Search

Search Results (363609 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-21062 1 Samsung 1 Smart Switch 2026-02-26 7.8 High
Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.67.2 allows local attackers to replace the restoring application. User interaction is required for triggering this vulnerability.
CVE-2025-21064 1 Samsung 1 Smart Switch 2026-02-26 8.8 High
Improper authentication in Smart Switch prior to version 3.7.66.6 allows adjacent attackers to access transferring data.
CVE-2025-34212 1 Vasion 2 Virtual Appliance Application, Virtual Appliance Host 2026-02-26 9.8 Critical
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.843 and Application prior to version 20.0.1923 (VA/SaaS deployments) possess CI/CD weaknesses: the build pulls an unverified third-party image, downloads the VirtualBox Extension Pack over plain HTTP without signature validation, and grants the jenkins account NOPASSWD for mount/umount. Together these allow supply chain or man-in-the-middle compromise of the build pipeline, injection of malicious firmware, and remote code execution as root on the CI host. This vulnerability has been identified by the vendor as: V-2023-007 — Supply Chain Attack.
CVE-2025-55177 3 Apple, Facebook, Whatsapp 7 Ios, Macos, Facebook and 4 more 2026-02-26 5.4 Medium
Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users.
CVE-2025-25018 1 Elastic 1 Kibana 2026-02-26 8.7 High
Improper Neutralization of Input During Web Page Generation in Kibana can lead to stored Cross-Site Scripting (XSS)
CVE-2025-36245 1 Ibm 1 Infosphere Information Server 2026-02-26 8.8 High
IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input.
CVE-2025-30264 1 Qnap 2 Qts, Quts Hero 2026-02-26 8.8 High
A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later
CVE-2025-52856 1 Qnap 1 Qvr 2026-02-26 9.8 Critical
An improper authentication vulnerability has been reported to affect VioStor. If a remote attacker, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: VioStor 5.1.6 build 20250621 and later
CVE-2025-9377 1 Tp-link 6 Archer C7, Archer C7 Firmware, Tl-wr841n and 3 more 2026-02-26 7.2 High
The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9. This issue affects Archer C7(EU) V2: before 241108 and TL-WR841N/ND(MS) V9: before 241108. Both products have reached the status of EOL (end-of-life). It's recommending to purchase the new product to ensure better performance and security. If replacement is not an option in the short term, please use the second reference link to download and install the patch(es).
CVE-2025-61884 1 Oracle 1 Configurator 2026-02-26 7.5 High
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVE-2025-6033 1 Ni 1 Circuit Design Suite 2026-02-26 7.8 High
There is a memory corruption vulnerability due to an out of bounds write in XML_Serialize() when using SymbolEditor in NI Circuit Design Suite.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.1 and prior versions.
CVE-2025-6034 1 Ni 1 Circuit Design Suite 2026-02-26 7.8 High
There is a memory corruption vulnerability due to an out of bounds read in DefaultFontOptions() when using SymbolEditor in NI Circuit Design Suite.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.1 and prior versions.
CVE-2025-37729 1 Elastic 1 Elastic Cloud Enterprise 2026-02-26 9.1 Critical
Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise (ECE) can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated.
CVE-2025-11695 1 Mongodb 2 Rust-driver, Rust Driver 2026-02-26 8 High
When tlsInsecure=False appears in a connection string, certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5
CVE-2025-11622 1 Ivanti 1 Endpoint Manager 2026-02-26 7.8 High
Insecure deserialization in Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to escalate their privileges.
CVE-2025-9713 1 Ivanti 1 Endpoint Manager 2026-02-26 8.8 High
Path traversal in Ivanti Endpoint Manager before version 2024 SU4 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
CVE-2025-20712 2 Mediatek, Openwrt 12 Mt6799, Mt6990, Mt6990 Firmware and 9 more 2026-02-26 8.8 High
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00422323; Issue ID: MSV-3810.
CVE-2025-20711 2 Mediatek, Openwrt 6 Mt6890, Mt7916, Mt7981 and 3 more 2026-02-26 8.8 High
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00422399; Issue ID: MSV-3748.
CVE-2025-20710 2 Mediatek, Openwrt 7 Mt6890, Mt7915, Mt7916 and 4 more 2026-02-26 8.8 High
In wlan AP driver, there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418785; Issue ID: MSV-3515.
CVE-2025-20709 2 Mediatek, Openwrt 12 Mt6890, Mt6890 Firmware, Mt7915 and 9 more 2026-02-26 8.8 High
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00415809; Issue ID: MSV-3405.