Export limit exceeded: 364170 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364170 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-48638 1 Google 1 Android 2026-02-26 7.8 High
In __pkvm_load_tracing of trace.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-11621 1 Hashicorp 2 Vault, Vault Enterprise 2026-02-26 8.1 High
Vault and Vault Enterprise’s (“Vault”) AWS Auth method may be susceptible to authentication bypass if the role of the configured bound_principal_iam is the same across AWS accounts, or uses a wildcard. This vulnerability, CVE-2025-11621, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.21.0, 1.20.5, 1.19.11, and 1.16.27
CVE-2025-11797 1 Autodesk 1 3ds Max 2026-02-26 7.8 High
A maliciously crafted DWG file, when parsed through Autodesk 3ds Max, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVE-2025-48639 1 Google 1 Android 2026-02-26 7.3 High
In DefaultTransitionHandler.java, there is a possible way to unknowingly grant permissions to an app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2025-13042 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-02-26 8.8 High
Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-48625 1 Google 1 Android 2026-02-26 7 High
In multiple locations of UsbDataAdvancedProtectionHook.java, there is a possible way to access USB data when the screen is off due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-59500 1 Microsoft 2 Azure, Azure Notification Service 2026-02-26 7.7 High
Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network.
CVE-2024-48829 1 Dell 1 Smartfabric Os10 2026-02-26 6.7 Medium
Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Control of Generation of Code ('Code Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
CVE-2025-59273 1 Microsoft 3 Azure, Azure Event Grid, Azure Event Grid System 2026-02-26 7.3 High
Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-46428 1 Dell 1 Smartfabric Os10 2026-02-26 8.8 High
Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.
CVE-2025-59503 1 Microsoft 2 Azure, Azure Compute Resource Provider 2026-02-26 10 Critical
Server-side request forgery (ssrf) in Azure Compute Gallery allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-46427 1 Dell 1 Smartfabric Os10 2026-02-26 8.8 High
Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
CVE-2025-59367 1 Asus 6 Dsl-ac51, Dsl-ac51 Firmware, Dsl-ac750 and 3 more 2026-02-26 9.8 Critical
An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system. Refer to the 'Security Update for DSL Series Router' section on the ASUS Security Advisory for more information.
CVE-2025-46425 1 Dell 2 Dell Storage Manager, Storage Manager 2026-02-26 6.5 Medium
Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
CVE-2025-12762 1 Pgadmin 1 Pgadmin 4 2026-02-26 9.1 Critical
pgAdmin versions up to 9.9 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical risk to the integrity and security of the database management system and underlying data.
CVE-2025-43995 1 Dell 2 Dell Storage Manager, Storage Manager 2026-02-26 9.8 Critical
Dell Storage Center - Dell Storage Manager, version(s) 20.1.21, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Authentication Bypass in DSM Data Collector. An unauthenticated remote attacker can access APIs exposed by ApiProxy.war in DataCollectorEar.ear by using a special SessionKey and UserId. These userid are special users created in compellentservicesapi for special purposes.
CVE-2025-12763 2 Microsoft, Pgadmin 2 Windows, Pgadmin 4 2026-02-26 6.8 Medium
pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input.
CVE-2025-64740 2 Microsoft, Zoom 6 Windows, Workplace, Workplace App and 3 more 2026-02-26 7.5 High
Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
CVE-2025-10573 1 Ivanti 1 Endpoint Manager 2026-02-26 9.6 Critical
Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required.
CVE-2025-12245 1 Chatwoot 1 Chatwoot 2026-02-26 5.3 Medium
A vulnerability was identified in chatwoot up to 4.7.0. This vulnerability affects the function initPostMessageCommunication of the file app/javascript/sdk/IFrameHelper.js of the component Widget. The manipulation of the argument baseUrl leads to origin validation error. Remote exploitation of the attack is possible. The vendor was contacted early about this disclosure but did not respond in any way.