomm | 358 Aqt1000, Aqt1000 Firmware, Ar8035 and 355 more | 2026-02-26 | 7.8 High |
| Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions. | ||||
| CVE-2025-21469 | 1 Qualcomm | 40 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 37 more | 2026-02-26 | 7.8 High |
| Memory corruption while processing image encoding, when input buffer length is 0 in IOCTL call. | ||||
| CVE-2025-21470 | 1 Qualcomm | 66 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 63 more | 2026-02-26 | 7.8 High |
| Memory corruption while processing image encoding, when configuration is NULL in IOCTL parameter. | ||||
| CVE-2025-21425 | 1 Qualcomm | 67 Qam8255p, Qam8255p Firmware, Qam8295p and 64 more | 2026-02-26 | 7.3 High |
| Memory corruption may occur due top improper access control in HAB process. | ||||
| CVE-2025-31258 | 1 Apple | 1 Macos | 2026-02-26 | 6.5 Medium |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox. | ||||
| CVE-2025-29973 | 1 Microsoft | 1 Azure File Sync | 2026-02-26 | 7 High |
| Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-30288 | 1 Adobe | 1 Coldfusion | 2026-02-26 | 8.2 High |
| ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low privileged attacker with local access could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application and scope is changed. | ||||