Export limit exceeded: 74904 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74904 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-48637 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-23352 | 1 Nvidia | 1 Virtual Gpu Manager | 2026-02-26 | 7.8 High |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause uninitialized pointer access. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2025-11795 | 1 Autodesk | 1 3ds Max | 2026-02-26 | 7.8 High |
| A maliciously crafted JPG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2025-48638 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In __pkvm_load_tracing of trace.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-11621 | 1 Hashicorp | 2 Vault, Vault Enterprise | 2026-02-26 | 8.1 High |
| Vault and Vault Enterprise’s (“Vault”) AWS Auth method may be susceptible to authentication bypass if the role of the configured bound_principal_iam is the same across AWS accounts, or uses a wildcard. This vulnerability, CVE-2025-11621, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.21.0, 1.20.5, 1.19.11, and 1.16.27 | ||||
| CVE-2025-11797 | 1 Autodesk | 1 3ds Max | 2026-02-26 | 7.8 High |
| A maliciously crafted DWG file, when parsed through Autodesk 3ds Max, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2025-48639 | 1 Google | 1 Android | 2026-02-26 | 7.3 High |
| In DefaultTransitionHandler.java, there is a possible way to unknowingly grant permissions to an app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2025-13042 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-26 | 8.8 High |
| Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-48625 | 1 Google | 1 Android | 2026-02-26 | 7 High |
| In multiple locations of UsbDataAdvancedProtectionHook.java, there is a possible way to access USB data when the screen is off due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-12100 | 1 Mongodb | 2 Connector For Bi, Mongodb | 2026-02-26 | 7.8 High |
| Incorrect Default Permissions vulnerability in MongoDB BI Connector ODBC driver allows Privilege Escalation.This issue affects BI Connector ODBC driver: from 1.0.0 through 1.4.6. | ||||
| CVE-2025-10495 | 1 Lenovo | 5 App Store, Browser, Legion Zone and 2 more | 2026-02-26 | 7.5 High |
| A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker on the same logical network to execute arbitrary code. | ||||
| CVE-2025-59500 | 1 Microsoft | 2 Azure, Azure Notification Service | 2026-02-26 | 7.7 High |
| Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-59273 | 1 Microsoft | 3 Azure, Azure Event Grid, Azure Event Grid System | 2026-02-26 | 7.3 High |
| Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-46428 | 1 Dell | 1 Smartfabric Os10 | 2026-02-26 | 8.8 High |
| Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. | ||||
| CVE-2025-14322 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-02-26 | 8 High |
| Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. | ||||
| CVE-2025-46427 | 1 Dell | 1 Smartfabric Os10 | 2026-02-26 | 8.8 High |
| Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. | ||||
| CVE-2025-14323 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-02-26 | 8.8 High |
| Privilege escalation in the DOM: Notifications component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. | ||||
| CVE-2025-10680 | 1 Openvpn | 1 Openvpn | 2026-02-26 | 8.8 High |
| OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use | ||||
| CVE-2025-14328 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-02-26 | 8.8 High |
| Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. | ||||
| CVE-2025-14329 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-02-26 | 8.8 High |
| Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. | ||||