Export limit exceeded: 366369 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366369 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366369 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-46685 | 1 Dell | 1 Supportassist Os Recovery | 2026-02-26 | 7.5 High |
| Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | ||||
| CVE-2025-36384 | 1 Ibm | 1 Db2 | 2026-02-26 | 8.4 High |
| IBM Db2 for Windows 12.1.0 - 12.1.3 could allow a local user with filesystem access to escalate their privileges due to the use of an unquoted search path element. | ||||
| CVE-2025-36365 | 1 Ibm | 1 Db2 | 2026-02-26 | 6.8 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific configuration of cataloged remote storage aliases could allow an authenticated user to execute unauthorized commands due to an authorization bypass vulnerability using a user-controlled key. | ||||
| CVE-2025-36184 | 1 Ibm | 1 Db2 | 2026-02-26 | 7.2 High |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 could allow an instance owner to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level. | ||||
| CVE-2025-14914 | 1 Ibm | 1 Websphere Application Server | 2026-02-26 | 7.6 High |
| IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution. | ||||
| CVE-2025-47358 | 1 Qualcomm | 43 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 40 more | 2026-02-26 | 7.8 High |
| Memory Corruption when user space address is modified and passed to mem_free API, causing kernel memory to be freed inadvertently. | ||||
| CVE-2025-47359 | 1 Qualcomm | 75 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 72 more | 2026-02-26 | 7.8 High |
| Memory Corruption when multiple threads simultaneously access a memory free API. | ||||
| CVE-2025-47363 | 1 Qualcomm | 71 Qam8255p, Qam8255p Firmware, Qam8295p and 68 more | 2026-02-26 | 6.8 Medium |
| Memory corruption when calculating oversized partition sizes without proper checks. | ||||
| CVE-2025-47364 | 1 Qualcomm | 71 Qam8255p, Qam8255p Firmware, Qam8295p and 68 more | 2026-02-26 | 6.8 Medium |
| Memory corruption while calculating offset from partition start point. | ||||
| CVE-2025-47366 | 1 Qualcomm | 319 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 316 more | 2026-02-26 | 7.1 High |
| Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input. | ||||
| CVE-2025-47397 | 1 Qualcomm | 295 Ar8031, Ar8031 Firmware, Csra6620 and 292 more | 2026-02-26 | 7.8 High |
| Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors. | ||||
| CVE-2025-47398 | 1 Qualcomm | 307 Ar8031, Ar8031 Firmware, Csra6620 and 304 more | 2026-02-26 | 7.8 High |
| Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers. | ||||
| CVE-2025-47399 | 1 Qualcomm | 29 Cologne, Cologne Firmware, Fastconnect 7800 and 26 more | 2026-02-26 | 7.8 High |
| Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters. | ||||
| CVE-2025-58382 | 2 Broadcom, Brocade | 2 Fabric Operating System, Fabric Os | 2026-02-26 | 7.2 High |
| A vulnerability in the secure configuration of authentication and management services in Brocade Fabric OS before Fabric OS 9.2.1c2 could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands as root using “supportsave”, “seccertmgmt”, “configupload” command. | ||||
| CVE-2025-58383 | 2 Broadcom, Brocade | 2 Fabric Operating System, Fabric Os | 2026-02-26 | 7.2 High |
| A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level user to execute the bind command, to escalate privileges and bypass security controls allowing the execution of arbitrary commands. | ||||
| CVE-2025-9711 | 2 Broadcom, Brocade | 2 Fabric Operating System, Fabric Os | 2026-02-26 | 7.8 High |
| A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow elevating the privileges of the local authenticated user to “root” using the export option of seccertmgmt and seccryptocfg commands. | ||||
| CVE-2025-67848 | 1 Moodle | 1 Moodle | 2026-02-26 | 8.1 High |
| A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability (LTI) Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access to the system. This can lead to information disclosure or other unauthorized actions by users who should be restricted. | ||||
| CVE-2025-67849 | 1 Moodle | 1 Moodle | 2026-02-26 | 7.3 High |
| A flaw was found in Moodle. This cross-site scripting (XSS) vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface could be manipulated. | ||||
| CVE-2025-67850 | 1 Moodle | 1 Moodle | 2026-02-26 | 7.3 High |
| A flaw was found in moodle. This vulnerability, known as Cross-Site Scripting (XSS), occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code into these fields. When other users view these expressions, the malicious code would execute in their web browsers, potentially compromising their data or leading to unauthorized actions. | ||||
| CVE-2024-4040 | 1 Crushftp | 1 Crushftp | 2026-02-26 | 9.8 Critical |
| A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server. | ||||