Search Results (367102 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-53704 1 Sonicwall 24 Nsa 2700, Nsa 3700, Nsa 4700 and 21 more 2026-02-26 8.2 High
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.
CVE-2024-26006 1 Fortinet 2 Fortios, Fortiproxy 2026-02-26 6.9 Medium
An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS version 7.4.3 and below, version 7.2.7 and below, version 7.0.13 and below and FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below web SSL VPN UI may allow a remote unauthenticated attacker to perform a Cross-Site Scripting attack via a malicious samba server.
CVE-2025-2000 1 Ibm 1 Qiskit 2026-02-26 9.8 Critical
A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. A python process calling Qiskit 0.18.0 through 1.4.1's `qiskit.qpy.load()` function could potentially execute any arbitrary Python code embedded in the correct place in the binary file as part of specially constructed payload.
CVE-2024-45643 2 Ibm, Linux 2 Security Qradar Edr, Linux Kernel 2026-02-26 5.9 Medium
IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information.
CVE-2024-10630 1 Ivanti 2 Application Control, Security Controls 2026-02-26 7.8 High
A race condition in Ivanti Application Control Engine before version 10.14.4.0 allows a local authenticated attacker to bypass the application blocking functionality.
CVE-2024-46662 1 Fortinet 2 Fortimanager, Fortimanager Cloud 2026-02-26 8.3 High
A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiManager versions 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to escalation of privilege via specifically crafted packets
CVE-2024-10811 1 Ivanti 1 Endpoint Manager 2026-02-26 9.8 Critical
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
CVE-2024-13158 1 Ivanti 1 Endpoint Manager 2026-02-26 7.2 High
An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2025-30066 1 Tj-actions 1 Changed-files 2026-02-26 8.6 High
tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code.)
CVE-2024-13172 1 Ivanti 1 Endpoint Manager 2026-02-26 7.8 High
Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.
CVE-2024-54027 1 Fortinet 1 Fortisandbox 2026-02-26 7.8 High
A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged attacker with super-admin profile and CLI access to read sensitive data via CLI.
CVE-2024-13171 1 Ivanti 1 Endpoint Manager 2026-02-26 7.8 High
Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.
CVE-2021-22126 1 Fortinet 1 Fortiwlc 2026-02-26 6.5 Medium
A use of hard-coded password vulnerability in FortiWLC version 8.5.2 and below, version 8.4.8 and below, version 8.3.3 to 8.3.2, version 8.2.7 to 8.2.6 may allow a local, authenticated attacker to connect to the managed Access Point (Meru AP and FortiAP-U) as root using the default hard-coded username and password.
CVE-2024-13169 1 Ivanti 1 Endpoint Manager 2026-02-26 7.8 High
An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.
CVE-2024-48013 1 Dell 1 Smartfabric Os10 2026-02-26 8.8 High
Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
CVE-2024-13164 1 Ivanti 1 Endpoint Manager 2026-02-26 7.8 High
An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.
CVE-2024-48830 1 Dell 1 Smartfabric Os10 2026-02-26 7.8 High
Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.
CVE-2024-13163 1 Ivanti 1 Endpoint Manager 2026-02-26 7.8 High
Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.
CVE-2024-13162 1 Ivanti 1 Endpoint Manager 2026-02-26 7.2 High
SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from CVE-2024-32848.
CVE-2024-48015 1 Dell 1 Smartfabric Os10 2026-02-26 6.7 Medium
Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.