Export limit exceeded: 364436 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364436 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-7051 1 N-able 1 N-central 2026-02-26 8.3 High
On N-central, it is possible for any authenticated user to read, write and modify syslog configuration across customers on an N-central server. This vulnerability is present in all deployments of N-central prior to 2025.2.
CVE-2025-38742 1 Dell 2 Emc Idrac Service Module, Idrac Service Module 2026-02-26 5.3 Medium
Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
CVE-2025-1131 2 Asterisk, Sangoma 3 Asterisk, Asterisk, Certified Asterisk 2026-02-26 7.8 High
A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions. Non-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart.
CVE-2025-61882 1 Oracle 1 Concurrent Processing 2026-02-26 9.8 Critical
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVE-2025-38743 1 Dell 2 Emc Idrac Service Module, Idrac Service Module 2026-02-26 7.8 High
Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains a Buffer Access with Incorrect Length Value vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.
CVE-2025-10244 1 Autodesk 1 Fusion 2026-02-26 8.7 High
A maliciously crafted HTML payload, when rendered by the Autodesk Fusion desktop application, can trigger a Stored Cross-site Scripting (XSS) vulnerability. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.
CVE-2025-53763 1 Microsoft 2 Azure, Office Purview Data Governance 2026-02-26 9.8 Critical
Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-53795 1 Microsoft 1 Pc Manager 2026-02-26 9.1 Critical
Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-8354 1 Autodesk 2 Revit, Revit Lt 2026-02-26 7.8 High
A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Type Confusion vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVE-2025-55230 1 Microsoft 28 Windows, Windows 10, Windows 10 1507 and 25 more 2026-02-26 7.8 High
Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.
CVE-2025-55231 1 Microsoft 10 Server, Windows, Windows Server and 7 more 2026-02-26 7.5 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Storage allows an unauthorized attacker to execute code over a network.
CVE-2025-23308 3 Linux, Microsoft, Nvidia 3 Linux Kernel, Windows, Cuda Toolkit 2026-02-26 3.3 Low
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where an attacker may cause a heap-based buffer overflow by getting the user to run nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to arbitrary code execution at the privilege level of the user running nvdisasm.
CVE-2023-49886 1 Ibm 1 Transformation Extender Advanced 2026-02-26 9.8 Critical
IBM Standards Processing Engine 10.0.1.10 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe java deserialization. By sending specially crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2025-33120 1 Ibm 2 Qradar Incident Forensics, Qradar Security Information And Event Manager 2026-02-26 7.8 High
IBM QRadar SIEM 7.5 through 7.5.0 UP13 could allow an authenticated user to escalate their privileges via a misconfigured cronjob due to execution with unnecessary privileges.
CVE-2025-23339 3 Linux, Microsoft, Nvidia 3 Linux Kernel, Windows, Cuda Toolkit 2026-02-26 3.3 Low
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in cuobjdump where an attacker may cause a stack-based buffer overflow by getting the user to run cuobjdump on a malicious ELF file. A successful exploit of this vulnerability may lead to arbitrary code execution at the privilege level of the user running cuobjdump.
CVE-2025-36156 1 Ibm 2 Infosphere Data Replication, Infosphere Data Replication Vsam For Z\/os Remote Source 2026-02-26 7.4 High
IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with access to the files storing CECSUB or CECRM on the container could overflow the buffer and execute arbitrary code on the system.
CVE-2025-21476 1 Qualcomm 85 Qca6391, Qca6391 Firmware, Qca6698aq and 82 more 2026-02-26 7.8 High
Memory corruption when passing parameters to the Trusted Virtual Machine during the handshake.
CVE-2025-26496 4 Linux, Microsoft, Salesforce and 1 more 6 Linux, Windows, Tableau Desktop and 3 more 2026-02-26 9.3 Critical
Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Salesforce Tableau Server, Tableau Desktop on Windows, Linux (File Upload modules) allows Local Code Inclusion.This issue affects Tableau Server, Tableau Desktop: before 2025.1.3, before 2024.2.12, before 2023.3.19.
CVE-2025-43914 4 Canonical, Dell, Linux and 1 more 5 Ubuntu, Data Domain Operating System, Powerprotect Data Domain and 2 more 2026-02-26 7.5 High
Dell PowerProtect Data Domain BoostFS for Linux Ubuntu systems of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.
CVE-2025-21481 1 Qualcomm 499 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 496 more 2026-02-26 7.8 High
Memory corruption while performing private key encryption in trusted application.