Export limit exceeded: 363643 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363643 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-8894 1 Autodesk 12 Advance Steel, Autocad, Autocad Architecture and 9 more 2026-02-26 7.8 High
A maliciously crafted PDF file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVE-2025-36244 1 Ibm 2 Aix, Vios 2026-02-26 7.4 High
IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerberos network authentication, could allow a local user to write to files on the system with root privileges due to improper initialization of critical variables.
CVE-2025-8098 1 Lenovo 2 Pc Manager, Pcmanager 2026-02-26 7.8 High
An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges.
CVE-2025-54262 3 Adobe, Apple, Microsoft 3 Substance 3d Stager, Macos, Windows 2026-02-26 7.8 High
Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-9242 1 Watchguard 35 Firebox M270, Firebox M290, Firebox M370 and 32 more 2026-02-26 9.8 Critical
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.3 and 2025.1.
CVE-2025-38561 2 Debian, Linux 2 Debian Linux, Linux Kernel 2026-02-26 8.5 High
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Preauh_HashValue race condition If client send multiple session setup requests to ksmbd, Preauh_HashValue race condition could happen. There is no need to free sess->Preauh_HashValue at session setup phase. It can be freed together with session at connection termination phase.
CVE-2025-59215 1 Microsoft 7 Graphics Component, Windows, Windows 11 and 4 more 2026-02-26 7 High
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2025-59216 1 Microsoft 6 Windows, Windows 11, Windows 11 24h2 and 3 more 2026-02-26 7 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2025-9132 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-02-26 8.8 High
Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-59220 1 Microsoft 19 Windows, Windows 10, Windows 10 21h2 and 16 more 2026-02-26 7 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
CVE-2025-10035 1 Fortra 1 Goanywhere Managed File Transfer 2026-02-26 10 Critical
A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection.
CVE-2025-57789 1 Commvault 2 Commcell, Commvault 2026-02-26 5.4 Medium
During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured.
CVE-2025-48703 2 Centos-webpanel, Control-webpanel 2 Centos Web Panel, Webpanel 2026-02-26 9 Critical
CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.
CVE-2025-20371 1 Splunk 3 Splunk, Splunk Cloud Platform, Splunk Enterprise 2026-02-26 7.5 High
In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery (SSRF) potentially letting an attacker perform REST API calls on behalf of an authenticated high-privileged user.
CVE-2025-57729 1 Jetbrains 1 Intellij Idea 2026-02-26 6.5 Medium
In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start
CVE-2025-59689 1 Libraesva 1 Email Security Gateway 2026-02-26 6.1 Medium
Libraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail attachment. For ESG 5.0 a fix has been released in 5.0.31. For ESG 5.1 a fix has been released in 5.1.20. For ESG 5.2 a fix has been released in 5.2.31. For ESG 5.4 a fix has been released in 5.4.8. For ESG 5.5. a fix has been released in 5.5.7.
CVE-2025-10578 1 Hp 2 Hp, Support Assistant 2026-02-26 7.8 High
A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.47.41.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write.
CVE-2025-57732 1 Jetbrains 1 Teamcity 2026-02-26 7.5 High
In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership
CVE-2025-23355 2 Microsoft, Nvidia 2 Windows, Nsight Graphics 2026-02-26 6.7 Medium
NVIDIA Nsight Graphics for Windows contains a vulnerability in an ngfx component, where an attacker could cause a DLL highjacking attack. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and denial of service.
CVE-2025-54286 2 Canonical, Linux 3 Lxd, Linux, Linux Kernel 2026-02-26 8.8 High
Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication.