Total CVEs

142,250

Critical Severity

3,947

High Severity

14,209

Last 7 Days

1,910
Quick preset (or use dates below)
Clear Filters
Showing 12,081 - 12,100 of 14,674 CVEs
CVE-2026-21261 MEDIUM - 5.5

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Vendor: microsoft
Product: 365_apps
Published: Feb 10, 2026
Source: NVD
CVE-2026-21258 MEDIUM - 5.5

Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Vendor: microsoft
Product: 365_apps
Published: Feb 10, 2026
Source: NVD
CVE-2026-21222 MEDIUM - 5.5

Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

Vendor: microsoft
Product: windows_10_1607
Published: Feb 10, 2026
Source: NVD
CVE-2026-1997 MEDIUM - 5.3

Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource. CORS is disabled by default on Pro‑class devices and can only be enabled by an administrator through the Embedd...

Vendor: hp
Product: m9l65a_firmware
Published: Feb 10, 2026
Source: NVD
CVE-2026-0653 MEDIUM - 6.5

On TP-Link Tapo C260 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of protected device settings despite limited privileges. An attacker may change sensitive configuration parameters wit...

Vendor: tp-link
Product: tapo_c260_firmware
Published: Feb 10, 2026
Source: NVD
CVE-2026-25530 MEDIUM - 4.3

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane data from projects they cannot access. This vulnerability is fixed in 1.2.50.

Vendor: kanboard
Product: kanboard
Published: Feb 10, 2026
Source: NVD
CVE-2026-24885 MEDIUM - 5.7

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a Cross-Site Request Forgery (CSRF) vulnerability exists in the ProjectPermissionController within the Kanboard application. The application fails to strictly enforce the application/json Content-Type for the cha...

Vendor: kanboard
Product: kanboard
Published: Feb 10, 2026
Source: NVD
CVE-2025-36522 MEDIUM - 6.7

Incorrect default permissions for some Intel(R) Chipset Software before version 10.1.20266.8668 or later. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privil...

Product: Intel(R) Chipset Software
Published: Feb 10, 2026
Source: NVD
CVE-2025-36511 MEDIUM - 6.7

Incorrect default permissions for some Intel(R) Memory and Storage Tool before version 2.5.2 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This res...

Product: Intel(R) Memory and Storage Tool
Published: Feb 10, 2026
Source: NVD
CVE-2025-35999 MEDIUM - 6.7

Incorrect permission assignment for critical resource for some System Firmware Update Utility (SysFwUpdt) for Intel(R) Server Boards and Intel(R) Server Systems Based before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privi...

Product: System Firmware Update Utility (SysFwUpdt) for Intel(R) Server Boards and Intel(R) Server Systems Based
Published: Feb 10, 2026
Source: NVD
CVE-2025-35992 MEDIUM - 4.7

Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable denial of service. This result may potentially occur via ...

Product: Intel(R) NPU Drivers
Published: Feb 10, 2026
Source: NVD
CVE-2025-32735 MEDIUM - 5.5

Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via l...

Product: Intel(R) NPU Drivers
Published: Feb 10, 2026
Source: NVD
CVE-2025-32467 MEDIUM - 4.1

Use of uninitialized variable for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow an information disclosure. Authorized adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when ...

Product: TDX Module
Published: Feb 10, 2026
Source: NVD
CVE-2025-32453 MEDIUM - 6.7

Incorrect default permissions for some Intel(R) Graphics Driver software within Ring 2: Privileged Process may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may poten...

Product: Intel(R) Graphics Driver software
Published: Feb 10, 2026
Source: NVD
CVE-2025-32452 MEDIUM - 6.7

Uncontrolled search path for some AI Playground before version 2.6.1 beta within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may poten...

Product: AI Playground
Published: Feb 10, 2026
Source: NVD
CVE-2025-32092 MEDIUM - 6.7

Insecure inherited permissions for some Intel(R) Graphics Software before version 25.30.1702.0 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. ...

Product: Intel(R) Graphics Software
Published: Feb 10, 2026
Source: NVD
CVE-2025-32007 MEDIUM - 4.4

Out-of-bounds read for some TDX before version tdx module 1.5.24 within Ring 0: Hypervisor may allow an information disclosure. Authorized adversary with a privileged user combined with a low complexity attack may enable data exposure. This result may potentially occur via local access when attack r...

Product: TDX
Published: Feb 10, 2026
Source: NVD
CVE-2025-32003 MEDIUM - 6.5

Out-of-bounds read in the firmware for some 100GbE Intel(R) Ethernet Network Adapter E810 before version cvl fw 1.7.6, cpk 1.3.7 within Ring 0: Bare Metal OS may allow a denial of service. Network adversary with an authenticated user combined with a low complexity attack may enable denial of service...

Product: 100GbE Intel(R) Ethernet Network Adapter E810
Published: Feb 10, 2026
Source: NVD
CVE-2025-31944 MEDIUM - 5.3

Race condition for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow a denial of service. Authorized adversary with a privileged user combined with a high complexity attack may enable denial of service. This result may potentially occur via local access when attack requiremen...

Product: TDX Module
Published: Feb 10, 2026
Source: NVD
CVE-2025-31655 MEDIUM - 6.7

Incorrect default permissions for some Intel(R) Battery Life Diagnostic Tool within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may po...

Product: Intel(R) Battery Life Diagnostic Tool
Published: Feb 10, 2026
Source: NVD