Export limit exceeded: 366649 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366649 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366649 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-10244 | 1 Autodesk | 1 Fusion | 2026-02-26 | 8.7 High |
| A maliciously crafted HTML payload, when rendered by the Autodesk Fusion desktop application, can trigger a Stored Cross-site Scripting (XSS) vulnerability. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process. | ||||
| CVE-2025-53763 | 1 Microsoft | 2 Azure, Office Purview Data Governance | 2026-02-26 | 9.8 Critical |
| Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-53795 | 1 Microsoft | 1 Pc Manager | 2026-02-26 | 9.1 Critical |
| Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-8354 | 1 Autodesk | 2 Revit, Revit Lt | 2026-02-26 | 7.8 High |
| A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Type Confusion vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | ||||
| CVE-2025-55230 | 1 Microsoft | 28 Windows, Windows 10, Windows 10 1507 and 25 more | 2026-02-26 | 7.8 High |
| Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55231 | 1 Microsoft | 10 Server, Windows, Windows Server and 7 more | 2026-02-26 | 7.5 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Storage allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-23308 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2026-02-26 | 3.3 Low |
| NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where an attacker may cause a heap-based buffer overflow by getting the user to run nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to arbitrary code execution at the privilege level of the user running nvdisasm. | ||||
| CVE-2023-49886 | 1 Ibm | 1 Transformation Extender Advanced | 2026-02-26 | 9.8 Critical |
| IBM Standards Processing Engine 10.0.1.10 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe java deserialization. By sending specially crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. | ||||
| CVE-2025-33120 | 1 Ibm | 2 Qradar Incident Forensics, Qradar Security Information And Event Manager | 2026-02-26 | 7.8 High |
| IBM QRadar SIEM 7.5 through 7.5.0 UP13 could allow an authenticated user to escalate their privileges via a misconfigured cronjob due to execution with unnecessary privileges. | ||||
| CVE-2025-23339 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2026-02-26 | 3.3 Low |
| NVIDIA CUDA Toolkit for all platforms contains a vulnerability in cuobjdump where an attacker may cause a stack-based buffer overflow by getting the user to run cuobjdump on a malicious ELF file. A successful exploit of this vulnerability may lead to arbitrary code execution at the privilege level of the user running cuobjdump. | ||||
| CVE-2025-36156 | 1 Ibm | 2 Infosphere Data Replication, Infosphere Data Replication Vsam For Z\/os Remote Source | 2026-02-26 | 7.4 High |
| IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with access to the files storing CECSUB or CECRM on the container could overflow the buffer and execute arbitrary code on the system. | ||||
| CVE-2025-21476 | 1 Qualcomm | 85 Qca6391, Qca6391 Firmware, Qca6698aq and 82 more | 2026-02-26 | 7.8 High |
| Memory corruption when passing parameters to the Trusted Virtual Machine during the handshake. | ||||
| CVE-2025-26496 | 4 Linux, Microsoft, Salesforce and 1 more | 6 Linux, Windows, Tableau Desktop and 3 more | 2026-02-26 | 9.3 Critical |
| Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Salesforce Tableau Server, Tableau Desktop on Windows, Linux (File Upload modules) allows Local Code Inclusion.This issue affects Tableau Server, Tableau Desktop: before 2025.1.3, before 2024.2.12, before 2023.3.19. | ||||
| CVE-2025-43914 | 4 Canonical, Dell, Linux and 1 more | 5 Ubuntu, Data Domain Operating System, Powerprotect Data Domain and 2 more | 2026-02-26 | 7.5 High |
| Dell PowerProtect Data Domain BoostFS for Linux Ubuntu systems of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. | ||||
| CVE-2025-21481 | 1 Qualcomm | 499 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 496 more | 2026-02-26 | 7.8 High |
| Memory corruption while performing private key encryption in trusted application. | ||||
| CVE-2025-4609 | 2 Google, Microsoft | 2 Chrome, Windows | 2026-02-26 | 9.6 Critical |
| Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) | ||||
| CVE-2025-43890 | 1 Dell | 3 Data Domain Operating System, Powerprotect Data Domain, Powerprotect Dd | 2026-02-26 | 6.7 Medium |
| Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution. Exploitation may allow privilege escalation to root. | ||||
| CVE-2025-21482 | 1 Qualcomm | 575 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 572 more | 2026-02-26 | 7.1 High |
| Cryptographic issue while performing RSA PKCS padding decoding. | ||||
| CVE-2025-36157 | 1 Ibm | 1 Jazz Foundation | 2026-02-26 | 9.8 Critical |
| IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to perform unauthorized actions. | ||||
| CVE-2025-43906 | 1 Dell | 3 Data Domain Operating System, Powerprotect Data Domain, Powerprotect Dd | 2026-02-26 | 6.7 Medium |
| Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution. Exploitation may allow privilege escalation to root. | ||||