Total
7056 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21297 | 1 Microsoft | 10 Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 and 7 more | 2026-02-26 | 8.1 High |
| Windows Remote Desktop Services Remote Code Execution Vulnerability | ||||
| CVE-2025-21298 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-26 | 9.8 Critical |
| Windows OLE Remote Code Execution Vulnerability | ||||
| CVE-2025-21304 | 1 Microsoft | 8 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 5 more | 2026-02-26 | 7.8 High |
| Microsoft DWM Core Library Elevation of Privilege Vulnerability | ||||
| CVE-2025-21315 | 1 Microsoft | 5 Windows 11 24h2, Windows 11 24h2, Windows Server 2022 23h2 and 2 more | 2026-02-26 | 7.8 High |
| Microsoft Brokering File System Elevation of Privilege Vulnerability | ||||
| CVE-2025-21345 | 1 Microsoft | 6 365 Apps, Office, Office 2019 and 3 more | 2026-02-26 | 7.8 High |
| Microsoft Office Visio Remote Code Execution Vulnerability | ||||
| CVE-2025-21362 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-02-26 | 8.4 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2025-21366 | 1 Microsoft | 8 365 Apps, Access, Access 2016 and 5 more | 2026-02-26 | 7.8 High |
| Microsoft Access Remote Code Execution Vulnerability | ||||
| CVE-2025-21335 | 1 Microsoft | 13 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 10 more | 2026-02-26 | 7.8 High |
| Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | ||||
| CVE-2025-21159 | 1 Adobe | 1 Illustrator | 2026-02-26 | 7.8 High |
| Illustrator versions 29.1, 28.7.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-21224 | 1 Microsoft | 14 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 11 more | 2026-02-26 | 8.1 High |
| Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability | ||||
| CVE-2025-21372 | 1 Microsoft | 5 Windows 11 24h2, Windows 11 24h2, Windows Server 2022 23h2 and 2 more | 2026-02-26 | 7.8 High |
| Microsoft Brokering File System Elevation of Privilege Vulnerability | ||||
| CVE-2025-21334 | 1 Microsoft | 13 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 10 more | 2026-02-26 | 7.8 High |
| Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | ||||
| CVE-2025-21406 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-26 | 8.8 High |
| Windows Telephony Service Remote Code Execution Vulnerability | ||||
| CVE-2025-21367 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2026-02-26 | 7.8 High |
| Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | ||||
| CVE-2025-21386 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-02-26 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2025-21387 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-02-26 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2025-21392 | 1 Microsoft | 9 365 Apps, Office, Office 2016 and 6 more | 2026-02-26 | 7.8 High |
| Microsoft Office Remote Code Execution Vulnerability | ||||
| CVE-2025-21394 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-02-26 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2025-21397 | 1 Microsoft | 4 365 Apps, Office 2021, Office 2024 and 1 more | 2026-02-26 | 7.8 High |
| Microsoft Office Remote Code Execution Vulnerability | ||||
| CVE-2026-22980 | 1 Linux | 1 Linux Kernel | 2026-02-26 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: nfsd: provide locking for v4_end_grace Writing to v4_end_grace can race with server shutdown and result in memory being accessed after it was freed - reclaim_str_hashtbl in particularly. We cannot hold nfsd_mutex across the nfsd4_end_grace() call as that is held while client_tracking_op->init() is called and that can wait for an upcall to nfsdcltrack which can write to v4_end_grace, resulting in a deadlock. nfsd4_end_grace() is also called by the landromat work queue and this doesn't require locking as server shutdown will stop the work and wait for it before freeing anything that nfsd4_end_grace() might access. However, we must be sure that writing to v4_end_grace doesn't restart the work item after shutdown has already waited for it. For this we add a new flag protected with nn->client_lock. It is set only while it is safe to make client tracking calls, and v4_end_grace only schedules work while the flag is set with the spinlock held. So this patch adds a nfsd_net field "client_tracking_active" which is set as described. Another field "grace_end_forced", is set when v4_end_grace is written. After this is set, and providing client_tracking_active is set, the laundromat is scheduled. This "grace_end_forced" field bypasses other checks for whether the grace period has finished. This resolves a race which can result in use-after-free. | ||||