Search

Search Results (363638 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-34202 2 Printerlogic, Vasion 4 Vasion Print, Virtual Appliance, Virtual Appliance Application and 1 more 2026-02-26 8.8 High
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 25.2.169 and Application prior to 25.2.1518 (VA and SaaS deployments) expose Docker internal networks in a way that allows an attacker on the same external L2 segment — or an attacker able to add routes using the appliance as a gateway — to reach container IPs directly. This grants access to internal services (HTTP APIs, Redis, MySQL, etc.) that are intended to be isolated inside the container network. Many of those services are accessible without authentication or are vulnerable to known exploitation chains. As a result, compromise of a single reachable endpoint or basic network access can enable lateral movement, remote code execution, data exfiltration, and full system compromise. This vulnerability has been identified by the vendor as: V-2025-003 — Insecure Access to Docker Instance from WAN.
CVE-2025-54988 1 Apache 1 Tika 2026-02-26 8.4 High
Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to internal resources or third-party servers. Note that the tika-parser-pdf-module is used as a dependency in several Tika packages including at least: tika-parsers-standard-modules, tika-parsers-standard-package, tika-app, tika-grpc and tika-server-standard. Users are recommended to upgrade to version 3.2.2, which fixes this issue.
CVE-2025-34190 4 Apple, Linux, Printerlogic and 1 more 6 Macos, Linux Kernel, Vasion Print and 3 more 2026-02-26 7.8 High
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 (macOS/Linux client deployments) are vulnerable to an authentication bypass in PrinterInstallerClientService. The service requires root privileges for certain administrative operations, but these checks rely on calls to geteuid(). By preloading a malicious shared object overriding geteuid(), a local attacker can trick the service into believing it is running with root privileges. This bypass enables execution of administrative commands (e.g., enabling debug mode, managing configurations, or invoking privileged features) without proper authorization. While some actions requiring write access to protected files may still fail, the flaw effectively breaks the intended security model of the inter-process communication (IPC) system, allowing local attackers to escalate privileges and compromise system integrity. This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced.
CVE-2025-47212 1 Qnap 2 Qts, Quts Hero 2026-02-26 7.2 High
A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
CVE-2025-9079 1 Mattermost 2 Mattermost, Mattermost Server 2026-02-26 8 High
Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.1, 10.9.x <= 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepackaged plugins directory
CVE-2025-57714 1 Qnap 1 Netbak Replicator 2026-02-26 7.8 High
An unquoted search path or element vulnerability has been reported to affect NetBak Replicator. If a local attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: NetBak Replicator 4.5.15.0807 and later
CVE-2025-7051 1 N-able 1 N-central 2026-02-26 8.3 High
On N-central, it is possible for any authenticated user to read, write and modify syslog configuration across customers on an N-central server. This vulnerability is present in all deployments of N-central prior to 2025.2.
CVE-2025-38742 1 Dell 2 Emc Idrac Service Module, Idrac Service Module 2026-02-26 5.3 Medium
Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
CVE-2025-1131 2 Asterisk, Sangoma 3 Asterisk, Asterisk, Certified Asterisk 2026-02-26 7.8 High
A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions. Non-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart.
CVE-2025-61882 1 Oracle 1 Concurrent Processing 2026-02-26 9.8 Critical
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVE-2025-38743 1 Dell 2 Emc Idrac Service Module, Idrac Service Module 2026-02-26 7.8 High
Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains a Buffer Access with Incorrect Length Value vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.
CVE-2025-10244 1 Autodesk 1 Fusion 2026-02-26 8.7 High
A maliciously crafted HTML payload, when rendered by the Autodesk Fusion desktop application, can trigger a Stored Cross-site Scripting (XSS) vulnerability. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.
CVE-2025-53763 1 Microsoft 2 Azure, Office Purview Data Governance 2026-02-26 9.8 Critical
Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-53795 1 Microsoft 1 Pc Manager 2026-02-26 9.1 Critical
Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-8354 1 Autodesk 2 Revit, Revit Lt 2026-02-26 7.8 High
A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Type Confusion vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVE-2025-55230 1 Microsoft 28 Windows, Windows 10, Windows 10 1507 and 25 more 2026-02-26 7.8 High
Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.
CVE-2025-55231 1 Microsoft 10 Server, Windows, Windows Server and 7 more 2026-02-26 7.5 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Storage allows an unauthorized attacker to execute code over a network.
CVE-2025-23308 3 Linux, Microsoft, Nvidia 3 Linux Kernel, Windows, Cuda Toolkit 2026-02-26 3.3 Low
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where an attacker may cause a heap-based buffer overflow by getting the user to run nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to arbitrary code execution at the privilege level of the user running nvdisasm.
CVE-2023-49886 1 Ibm 1 Transformation Extender Advanced 2026-02-26 9.8 Critical
IBM Standards Processing Engine 10.0.1.10 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe java deserialization. By sending specially crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2025-33120 1 Ibm 2 Qradar Incident Forensics, Qradar Security Information And Event Manager 2026-02-26 7.8 High
IBM QRadar SIEM 7.5 through 7.5.0 UP13 could allow an authenticated user to escalate their privileges via a misconfigured cronjob due to execution with unnecessary privileges.