Search

Search Results (363643 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-27240 1 Zabbix 1 Zabbix 2026-02-26 7.2 High
A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field.
CVE-2025-23303 4 Apple, Linux, Microsoft and 1 more 4 Macos, Linux Kernel, Windows and 1 more 2026-02-26 7.8 High
NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering.
CVE-2025-23304 4 Apple, Linux, Microsoft and 1 more 4 Macos, Linux Kernel, Windows and 1 more 2026-02-26 7.8 High
NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously crafted metadata. A successful exploit of this vulnerability may lead to remote code execution and data tampering.
CVE-2025-23295 1 Nvidia 1 Apex 2026-02-26 7.8 High
NVIDIA Apex for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
CVE-2025-38738 1 Dell 1 Supportassist For Home Pcs 2026-02-26 6.7 Medium
SupportAssist for Home PCs Installer exe version(s) 4.8.2.29006 and prior, contain(s) an Incorrect Privilege Assignment vulnerability in the Installer. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.
CVE-2025-36612 1 Dell 1 Supportassist For Business Pcs 2026-02-26 6.7 Medium
SupportAssist for Business PCs, version(s) 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.
CVE-2025-20265 1 Cisco 2 Firepower Management Center, Secure Firewall Management Center 2026-02-26 10 Critical
A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device.  This vulnerability is due to a lack of proper handling of user input during the authentication phase. An attacker could exploit this vulnerability by sending crafted input when entering credentials that will be authenticated at the configured RADIUS server. A successful exploit could allow the attacker to execute commands at a high privilege level. Note: For this vulnerability to be exploited, Cisco Secure FMC Software must be configured for RADIUS authentication for the web-based management interface, SSH management, or both.
CVE-2025-20306 1 Cisco 2 Firepower Management Center, Secure Firewall Management Center 2026-02-26 4.9 Medium
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system. This vulnerability is due to insufficient input validation of certain HTTP request parameters that are sent to the web-based management interface. An attacker could exploit this vulnerability by authenticating to the interface and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute commands as the root user on the affected device. To exploit this vulnerability, an attacker would need Administrator-level credentials.
CVE-2025-55109 1 Bmc 2 Control-m/agent, Control-m\/agent 2026-02-26 9 Critical
An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions when using an empty or default kdb keystore or a default PKCS#12 keystore. A remote attacker with access to a signed third-party or demo certificate for client authentication can bypass the need for a certificate signed by the certificate authority of the organization during authentication on the Control-M/Agent. The Control-M/Agent contains hardcoded certificates which are only trusted as fallback if an empty kdb keystore is used; they are never trusted if a PKCS#12 keystore is used. All of these certificates are now expired. In addition, the Control-M/Agent default kdb and PKCS#12 keystores contain trusted third-party certificates (external recognized CAs and default self-signed demo certificates) which are trusted for client authentication.
CVE-2025-54466 1 Apache 1 Ofbiz 2026-02-26 6.3 Medium
Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache OFBiz scrum plugin. This issue affects Apache OFBiz: before 24.09.02 only when the scrum plugin is used. Even unauthenticated attackers can exploit this vulnerability. Users are recommended to upgrade to version 24.09.02, which fixes the issue.
CVE-2025-55112 1 Bmc 2 Control-m/agent, Control-m\/agent 2026-02-26 7.4 High
Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 (and potentially earlier unsupported versions) that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between the Control-M/Agent and Server.
CVE-2025-5046 1 Autodesk 10 Advance Steel, Autocad, Autocad Architecture and 7 more 2026-02-26 7.8 High
A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVE-2025-55113 1 Bmc 2 Control-m/agent, Control-m\/agent 2026-02-26 9 Critical
If the Access Control List is enforced by the Control-M/Agent and the C router is in use (default in Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions; non-default but configurable using the JAVA_AR setting in newer versions), the verification stops at the first NULL byte encountered in the email address referenced in the client certificate. An attacker could bypass configured ACLs by using a specially crafted certificate.
CVE-2025-55115 1 Bmc 2 Control-m/agent, Control-m\/agent 2026-02-26 8.8 High
A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions. This vulnerability was fixed in 9.0.20.100 and above.
CVE-2025-5047 1 Autodesk 10 Advance Steel, Autocad, Autocad Architecture and 7 more 2026-02-26 7.8 High
A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVE-2025-55116 1 Bmc 2 Control-m/agent, Control-m\/agent 2026-02-26 8.8 High
A buffer overflow in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions.
CVE-2025-5048 1 Autodesk 10 Advance Steel, Autocad, Autocad Architecture and 7 more 2026-02-26 7.8 High
A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVE-2025-8995 2 Authenticator Login Project, Drupal 2 Authenticator Login, Drupal 2026-02-26 9.8 Critical
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.4.
CVE-2025-8893 1 Autodesk 12 Advance Steel, Autocad, Autocad Architecture and 9 more 2026-02-26 7.8 High
A maliciously crafted PDF file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVE-2025-36120 1 Ibm 1 Storage Virtualize 2026-02-26 8.8 High
IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources.