Search

Search Results (363851 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-27446 1 Apache 1 Apisix 2026-02-26 7.8 High
Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIX(java-plugin-runner). Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges. This issue affects Apache APISIX(java-plugin-runner): from 0.2.0 through 0.5.0. Users are recommended to upgrade to version 0.6.0 or higher, which fixes the issue.
CVE-2025-36014 1 Ibm 2 Integration Bus, Z\/os 2026-02-26 8.2 High
IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable to code injection by a privileged user with access to the IIB install directory.
CVE-2025-27700 1 Google 1 Android 2026-02-26 8.4 High
There is a possible bypass of carrier restrictions due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-1351 1 Ibm 1 Storage Virtualize 2026-02-26 6.7 Medium
IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function.
CVE-2025-5063 1 Google 1 Chrome 2026-02-26 8.8 High
Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-20319 1 Splunk 2 Splunk, Splunk Enterprise 2026-02-26 6.8 Medium
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a user who holds a role that contains the high-privilege capability `edit_scripted` and `list_inputs` capability , could perform a remote command execution due to improper user input sanitization on the scripted input files.<br><br>See [Define roles on the Splunk platform with capabilities](https://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities) and [Setting up a scripted input ](https://docs.splunk.com/Documentation/Splunk/9.4.2/AdvancedDev/ScriptSetup)for more information.
CVE-2025-5280 1 Google 1 Chrome 2026-02-26 8.8 High
Out of bounds write in V8 in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-48927 1 Smarsh 1 Telemessage 2026-02-26 5.3 Medium
The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025.
CVE-2025-48928 1 Smarsh 1 Telemessage 2026-02-26 4 Medium
The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025.
CVE-2025-25251 1 Fortinet 1 Forticlient 2026-02-26 7.4 High
An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages.
CVE-2025-22252 1 Fortinet 3 Fortios, Fortiproxy, Fortiswitchmanager 2026-02-26 9 Critical
A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may allow an attacker with knowledge of an existing admin account to access the device as a valid admin via an authentication bypass.
CVE-2025-48734 2 Apache, Redhat 8 Commons Beanutils, Amq Streams, Apache Camel Spring Boot and 5 more 2026-02-26 8.8 High
Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default. Releases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum’s class loader via the “declaredClass” property available on all Java “enum” objects. Accessing the enum’s “declaredClass” allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty(). Starting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the “declaredClass” property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user's guide and the unit tests. This issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.Users of the artifact commons-beanutils:commons-beanutils 1.x are recommended to upgrade to version 1.11.0, which fixes the issue. Users of the artifact org.apache.commons:commons-beanutils2 2.x are recommended to upgrade to version 2.0.0-M2, which fixes the issue.
CVE-2025-3357 1 Ibm 1 Tivoli Monitoring 2026-02-26 9.8 Critical
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array.
CVE-2025-2501 1 Lenovo 2 Pc Manager, Pcmanager 2026-02-26 7.8 High
An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.
CVE-2025-20680 1 Mediatek 7 Mt7902, Mt7920, Mt7921 and 4 more 2026-02-26 9.8 Critical
In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418044; Issue ID: MSV-3482.
CVE-2025-2502 1 Lenovo 2 Pc Manager, Pcmanager 2026-02-26 7.8 High
An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.
CVE-2025-20982 2 Samsung, Samsung Mobile 2 Android, Samsung Mobile Devices 2026-02-26 6.4 Medium
Out-of-bounds write in setting auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
CVE-2025-20983 1 Samsung 2 Android, Mobile 2026-02-26 6.4 Medium
Out-of-bounds write in checking auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
CVE-2025-21422 1 Qualcomm 443 Aqt1000, Aqt1000 Firmware, Ar8035 and 440 more 2026-02-26 7.1 High
Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses.
CVE-2025-21432 1 Qualcomm 493 Aqt1000, Aqt1000 Firmware, Ar8035 and 490 more 2026-02-26 7.8 High
Memory corruption while retrieving the CBOR data from TA.