Export limit exceeded: 363327 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 26242 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363327 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363327 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-47366 1 Qualcomm 319 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 316 more 2026-02-26 7.1 High
Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input.
CVE-2025-47397 1 Qualcomm 295 Ar8031, Ar8031 Firmware, Csra6620 and 292 more 2026-02-26 7.8 High
Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors.
CVE-2025-47398 1 Qualcomm 307 Ar8031, Ar8031 Firmware, Csra6620 and 304 more 2026-02-26 7.8 High
Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers.
CVE-2025-47399 1 Qualcomm 29 Cologne, Cologne Firmware, Fastconnect 7800 and 26 more 2026-02-26 7.8 High
Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters.
CVE-2025-58382 2 Broadcom, Brocade 2 Fabric Operating System, Fabric Os 2026-02-26 7.2 High
A vulnerability in the secure configuration of authentication and management services in Brocade Fabric OS before Fabric OS 9.2.1c2 could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands as root using “supportsave”, “seccertmgmt”, “configupload” command.
CVE-2025-58383 2 Broadcom, Brocade 2 Fabric Operating System, Fabric Os 2026-02-26 7.2 High
A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level user to execute the bind command, to escalate privileges and bypass security controls allowing the execution of arbitrary commands.
CVE-2025-9711 2 Broadcom, Brocade 2 Fabric Operating System, Fabric Os 2026-02-26 7.8 High
A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow elevating the privileges of the local authenticated user to “root” using the export option of seccertmgmt and seccryptocfg commands.
CVE-2025-67848 1 Moodle 1 Moodle 2026-02-26 8.1 High
A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability (LTI) Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access to the system. This can lead to information disclosure or other unauthorized actions by users who should be restricted.
CVE-2025-67849 1 Moodle 1 Moodle 2026-02-26 7.3 High
A flaw was found in Moodle. This cross-site scripting (XSS) vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface could be manipulated.
CVE-2025-67850 1 Moodle 1 Moodle 2026-02-26 7.3 High
A flaw was found in moodle. This vulnerability, known as Cross-Site Scripting (XSS), occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code into these fields. When other users view these expressions, the malicious code would execute in their web browsers, potentially compromising their data or leading to unauthorized actions.
CVE-2024-4040 1 Crushftp 1 Crushftp 2026-02-26 9.8 Critical
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
CVE-2024-28995 1 Solarwinds 1 Serv-u 2026-02-26 8.6 High
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.
CVE-2024-1709 1 Connectwise 1 Screenconnect 2026-02-26 10 Critical
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.
CVE-2025-13379 1 Ibm 1 Aspera Console 2026-02-26 8.6 High
IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.
CVE-2024-1212 2 Kemptechnologies, Progress 2 Loadmaster, Loadmaster 2026-02-26 10 Critical
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
CVE-2025-64111 1 Gogs 1 Gogs 2026-02-26 9.8 Critical
Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, due to the insufficient patch for CVE-2024-56731, it's still possible to update files in the .git directory and achieve remote command execution. This issue has been patched in versions 0.13.4 and 0.14.0+dev.
CVE-2025-64175 1 Gogs 1 Gogs 2026-02-26 8.8 High
Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, Gogs’ 2FA recovery code validation does not scope codes by user, enabling cross-account bypass. If an attacker knows a victim’s username and password, they can use any unused recovery code (e.g., from their own account) to bypass the victim’s 2FA. This enables full account takeover and renders 2FA ineffective in all environments where it's enabled.. This issue has been patched in versions 0.13.4 and 0.14.0+dev.
CVE-2023-6549 1 Citrix 2 Netscaler Application Delivery Controller, Netscaler Gateway 2026-02-26 8.2 High
Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read
CVE-2025-37169 3 Arubanetworks, Hp, Hpe 3 Arubaos, Arubaos, Arubaos 2026-02-26 7.2 High
A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gateway. Successful exploitation could allow an authenticated malicious actor to execute arbitrary code as a privileged user on the underlying operating system.
CVE-2025-37170 2 Arubanetworks, Hpe 2 Arubaos, Arubaos 2026-02-26 7.2 High
Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system.