Search

Search Results (363855 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-20236 1 Cisco 1 Webex Teams 2026-02-26 8.8 High
A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user. This vulnerability is due to insufficient input validation when Cisco Webex App processes a meeting invite link. An attacker could exploit this vulnerability by persuading a user to click a crafted meeting invite link and download arbitrary files. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the targeted user.
CVE-2025-32433 3 Cisco, Debian, Erlang 37 Cloud Native Broadband Network Gateway, Confd Basic, Enterprise Nfv Infrastructure Software and 34 more 2026-02-26 10 Critical
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
CVE-2025-26477 1 Dell 2 Elastic Cloud Storage, Objectscale 2026-02-26 4.3 Medium
Dell ECS version 3.8.1.4 and prior contain an Improper Input Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.
CVE-2025-43012 1 Jetbrains 1 Toolbox 2026-02-26 8.3 High
In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible
CVE-2025-2947 1 Ibm 1 I 2026-02-26 7.2 High
IBM i 7.6  contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command.  A malicious actor can use the command to elevate privileges to gain root access to the host operating system.
CVE-2025-26646 4 Apple, Linux, Microsoft and 1 more 9 Macos, Linux Kernel, .net and 6 more 2026-02-26 8 High
External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.
CVE-2025-42599 1 Qualitia 1 Active\! Mail 2026-02-26 9.8 Critical
Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffer overflow vulnerability. Receiving a specially crafted request created and sent by a remote unauthenticated attacker may lead to arbitrary code execution and/or a denial-of-service (DoS) condition.
CVE-2024-24780 1 Apache 1 Iotdb 2026-02-26 9.8 Critical
Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes the issue.
CVE-2025-1697 1 Hp 1 Touchpoint Analytics Service 2026-02-26 7.8 High
A potential security vulnerability has been identified in the HP Touchpoint Analytics Service for certain HP PC products with versions prior to 4.2.2439. This vulnerability could potentially allow a local attacker to escalate privileges. HP is providing software updates to mitigate this potential vulnerability.
CVE-2025-30663 1 Zoom 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more 2026-02-26 8.8 High
Time-of-check time-of-use race condition in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.
CVE-2025-1731 1 Zyxel 9 Uos, Usg Flex 100h, Usg Flex 100hp and 6 more 2026-02-26 7.8 High
An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting malicious scripts or modifying system configurations with administrator-level access through a stolen token. Modifying the system configuration is only possible if the administrator has not logged out and the token remains valid.
CVE-2025-30664 1 Zoom 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more 2026-02-26 6.6 Medium
Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.
CVE-2025-1732 1 Zyxel 9 Uos, Usg Flex 100h, Usg Flex 100hp and 6 more 2026-02-26 6.7 Medium
An improper privilege management vulnerability in the recovery function of the Zyxel USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable device.
CVE-2025-1950 1 Ibm 2 Hardware Management Console, Power Hardware Management Console 2026-02-26 9.3 Critical
IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source.
CVE-2025-1951 1 Ibm 2 Hardware Management Console, Power Hardware Management Console 2026-02-26 8.4 High
IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands as a privileged user due to execution of commands with unnecessary privileges.
CVE-2025-47161 1 Microsoft 1 Defender For Endpoint 2026-02-26 7.8 High
Improper access control in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
CVE-2025-23249 4 Apple, Linux, Microsoft and 1 more 4 Macos, Linux Kernel, Windows and 1 more 2026-02-26 7.6 High
NVIDIA NeMo Framework contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering.
CVE-2025-4802 2 Gnu, Redhat 7 Glibc, Discovery, Enterprise Linux and 4 more 2026-02-26 7.8 High
Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).
CVE-2025-23250 4 Apple, Linux, Microsoft and 1 more 4 Macos, Linux Kernel, Windows and 1 more 2026-02-26 7.6 High
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause an improper limitation of a pathname to a restricted directory by an arbitrary file write. A successful exploit of this vulnerability might lead to code execution and data tampering.
CVE-2025-33103 1 Ibm 1 I 2026-02-26 8.5 High
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system.