Export limit exceeded: 20193 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 11548 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (6482 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-37105 | 1 Hpe | 1 Autopass License Server | 2026-02-26 | 7.5 High |
| An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18. | ||||
| CVE-2025-54451 | 2 Samsung, Samsung Electronics | 2 Magicinfo 9 Server, Magicinfo 9 Server | 2026-02-26 | 9.8 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0. | ||||
| CVE-2025-7361 | 2 Microsoft, Ni | 2 Windows, Labview | 2026-02-26 | 7.8 High |
| A code injection vulnerability due to an improper initialization check exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI using a CIN node. This vulnerability affects 32-bit NI LabVIEW 2025 Q1 and prior versions. LabVIEW 64-bit versions do not support CIN nodes and are not affected. | ||||
| CVE-2025-6204 | 1 3ds | 1 Delmia Apriso | 2026-02-26 | 8 High |
| An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code. | ||||
| CVE-2025-8356 | 1 Xerox | 1 Freeflow Core | 2026-02-26 | 9.8 Critical |
| In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system. | ||||
| CVE-2025-42922 | 1 Sap | 4 Java As, Netweaver, Netweaver Java and 1 more | 2026-02-26 | 9.9 Critical |
| SAP NetWeaver AS Java allows an attacker authenticated as a non-administrative user to use a flaw in an available service to upload an arbitrary file. This file when executed can lead to a full compromise of confidentiality, integrity and availability of the system. | ||||
| CVE-2025-23304 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2026-02-26 | 7.8 High |
| NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously crafted metadata. A successful exploit of this vulnerability may lead to remote code execution and data tampering. | ||||
| CVE-2025-23295 | 1 Nvidia | 1 Apex | 2026-02-26 | 7.8 High |
| NVIDIA Apex for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2025-54466 | 1 Apache | 1 Ofbiz | 2026-02-26 | 6.3 Medium |
| Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache OFBiz scrum plugin. This issue affects Apache OFBiz: before 24.09.02 only when the scrum plugin is used. Even unauthenticated attackers can exploit this vulnerability. Users are recommended to upgrade to version 24.09.02, which fixes the issue. | ||||
| CVE-2025-23307 | 1 Nvidia | 2 Nemo, Nemo Curator | 2026-02-26 | 7.8 High |
| NVIDIA NeMo Curator for all platforms contains a vulnerability where a malicious file created by an attacker could allow code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2025-23312 | 1 Nvidia | 1 Nemo | 2026-02-26 | 7.8 High |
| NVIDIA NeMo Framework for all platforms contains a vulnerability in the retrieval services component, where malicious data created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2025-23313 | 1 Nvidia | 1 Nemo | 2026-02-26 | 7.8 High |
| NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2025-23314 | 1 Nvidia | 1 Nemo | 2026-02-26 | 7.8 High |
| NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2025-23315 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2026-02-26 | 7.8 High |
| NVIDIA NeMo Framework for all platforms contains a vulnerability in the export and deploy component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2025-11539 | 1 Grafana | 2 Grafana, Grafana-image-renderer | 2026-02-26 | 9.9 Critical |
| Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then loaded by the Chromium process. Instances are vulnerable if: 1. The default token ("authToken") is not changed, or is known to the attacker. 2. The attacker can reach the image renderer endpoint. This issue affects grafana-image-renderer: from 1.0.0 through 4.0.16. | ||||
| CVE-2025-59251 | 1 Microsoft | 1 Edge Chromium | 2026-02-26 | 7.6 High |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||||
| CVE-2025-31365 | 2 Apple, Fortinet | 3 Macos, Forticlient, Forticlientmac | 2026-02-26 | 5.5 Medium |
| An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientMac 7.4.0 through 7.4.3, 7.2.1 through 7.2.8 may allow an unauthenticated attacker to execute arbitrary code on the victim's host via tricking the user into visiting a malicious website. | ||||
| CVE-2025-23361 | 1 Nvidia | 1 Nemo | 2026-02-26 | 7.8 High |
| NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious input created by an attacker may cause improper control of code generation. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2025-33178 | 1 Nvidia | 1 Nemo | 2026-02-26 | 7.8 High |
| NVIDIA NeMo Framework for all platforms contains a vulnerability in the bert services component where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to Code execution, Escalation of privileges, Information disclosure, and Data tampering. | ||||
| CVE-2025-61932 | 1 Motex | 1 Lanscope Endpoint Manager | 2026-02-26 | N/A |
| Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets. | ||||