Export limit exceeded: 362971 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 362971 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 362971 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1631 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-20131 | 1 Cisco | 1 Secure Firewall Management Center | 2026-04-16 | 10 Critical |
| A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced. | ||||
| CVE-2026-20700 | 1 Apple | 7 Ios And Ipados, Ipados, Iphone Os and 4 more | 2026-04-15 | 7.8 High |
| A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report. | ||||
| CVE-2026-21510 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-04-15 | 8.8 High |
| Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2026-21514 | 1 Microsoft | 6 365 Apps, Office 2021, Office 2024 and 3 more | 2026-04-15 | 7.8 High |
| Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2026-22719 | 1 Vmware | 4 Aria Operations, Cloud Foundation, Telco Cloud Infrastructure and 1 more | 2026-04-15 | 8.1 High |
| VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress. To remediate CVE-2026-22719, apply the patches listed in the 'Fixed Version' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001 Workarounds for CVE-2026-22719 are documented in the 'Workarounds' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001 | ||||
| CVE-2020-9715 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2026-04-14 | 7.8 High |
| Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution . | ||||
| CVE-2023-36424 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2026-04-14 | 7.8 High |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | ||||
| CVE-2023-21529 | 1 Microsoft | 1 Exchange Server | 2026-04-14 | 8.8 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2026-3502 | 1 Trueconf | 1 Trueconf | 2026-04-03 | 7.8 High |
| TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user. | ||||
| CVE-2025-31277 | 2 Apple, Redhat | 16 Ios, Ipados, Iphone Os and 13 more | 2026-04-03 | 8.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption. | ||||
| CVE-2025-24201 | 3 Apple, Debian, Redhat | 13 Ipados, Iphone Os, Macos and 10 more | 2026-04-03 | 10 Critical |
| An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.2 and iPadOS 18.3.2, iPadOS 17.7.6, macOS Sequoia 15.3.2, visionOS 2.3.2, watchOS 11.4. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.). | ||||
| CVE-2024-44309 | 3 Apple, Debian, Redhat | 13 Ipad Os, Ipados, Iphone Os and 10 more | 2026-04-03 | 6.3 Medium |
| A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. | ||||
| CVE-2024-44308 | 3 Apple, Debian, Redhat | 8 Ipad Os, Ipados, Iphone Os and 5 more | 2026-04-03 | 8.8 High |
| The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. | ||||
| CVE-2024-23296 | 1 Apple | 7 Ipad Os, Ipados, Iphone Os and 4 more | 2026-04-03 | 7.8 High |
| A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.6, macOS Sonoma 14.4, macOS Ventura 13.6.7, tvOS 17.4, visionOS 1.1, watchOS 10.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited. | ||||
| CVE-2024-23225 | 1 Apple | 7 Ipad Os, Ipados, Iphone Os and 4 more | 2026-04-03 | 7.8 High |
| A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1, watchOS 10.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited. | ||||
| CVE-2024-23222 | 2 Apple, Redhat | 12 Ipados, Iphone Os, Macos and 9 more | 2026-04-03 | 8.8 High |
| A type confusion issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 15.8.7 and iPadOS 15.8.7, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, tvOS 17.3, visionOS 1.0.2. Processing maliciously crafted web content may lead to arbitrary code execution. This fix associated with the Coruna exploit was shipped in iOS 17.3 on January 22, 2024. This update brings that fix to devices that cannot update to the latest iOS version. | ||||
| CVE-2026-20963 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2026-04-02 | 9.8 Critical |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-53521 | 1 F5 | 2 Big-ip, Big-ip Access Policy Manager | 2026-03-31 | 9.8 Critical |
| When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2023-22515 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2026-03-25 | 9.8 Critical |
| Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. | ||||
| CVE-2026-3909 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-03-25 | 8.8 High |
| Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||