Export limit exceeded: 363878 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363878 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-31838 1 Mcafee 1 Mvision Edr 2026-02-24 8.4 High
A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the EDR functionality 'execute reaction'.
CVE-2021-26887 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2026-02-24 7.8 High
<p>An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting another user's personal data to a created folder.</p> <p>To exploit the vulnerability, an attacker can create a new folder under the Folder Redirection root path and create a junction on a newly created User folder. When the new user logs in, Folder Redirection would start redirecting to the folder and copying personal data.</p> <p>This elevation of privilege vulnerability can only be addressed by reconfiguring Folder Redirection with Offline files and restricting permissions, and NOT via a security update for affected Windows Servers. See the <strong>FAQ</strong> section of this CVE for configuration guidance.</p>
CVE-2021-26353 1 Amd 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more 2026-02-24 7.8 High
Failure to validate inputs in SMM may allow an attacker to create a mishandled error leaving the DRTM UApp in a partially initialized state potentially resulting in loss of memory integrity.
CVE-2021-24105 1 Microsoft 1 Package Manager Configurations 2026-02-24 8.4 High
<p>Depending on configuration of various package managers it is possible for an attacker to insert a malicious package into a package manager's repository which can be retrieved and used during development, build, and release processes. This insertion could lead to remote code execution. We believe this vulnerability affects multiple package managers across multiple languages, including but not limited to: Python/pip, .NET/NuGet, Java/Maven, JavaScript/npm.</p> <p><strong>Attack scenarios</strong></p> <p>An attacker could take advantage of this ecosystem-wide issue to cause harm in a variety of ways. The original attack scenarios were discovered by Alex Birsan and are detailed in their whitepaper, <a href="https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610">Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies</a>.</p> <ul> <li><p>With basic knowledge of the target ecosystems, an attacker could create an empty shell for a package and insert malicious code in the install scripts, give it a high version, and publish it to the public repository. Vulnerable victim machines will download the higher version of the package between the public and private repositories and attempt to install it. Due to code incompatibility it will probably error out upon import or upon compilation, making it easier to detect; however the attacker would have gained code execution by that point.</p> </li> <li><p>An advanced attacker with some inside knowledge of the target could take a copy of a working package, insert the malicious code (in the package itself or in the install), and then publish it to a public repository. The package will likely install and import correctly, granting the attacker an initial foothold and persistence.</p> </li> </ul> <p>These two methods could affect target organizations at any of these various levels:</p> <ul> <li>Developer machines</li> <li>An entire team if the configuration to import the malicious package is uploaded to a code repository</li> <li>Continuous integration pipelines if they pull the malicious packages during the build, test, and/or deploy stages</li> <li>Customers, download servers, production services if the malicious code has not been detected</li> </ul> <p>This remote code execution vulnerability can only be addressed by reconfiguring installation tools and workflows, and not by correcting anything in the package repositories themselves. See the <strong>FAQ</strong> section of this CVE for configuration guidance.</p>
CVE-2021-23892 1 Mcafee 1 Endpoint Security For Linux Threat Prevention 2026-02-24 8.2 High
By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitrary code through insecure use of predictable temporary file locations.
CVE-2025-60036 2 Bosch, Bosch Rexroth 4 Rexroth Indraworks, Rexroth Ua.testclient, Indraworks and 1 more 2026-02-24 7.8 High
A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the UA.Testclient.
CVE-2025-60037 2 Bosch, Bosch Rexroth 2 Rexroth Indraworks, Indraworks 2026-02-24 7.8 High
A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks.
CVE-2025-60038 2 Bosch, Bosch Rexroth 2 Rexroth Indraworks, Indraworks 2026-02-24 7.8 High
A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks.
CVE-2025-60035 2 Bosch, Bosch Rexroth 2 Rexroth Indraworks, Indraworks 2026-02-24 7.8 High
A vulnerability has been identified in the OPC.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the OPC.Testclient.
CVE-2021-1730 1 Microsoft 1 Exchange Server 2026-02-24 5.4 Medium
<p>A spoofing vulnerability exists in Microsoft Exchange Server which could result in an attack that would allow a malicious actor to impersonate the user.</p> <p>This update addresses this vulnerability.</p> <p>To prevent these types of attacks, Microsoft recommends customers to download inline images from different DNSdomains than the rest of OWA. Please see further instructions in the FAQ to put in place this mitigations.</p>
CVE-2025-68621 2 Triliumnext, Triliumnotes 2 Trilium, Trilium 2026-02-24 7.4 High
Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. Prior to 0.101.0, a critical timing attack vulnerability in Trilium's sync authentication endpoint allows unauthenticated remote attackers to recover HMAC authentication hashes byte-by-byte through statistical timing analysis. This enables complete authentication bypass without password knowledge, granting full read/write access to victim's knowledge base. This vulnerability is fixed in 0.101.0.
CVE-2020-37161 2 Wedding-slideshow-studio, Wedding Slideshow Studio 2 Wedding Slideshow Studio, Wedding Slideshow Studio 2026-02-24 9.8 Critical
Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the registration name field with malicious payload. Attackers can craft a specially designed payload to trigger remote code execution, demonstrating the ability to run system commands like launching the calculator.
CVE-2023-30860 1 Wwbn 1 Avideo 2026-02-24 8 High
WWBN AVideo is an open source video platform. In AVideo prior to version 12.4, a normal user can make a Meeting Schedule where the user can invite another user in that Meeting, but it does not properly sanitize the malicious characters when creating a Meeting Room. This allows attacker to insert malicious scripts. Since any USER including the ADMIN can see the meeting room that was created by the attacker this can lead to cookie hijacking and takeover of any accounts. Version 12.4 contains a patch for this issue.
CVE-2020-37162 2 Wedding-slideshow-studio, Wedding Slideshow Studio 2 Wedding Slideshow Studio, Wedding Slideshow Studio 2026-02-24 9.8 Critical
Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability in the registration key input that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload of 1608 bytes to trigger a stack-based buffer overflow and execute commands through the registration key field.
CVE-2025-3508 1 Hp 150 1vd83a, 1vd83a Firmware, 1vd84a and 147 more 2026-02-24 6.5 Medium
Certain HP DesignJet products may be vulnerable to information disclosure though printer's web interface allowing unauthenticated users to view sensitive print job information.
CVE-2025-1004 1 Hp 20 4pa41a, 4pa41a Firmware, 4pa42a and 17 more 2026-02-24 5.3 Medium
Certain HP LaserJet Pro printers may potentially experience a denial of service when a user sends a raw JPEG file to the printer via IPP (Internet Printing Protocol).
CVE-2024-5749 1 Hp 32 1jl02b, 1jl02b Firmware, Designjet T730 Firmware and 29 more 2026-02-24 7.5 High
Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials.
CVE-2024-9423 1 Hp 205 1y7d4a, 1y7d4a Firmware, 2a129a and 202 more 2026-02-24 5.3 Medium
Certain HP LaserJet printers may potentially experience a denial of service when a user sends a raw JPEG file to the printer. The printer displays a “JPEG Unsupported” message which may not clear, potentially blocking queued print jobs.
CVE-2025-43018 1 Hp 39 Hp, Laserjet Mfp M428, Laserjet Mfp M429 and 36 more 2026-02-24 5.3 Medium
Certain HP LaserJet Pro printers may be vulnerable to information disclosure when a non-authenticated user queries a device’s local address book.
CVE-2025-13289 1 1000projects 2 Design & Development Of Student Database Management System, Design \& Development Of Student Database Management System 2026-02-24 6.3 Medium
A vulnerability was detected in 1000projects Design & Development of Student Database Management System 1.0. Affected is an unknown function of the file /TeacherLogin/Academics/SubjectDetails.php. The manipulation of the argument SubCode results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.