Export limit exceeded: 363299 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363299 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-22522 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2026-02-25 | 8.8 High |
| This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve Remote Code Execution (RCE) on an affected instance. Publicly accessible Confluence Data Center and Server versions as listed below are at risk and require immediate attention. See the advisory for additional details Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. | ||||
| CVE-2022-41704 | 3 Apache, Debian, Redhat | 4 Batik, Debian Linux, Camel Spring Boot and 1 more | 2026-02-25 | 7.5 High |
| A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16. | ||||
| CVE-2021-43113 | 2 Debian, Itextpdf | 2 Debian Linux, Itext | 2026-02-25 | 9.8 Critical |
| iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java. | ||||
| CVE-2021-3347 | 4 Debian, Fedoraproject, Linux and 1 more | 10 Debian Linux, Fedora, Linux Kernel and 7 more | 2026-02-25 | 7.8 High |
| An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458. | ||||
| CVE-2021-0642 | 1 Google | 1 Android | 2026-02-25 | 5.5 Medium |
| In onResume of VoicemailSettingsFragment.java, there is a possible way to retrieve a trackable identifier without permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-185126149 | ||||
| CVE-2021-0641 | 1 Google | 1 Android | 2026-02-25 | 5.5 Medium |
| In getAvailableSubscriptionInfoList of SubscriptionController.java, there is a possible disclosure of unique identifiers due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-185235454 | ||||
| CVE-2021-0584 | 1 Google | 1 Android | 2026-02-25 | 5.5 Medium |
| In verifyBufferObject of Parcel.cpp, there is a possible out of bounds read due to an improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-179289794 | ||||
| CVE-2020-14381 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-02-25 | 7.8 High |
| A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | ||||
| CVE-2025-11847 | 1 Zyxel | 108 Ax7501-b1, Ax7501-b1 Firmware, Dx3300-t0 and 105 more | 2026-02-25 | 4.9 Medium |
| A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request. | ||||
| CVE-2025-11846 | 1 Zyxel | 108 Ax7501-b1, Ax7501-b1 Firmware, Dx3300-t0 and 105 more | 2026-02-25 | 4.9 Medium |
| A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request. | ||||
| CVE-2025-11845 | 1 Zyxel | 108 Ax7501-b1, Ax7501-b1 Firmware, Dx3300-t0 and 105 more | 2026-02-25 | 4.9 Medium |
| A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request. | ||||
| CVE-2025-11848 | 1 Zyxel | 96 Ax7501-b1, Ax7501-b1 Firmware, Dx3300-t0 and 93 more | 2026-02-25 | 4.9 Medium |
| A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request. | ||||
| CVE-2023-43826 | 1 Apache | 1 Guacamole | 2026-02-25 | 0 Low |
| Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process. Users are recommended to upgrade to version 1.5.4, which fixes this issue. | ||||
| CVE-2024-47183 | 2 Parse Community, Parseplatform | 2 Parse Server, Parse-server | 2026-02-25 | 8.1 High |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. If the Parse Server option allowCustomObjectId: true is set, an attacker that is allowed to create a new user can set a custom object ID for that new user that exploits the vulnerability and acquires privileges of a specific role. This vulnerability is fixed in 6.5.9 and 7.3.0. | ||||
| CVE-2025-67733 | 2 Lfprojects, Valkey-io | 2 Valkey, Valkey | 2026-02-25 | 8.5 High |
| Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same connection. The error handling code for lua scripts does not properly handle null characters. Versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12 fix the issue. | ||||
| CVE-2023-5427 | 1 Arm | 3 5th Gen Gpu Architecture Kernel Driver, Bifrost Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2026-02-25 | 7.8 High |
| Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r44p0 through r45p0; Valhall GPU Kernel Driver: from r44p0 through r45p0; Arm 5th Gen GPU Architecture Kernel Driver: from r44p0 through r45p0. | ||||
| CVE-2023-36483 | 1 Honeywell | 2 Masmobile Asp.net Services, Masmobile Classic | 2026-02-25 | 6.5 Medium |
| Authorization bypass can be achieved by session ID prediction in MASmobile Classic Android version 1.16.18 and earlier and MASmobile Classic iOS version 1.7.24 and earlier which allows remote attackers to retrieve sensitive data including customer data, security system status, and event history. | ||||
| CVE-2023-32217 | 1 Sailpoint | 1 Identityiq | 2026-02-25 | 9 Critical |
| IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments or a Java constructor with a single Map argument in any Java class available in the IdentityIQ application classpath. | ||||
| CVE-2023-31554 | 2026-02-25 | N/A | ||
| ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-2663. Reason: This record is a reservation duplicate of CVE-2023-2663. Notes: All CVE users should reference CVE-2023-2663 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage. | ||||
| CVE-2023-33952 | 2 Linux, Redhat | 5 Linux Kernel, Enterprise Linux, Enterprise Linux For Real Time and 2 more | 2026-02-25 | 6.7 Medium |
| A double-free vulnerability was found in handling vmw_buffer_object objects in the vmwgfx driver in the Linux kernel. This issue occurs due to the lack of validating the existence of an object prior to performing further free operations on the object, which may allow a local privileged user to escalate privileges and execute code in the context of the kernel. | ||||