Search

Search Results (363327 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-40536 1 Solarwinds 1 Web Help Desk 2026-02-26 8.1 High
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.
CVE-2025-40537 1 Solarwinds 1 Web Help Desk 2026-02-26 7.5 High
SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions.
CVE-2025-40551 1 Solarwinds 1 Web Help Desk 2026-02-26 9.8 Critical
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
CVE-2025-40554 1 Solarwinds 1 Web Help Desk 2026-02-26 9.8 Critical
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.
CVE-2025-13774 1 Progress 2 Flowmon, Flowmon Anomaly Detection System 2026-02-26 8.8 High
A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.4 and 13.0.1 where an SQL injection vulnerability allows authenticated users to execute unintended SQL queries and commands.
CVE-2025-11669 1 Zohocorp 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro 2026-02-26 8.1 High
Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality.
CVE-2025-13444 1 Progress 6 Connection Manager For Objectscale, Ecs Connection Manager, Loadmaster and 3 more 2026-02-26 8.4 High
OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters
CVE-2025-13447 1 Progress 5 Connection Manager For Objectscale*, Ecs Connection Manager, Loadmaster and 2 more 2026-02-26 8.4 High
OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters
CVE-2025-68119 2 Golang, Gotoolchain 2 Go, Cmd/go 2026-02-26 7 High
Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. This issue can also be triggered by providing a malicious version string to the toolchain. On systems with Git installed, downloading and building modules with malicious version strings can allow an attacker to write to arbitrary files on the filesystem. This can only be triggered by explicitly providing the malicious version strings to the toolchain and does not affect usage of @latest or bare module paths.
CVE-2025-61731 2 Golang, Gotoolchain 2 Go, Cmd/go 2026-02-26 7.8 High
Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a "--log-file" argument to this directive, causing pkg-config to write to an attacker-controlled location.
CVE-2025-64155 1 Fortinet 1 Fortisiem 2026-02-26 9.4 Critical
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests.
CVE-2025-46685 1 Dell 1 Supportassist Os Recovery 2026-02-26 7.5 High
Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
CVE-2025-36384 1 Ibm 1 Db2 2026-02-26 8.4 High
IBM Db2 for Windows 12.1.0 - 12.1.3 could allow a local user with filesystem access to escalate their privileges due to the use of an unquoted search path element.
CVE-2025-36365 1 Ibm 1 Db2 2026-02-26 6.8 Medium
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific configuration of cataloged remote storage aliases could allow an authenticated user to execute unauthorized commands due to an authorization bypass vulnerability using a user-controlled key.
CVE-2025-36184 1 Ibm 1 Db2 2026-02-26 7.2 High
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 could allow an instance owner to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level.
CVE-2025-14914 1 Ibm 1 Websphere Application Server 2026-02-26 7.6 High
IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution.
CVE-2025-47358 1 Qualcomm 43 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 40 more 2026-02-26 7.8 High
Memory Corruption when user space address is modified and passed to mem_free API, causing kernel memory to be freed inadvertently.
CVE-2025-47359 1 Qualcomm 75 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 72 more 2026-02-26 7.8 High
Memory Corruption when multiple threads simultaneously access a memory free API.
CVE-2025-47363 1 Qualcomm 71 Qam8255p, Qam8255p Firmware, Qam8295p and 68 more 2026-02-26 6.8 Medium
Memory corruption when calculating oversized partition sizes without proper checks.
CVE-2025-47364 1 Qualcomm 71 Qam8255p, Qam8255p Firmware, Qam8295p and 68 more 2026-02-26 6.8 Medium
Memory corruption while calculating offset from partition start point.