Export limit exceeded: 348230 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 348230 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43615 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53762 | 1 Microsoft | 2 Office Purview, Purview | 2026-02-26 | 8.7 High |
| Permissive list of allowed inputs in Microsoft Purview allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-6557 | 2 Google, Microsoft | 2 Chrome, Windows | 2026-02-26 | 5.4 Medium |
| Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2025-5042 | 1 Autodesk | 2 Revit, Revit Lt | 2026-02-26 | 7.8 High |
| A maliciously crafted RFA file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2025-6543 | 2 Citrix, Netscaler | 4 Netscaler Application Delivery Controller, Netscaler Gateway, Adc and 1 more | 2026-02-26 | 9.8 Critical |
| Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server | ||||
| CVE-2025-40596 | 1 Sonicwall | 6 Sma 210, Sma 210 Firmware, Sma 410 and 3 more | 2026-02-26 | 7.3 High |
| A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution. | ||||
| CVE-2025-40597 | 1 Sonicwall | 6 Sma 210, Sma 210 Firmware, Sma 410 and 3 more | 2026-02-26 | 7.5 High |
| A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution. | ||||
| CVE-2025-33076 | 1 Ibm | 2 Engineering Systems Design Rhapsody, Rhapsody Design Manager | 2026-02-26 | 8.8 High |
| IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system. | ||||
| CVE-2025-33077 | 1 Ibm | 2 Engineering Systems Design Rhapsody, Rhapsody Design Manager | 2026-02-26 | 8.8 High |
| IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system. | ||||
| CVE-2025-33092 | 1 Ibm | 1 Db2 | 2026-02-26 | 7.8 High |
| IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a stack-based buffer overflow in db2fm, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system. | ||||
| CVE-2025-7848 | 1 Ni | 1 Labview | 2026-02-26 | 7.8 High |
| A memory corruption vulnerability due to improper input validation in lvpict.cpp exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions. | ||||
| CVE-2025-7849 | 1 Ni | 1 Labview | 2026-02-26 | 7.8 High |
| A memory corruption vulnerability due to improper error handling when a VILinkObj is null exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions. | ||||
| CVE-2025-7025 | 1 Rockwellautomation | 1 Arena | 2026-02-26 | 7.8 High |
| A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information. | ||||
| CVE-2025-7032 | 1 Rockwellautomation | 1 Arena | 2026-02-26 | 7.8 High |
| A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information. | ||||
| CVE-2025-7033 | 1 Rockwellautomation | 2 Arena, Arena Simulation | 2026-02-26 | 7.8 High |
| A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information. | ||||
| CVE-2025-6013 | 1 Hashicorp | 2 Vault, Vault Enterprise | 2026-02-26 | 6.5 Medium |
| Vault and Vault Enterprise’s (“Vault”) ldap auth method may not have correctly enforced MFA if username_as_alias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and 1.16.24. | ||||
| CVE-2025-3354 | 1 Ibm | 1 Tivoli Monitoring | 2026-02-26 | 8.1 High |
| IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. | ||||
| CVE-2025-22417 | 1 Google | 1 Android | 2026-02-26 | 7.3 High |
| In finishTransition of Transition.java, there is a possible way to bypass touch filtering restrictions due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2025-22419 | 1 Google | 1 Android | 2026-02-26 | 7.3 High |
| In multiple locations, there is a possible way to mislead the user into enabling malicious phone calls forwarding due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2025-6634 | 1 Autodesk | 2 3ds Max, 3ds Max | 2026-02-26 | 7.8 High |
| A maliciously crafted TGA file, when linked or imported into Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2025-26416 | 1 Google | 1 Android | 2026-02-26 | 9.8 Critical |
| In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||