Export limit exceeded: 23767 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 20057 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20057 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-43562 | 1 Adobe | 1 Coldfusion | 2026-02-26 | 9.1 Critical |
| ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed. | ||||
| CVE-2025-1275 | 1 Autodesk | 12 Advance Steel, Autocad, Autocad Architecture and 9 more | 2026-02-26 | 7.8 High |
| A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2025-1276 | 1 Autodesk | 18 Advance Steel, Autocad, Autocad Architecture and 15 more | 2026-02-26 | 7.8 High |
| A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | ||||
| CVE-2025-2497 | 1 Autodesk | 1 Revit | 2026-02-26 | 7.8 High |
| A maliciously crafted DWG file, when parsed through Autodesk Revit, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2025-1273 | 1 Autodesk | 11 Advance Steel, Autocad, Autocad Architecture and 8 more | 2026-02-26 | 7.8 High |
| A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2025-1656 | 1 Autodesk | 11 Advance Steel, Autocad, Autocad Architecture and 8 more | 2026-02-26 | 7.8 High |
| A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2025-1277 | 1 Autodesk | 11 Advance Steel, Autocad, Autocad Architecture and 8 more | 2026-02-26 | 7.8 High |
| A maliciously crafted PDF file, when parsed through Autodesk applications, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2025-1274 | 1 Autodesk | 11 Advance Steel, Autocad, Autocad Architecture and 8 more | 2026-02-26 | 7.8 High |
| A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | ||||
| CVE-2025-1976 | 1 Broadcom | 1 Fabric Operating System | 2026-02-26 | 6.7 Medium |
| Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6. | ||||
| CVE-2025-20308 | 1 Cisco | 1 Spaces Connector | 2026-02-26 | 6 Medium |
| A vulnerability in Cisco Spaces Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. This vulnerability is due to insufficient restrictions during the execution of specific CLI commands. An attacker could exploit this vulnerability by logging in to the Cisco Spaces Connector CLI as the spacesadmin user and executing a specific command with crafted parameters. A successful exploit could allow the attacker to elevate privileges from the spacesadmin user and execute arbitrary commands on the underlying operating system as root. | ||||
| CVE-2025-20319 | 1 Splunk | 2 Splunk, Splunk Enterprise | 2026-02-26 | 6.8 Medium |
| In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a user who holds a role that contains the high-privilege capability `edit_scripted` and `list_inputs` capability , could perform a remote command execution due to improper user input sanitization on the scripted input files.<br><br>See [Define roles on the Splunk platform with capabilities](https://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities) and [Setting up a scripted input ](https://docs.splunk.com/Documentation/Splunk/9.4.2/AdvancedDev/ScriptSetup)for more information. | ||||
| CVE-2025-5280 | 1 Google | 1 Chrome | 2026-02-26 | 8.8 High |
| Out of bounds write in V8 in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-24351 | 2026-02-26 | 8.8 High | ||
| A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to execute arbitrary OS commands in the context of user “root” via a crafted HTTP request. | ||||
| CVE-2025-20982 | 2 Samsung, Samsung Mobile | 2 Android, Samsung Mobile Devices | 2026-02-26 | 6.4 Medium |
| Out-of-bounds write in setting auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory. | ||||
| CVE-2025-20983 | 1 Samsung | 2 Android, Mobile | 2026-02-26 | 6.4 Medium |
| Out-of-bounds write in checking auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory. | ||||
| CVE-2025-47998 | 1 Microsoft | 11 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 8 more | 2026-02-26 | 8.8 High |
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-48805 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-26 | 7.8 High |
| Heap-based buffer overflow in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally. | ||||
| CVE-2025-5419 | 2 Google, Microsoft | 2 Chrome, Edge Chromium | 2026-02-26 | 8.8 High |
| Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-22481 | 1 Qnap | 2 Qts, Quts Hero | 2026-02-26 | 8.8 High |
| A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3079 build 20250321 and later | ||||
| CVE-2025-49537 | 1 Adobe | 1 Coldfusion | 2026-02-26 | 7.9 High |
| ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by a high-privileged attacker. Exploitation of this issue requires user interaction and scope is changed. The vulnerable component is restricted to internal IP addresses. | ||||