Export limit exceeded: 363318 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363318 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-48647 1 Google 1 Android 2026-02-26 7.8 High
In cpm_fwtp_msg_handler of cpm/google/lib/tracepoint/cpm_fwtp_ipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-33015 1 Ibm 1 Concert 2026-02-26 8.8 High
IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface.
CVE-2025-33228 1 Nvidia 1 Cuda Toolkit 2026-02-26 7.3 High
NVIDIA Nsight Systems contains a vulnerability in the gfx_hotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the process_nsys_rep_cli.py script if the script is invoked manually. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.
CVE-2025-33229 2 Microsoft, Nvidia 2 Windows, Cuda Toolkit 2026-02-26 7.3 High
NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Monitor application. A successful exploit of this vulnerability may lead to escalation of privileges, code execution, data tampering, denial of service, and information disclosure.
CVE-2025-33230 2 Linux, Nvidia 2 Linux Kernel, Cuda Toolkit 2026-02-26 7.3 High
NVIDIA Nsight Systems for Linux contains a vulnerability in the .run installer, where an attacker could cause an OS command injection by supplying a malicious string to the installation path. A successful exploit of this vulnerability might lead to escalation of privileges, code execution, data tampering, denial of service, and information disclosure.
CVE-2025-33231 2 Microsoft, Nvidia 2 Windows, Cuda Toolkit 2026-02-26 6.7 Medium
NVIDIA Nsight Systems for Windows contains a vulnerability in the application’s DLL loading mechanism where an attacker could cause an uncontrolled search path element by exploiting insecure DLL search paths. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service and information disclosure.
CVE-2025-55130 1 Nodejs 2 Node.js, Nodejs 2026-02-26 9.1 Critical
A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write, leading to potential system compromise. This vulnerability affects users of the permission model on Node.js v20, v22, v24, and v25.
CVE-2025-36588 1 Dell 2 Unisphere For Powermax, Unisphere For Powermax Virtual Appliance 2026-02-26 8.8 High
Dell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
CVE-2025-14560 1 Gitlab 1 Gitlab 2026-02-26 7.3 High
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by injecting malicious content into vulnerability code flow.
CVE-2025-7659 1 Gitlab 1 Gitlab 2026-02-26 8 High
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal tokens and access private repositories by abusing incomplete validation in the Web IDE.
CVE-2025-66277 2 Qnap, Qnap Systems 4 Qts, Quts Hero, Qts and 1 more 2026-02-26 9.8 Critical
A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3350 build 20251216 and later QuTS hero h5.3.2.3354 build 20251225 and later QuTS hero h5.2.8.3350 build 20251216 and later
CVE-2025-13691 1 Ibm 1 Datastage On Cloud Pak For Data 2026-02-26 8.1 High
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used to impersonate other users in the system.
CVE-2025-33088 2 Ibm, Linux 2 Concert, Linux Kernel 2026-02-26 7.4 High
IBM Concert 1.0.0 through 2.1.0 could allow a local user with specific knowledge about the system's architecture to escalate their privileges due to incorrect file permissions for critical resources.
CVE-2025-13689 1 Ibm 2 Datastage On Cloud Pak, Datastage On Cloud Pak For Data 2026-02-26 8.8 High
IBM DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary commands and gain access to sensitive information due to unrestricted file uploads.
CVE-2025-33236 1 Nvidia 2 Nemo, Nemo Framework 2026-02-26 7.8 High
NVIDIA NeMo Framework contains a vulnerability where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
CVE-2025-33241 1 Nvidia 2 Nemo, Nemo Framework 2026-02-26 7.8 High
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by loading a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
CVE-2025-33243 1 Nvidia 2 Nemo, Nemo Framework 2026-02-26 7.8 High
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution in distributed environments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
CVE-2025-33245 1 Nvidia 2 Nemo, Nemo Framework 2026-02-26 8 High
NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
CVE-2025-33246 1 Nvidia 2 Nemo, Nemo Framework 2026-02-26 7.8 High
NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where a user could cause a command injection by supplying crafted input to a configuration parameter. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, or information disclosure.
CVE-2025-33249 1 Nvidia 2 Nemo, Nemo Framework 2026-02-26 7.8 High
NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, where malicious input created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.