Search

Search Results (366627 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-47341 1 Qualcomm 63 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 60 more 2026-02-26 7.8 High
memory corruption while processing an image encoding completion event.
CVE-2025-22412 1 Google 1 Android 2026-02-26 8.8 High
In multiple functions of sdp_server.cc, there is a possible use after free due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-47347 2 Qnx, Qualcomm 76 Qnx, Qam8255p, Qam8255p Firmware and 73 more 2026-02-26 7.8 High
Memory corruption while processing control commands in the virtual memory management interface.
CVE-2025-43728 1 Dell 33 Latitude 3330, Latitude 3420, Latitude 3440 and 30 more 2026-02-26 9.6 Critical
Dell ThinOS 10, versions prior to 2508_10.0127, contain a Protection Mechanism Failure vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass.
CVE-2025-47349 1 Qualcomm 37 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 34 more 2026-02-26 7.8 High
Memory corruption while processing an escape call.
CVE-2025-20352 1 Cisco 4 Ios, Ios Xe, Ios Xe Sd-wan and 1 more 2026-02-26 7.7 High
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the following: An authenticated, remote attacker with low privileges could cause a denial of service (DoS) condition on an affected device that is running Cisco IOS Software or Cisco IOS XE Software. To cause the DoS, the attacker must have the SNMPv2c or earlier read-only community string or valid SNMPv3 user credentials. An authenticated, remote attacker with high privileges could execute code as the root user on an affected device that is running Cisco IOS XE Software. To execute code as the root user, the attacker must have the SNMPv1 or v2c read-only community string or valid SNMPv3 user credentials and administrative or privilege 15 credentials on the affected device. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device over IPv4 or IPv6 networks. This vulnerability is due to a stack overflow condition in the SNMP subsystem of the affected software. A successful exploit could allow a low-privileged attacker to cause the affected system to reload, resulting in a DoS condition, or allow a high-privileged attacker to execute arbitrary code as the root user and obtain full control of the affected system. Note: This vulnerability affects all versions of SNMP.
CVE-2025-43882 1 Dell 33 Latitude 3330, Latitude 3420, Latitude 3440 and 30 more 2026-02-26 7.8 High
Dell ThinOS 10, versions prior to 2508_10.0127, contains an Unverified Ownership vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Unauthorized Access.
CVE-2025-47351 1 Qualcomm 57 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 54 more 2026-02-26 7.8 High
Memory corruption while processing user buffers.
CVE-2025-47354 1 Qualcomm 77 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 74 more 2026-02-26 7.8 High
Memory corruption while allocating buffers in DSP service.
CVE-2025-43730 1 Dell 33 Latitude 3330, Latitude 3420, Latitude 3440 and 30 more 2026-02-26 8.4 High
Dell ThinOS 10, versions prior to 2508_10.0127, contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A local unauthenticated user could potentially exploit this vulnerability leading to Elevation of Privileges and Information disclosure.
CVE-2025-20338 1 Cisco 2 Ios Xe, Ios Xe Software 2026-02-26 6 Medium
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by logging in to the device CLI with valid administrative (level 15) credentials and using crafted commands at the CLI prompt. A successful exploit could allow the attacker to execute arbitrary commands as root.
CVE-2025-47355 1 Qualcomm 55 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 52 more 2026-02-26 7.8 High
Memory corruption while invoking remote procedure IOCTL calls.
CVE-2025-43729 1 Dell 33 Latitude 3330, Latitude 3420, Latitude 3440 and 30 more 2026-02-26 7.8 High
Dell ThinOS 10, versions prior to 2508_10.0127, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Elevation of Privileges and Unauthorized Access.
CVE-2025-59251 1 Microsoft 1 Edge Chromium 2026-02-26 7.6 High
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2025-20344 1 Cisco 1 Nexus Dashboard 2026-02-26 6.5 Medium
A vulnerability in the backup restore functionality of Cisco Nexus Dashboard could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. This vulnerability is due to insufficient validation of the contents of a backup file. An attacker with valid Administrator credentials could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to gain root privileges on the underlying shell on the affected device.
CVE-2025-20333 1 Cisco 3 Adaptive Security Appliance Software, Firepower Threat Defense, Firepower Threat Defense Software 2026-02-26 9.9 Critical
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker with valid VPN user credentials could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of the affected device.
CVE-2025-20362 1 Cisco 3 Adaptive Security Appliance Software, Firepower Threat Defense, Firepower Threat Defense Software 2026-02-26 6.5 Medium
Update: On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisco Secure ASA Software or Cisco Secure FTD Software releases that are affected by CVE-2025-20333 and CVE-2025-20362. This attack can cause unpatched devices to unexpectedly reload, leading to denial of service (DoS) conditions. Cisco strongly recommends that all customers upgrade to the fixed software releases that are listed in the Fixed Software ["#fs"] section of this advisory. A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to access restricted URL endpoints that are related to remote access VPN that should otherwise be inaccessible without authentication. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web server on a device. A successful exploit could allow the attacker to access a restricted URL without authentication.
CVE-2025-20363 1 Cisco 9 Adaptive Security Appliance Software, Asr 9001, Firepower Threat Defense and 6 more 2026-02-26 9 Critical
A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, remote attacker (Cisco ASA and FTD Software) or authenticated, remote attacker (Cisco IOS, IOS XE, and IOS XR Software) with low user privileges to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web service on an affected device after obtaining additional information about the system, overcoming exploit mitigations, or both. A successful exploit could allow the attacker to execute arbitrary code as root, which may lead to the complete compromise of the affected device. For more information about this vulnerability, see the Details ["#details"] section of this advisory.
CVE-2025-59974 1 Juniper 3 Junos, Junos Space, Space Security Director 2026-02-26 8.4 High
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Junos Space Security Director allows an attacker to inject malicious scripts into the application, which are then stored and executed in the context of other users' browsers when they access affected pages.This issue affects Juniper Security Director:  * All versions before 24.1R4.
CVE-2025-59978 2 Jjuniper, Juniper 3 Junos Space, Junos, Junos Space 2026-02-26 9 Critical
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to store script tags directly in web pages that, when viewed by another user, enable the attacker to execute commands with the target's administrative permissions. This issue affects all versions of Junos Space before 24.1R4.