Export limit exceeded: 363775 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363775 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-20260 | 1 Clamav | 1 Clamav | 2026-02-26 | 9.8 Critical |
| A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device. This vulnerability exists because memory buffers are allocated incorrectly when PDF files are processed. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to trigger a buffer overflow, likely resulting in the termination of the ClamAV scanning process and a DoS condition on the affected software. Although unproven, there is also a possibility that an attacker could leverage the buffer overflow to execute arbitrary code with the privileges of the ClamAV process. | ||||
| CVE-2025-25257 | 1 Fortinet | 1 Fortiweb | 2026-02-26 | 9.6 Critical |
| An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.7, FortiWeb 7.2.0 through 7.2.10, FortiWeb 7.0.0 through 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests. | ||||
| CVE-2025-6191 | 1 Google | 1 Chrome | 2026-02-26 | 8.8 High |
| Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-6192 | 1 Google | 1 Chrome | 2026-02-26 | 8.8 High |
| Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-27779 | 1 Fortinet | 2 Fortiisolator, Fortisandbox | 2026-02-26 | 6.3 Medium |
| An insufficient session expiration vulnerability [CWE-613] in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions, 3.2 all versions and FortiIsolator version 2.4 and below, 2.3 all versions, 2.2 all versions, 2.1 all versions, 2.0 all versions, 1.2 all versions may allow a remote attacker in possession of an admin session cookie to keep using that admin's session even after the admin user was deleted. | ||||
| CVE-2025-49747 | 1 Microsoft | 1 Azure Machine Learning | 2026-02-26 | 9.9 Critical |
| Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-33117 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2026-02-26 | 9.1 Critical |
| IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify configuration files that would allow the upload of a malicious autoupdate file to execute arbitrary commands. | ||||
| CVE-2025-49746 | 1 Microsoft | 1 Azure Machine Learning | 2026-02-26 | 9.9 Critical |
| Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2024-53298 | 1 Dell | 1 Powerscale Onefs | 2026-02-26 | 9.8 Critical |
| Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains a missing authorization vulnerability in the NFS export. An unauthenticated attacker with remote access could potentially exploit this vulnerability leading to unauthorized filesystem access. The attacker may be able to read, modify, and delete arbitrary files. This vulnerability is considered critical as it can be leveraged to fully compromise the system. Dell recommends customers to upgrade at the earliest opportunity. | ||||
| CVE-2025-47995 | 1 Microsoft | 1 Azure Machine Learning | 2026-02-26 | 6.5 Medium |
| Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-6218 | 2 Microsoft, Rarlab | 2 Windows, Winrar | 2026-02-26 | N/A |
| RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198. | ||||
| CVE-2025-47158 | 1 Microsoft | 2 Azure Devops, Azure Devops Server | 2026-02-26 | 9 Critical |
| Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-53762 | 1 Microsoft | 2 Office Purview, Purview | 2026-02-26 | 8.7 High |
| Permissive list of allowed inputs in Microsoft Purview allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-54313 | 5 Alexghr, Homarr, Microsoft and 2 more | 8 Got-fetch, Homarr, Windows and 5 more | 2026-02-26 | 7.5 High |
| eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows. | ||||
| CVE-2025-53770 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2026-02-26 | 9.8 Critical |
| Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation. | ||||
| CVE-2025-6555 | 1 Google | 1 Chrome | 2026-02-26 | 5.4 Medium |
| Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-32744 | 1 Dell | 1 Appsync | 2026-02-26 | 6.6 Medium |
| Dell AppSync, version(s) 4.6.0.0, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote execution. | ||||
| CVE-2025-6556 | 1 Google | 1 Chrome | 2026-02-26 | 5.4 Medium |
| Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2025-38352 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-02-26 | 7.4 High |
| In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent or debugger right after unlock_task_sighand(). If a concurrent posix_cpu_timer_del() runs at that moment, it won't be able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or lock_task_sighand() will fail. Add the tsk->exit_state check into run_posix_cpu_timers() to fix this. This fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because exit_task_work() is called before exit_notify(). But the check still makes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail anyway in this case. | ||||
| CVE-2025-6557 | 2 Google, Microsoft | 2 Chrome, Windows | 2026-02-26 | 5.4 Medium |
| Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low) | ||||