Search

Search Results (363761 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-53770 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-02-26 9.8 Critical
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.
CVE-2025-6555 1 Google 1 Chrome 2026-02-26 5.4 Medium
Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2025-32744 1 Dell 1 Appsync 2026-02-26 6.6 Medium
Dell AppSync, version(s) 4.6.0.0, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.
CVE-2025-6556 1 Google 1 Chrome 2026-02-26 5.4 Medium
Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
CVE-2025-38352 2 Debian, Linux 2 Debian Linux, Linux Kernel 2026-02-26 7.4 High
In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent or debugger right after unlock_task_sighand(). If a concurrent posix_cpu_timer_del() runs at that moment, it won't be able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or lock_task_sighand() will fail. Add the tsk->exit_state check into run_posix_cpu_timers() to fix this. This fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because exit_task_work() is called before exit_notify(). But the check still makes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail anyway in this case.
CVE-2025-6557 2 Google, Microsoft 2 Chrome, Windows 2026-02-26 5.4 Medium
Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)
CVE-2025-7427 1 Arm 1 Arm Development Studio 2026-02-26 5.9 Medium
Uncontrolled Search Path Element in Arm Development Studio before 2025 may allow an attacker to perform a DLL hijacking attack. Successful exploitation could lead to local arbitrary code execution in the context of the user running Arm Development Studio.
CVE-2025-36004 1 Ibm 1 I 2026-02-26 8.8 High
IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to run with administrator privilege.
CVE-2025-5042 1 Autodesk 2 Revit, Revit Lt 2026-02-26 7.8 High
A maliciously crafted RFA file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVE-2025-0966 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2026-02-26 7.6 High
IBM InfoSphere Information Server 11.7 vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.
CVE-2025-6543 2 Citrix, Netscaler 4 Netscaler Application Delivery Controller, Netscaler Gateway, Adc and 1 more 2026-02-26 9.8 Critical
Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
CVE-2025-20281 1 Cisco 2 Identity Services Engine, Identity Services Engine Passive Identity Connector 2026-02-26 10 Critical
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.
CVE-2025-20282 1 Cisco 2 Identity Services Engine, Identity Services Engine Passive Identity Connector 2026-02-26 10 Critical
A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root. This vulnerability is due a lack of file validation checks that would prevent uploaded files from being placed in privileged directories on an affected system. An attacker could exploit this vulnerability by uploading a crafted file to the affected device. A successful exploit could allow the attacker to store malicious files on the affected system and then execute arbitrary code or obtain root privileges on the system.
CVE-2025-36038 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2026-02-26 9 Critical
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects.
CVE-2025-2938 1 Gitlab 1 Gitlab 2026-02-26 3.1 Low
An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to gain elevated project privileges by requesting access to projects where role modifications during the approval process resulted in unintended permission grants.
CVE-2025-6675 2 Drupal, Miniorange 2 Drupal, Miniorange 2fa 2026-02-26 4.8 Medium
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.8.0, from 5.2.0 before 5.2.1, from 0.0.0 before 5.0.*, from 0.0.0 before 5.1.*.
CVE-2025-8010 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-02-26 8.8 High
Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-6707 1 Mongodb 1 Mongodb 2026-02-26 4.2 Medium
Under certain conditions, an authenticated user request may execute with stale privileges following an intentional change by an authorized administrator. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.24, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB Server v8.0 version prior to 8.0.5.
CVE-2025-8011 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-02-26 8.8 High
Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-36595 1 Dell 2 Solutions Enabler Virtual Appliance, Unisphere For Powermax Virtual Appliance 2026-02-26 7.2 High
Dell Unisphere for PowerMax vApp, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.