Export limit exceeded: 334978 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 334978 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334978 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1212 | 2 Kemptechnologies, Progress | 2 Loadmaster, Loadmaster | 2026-02-26 | 10 Critical |
| Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution. | ||||
| CVE-2025-64111 | 1 Gogs | 1 Gogs | 2026-02-26 | 9.8 Critical |
| Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, due to the insufficient patch for CVE-2024-56731, it's still possible to update files in the .git directory and achieve remote command execution. This issue has been patched in versions 0.13.4 and 0.14.0+dev. | ||||
| CVE-2026-21275 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2026-02-26 | 7.8 High |
| InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-64175 | 1 Gogs | 1 Gogs | 2026-02-26 | 8.8 High |
| Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, Gogs’ 2FA recovery code validation does not scope codes by user, enabling cross-account bypass. If an attacker knows a victim’s username and password, they can use any unused recovery code (e.g., from their own account) to bypass the victim’s 2FA. This enables full account takeover and renders 2FA ineffective in all environments where it's enabled.. This issue has been patched in versions 0.13.4 and 0.14.0+dev. | ||||
| CVE-2026-21304 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2026-02-26 | 7.8 High |
| InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-1731 | 1 Beyondtrust | 2 Privileged Remote Access, Remote Support | 2026-02-26 | 9.8 Critical |
| BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user. | ||||
| CVE-2026-21277 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2026-02-26 | 7.8 High |
| InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-25847 | 1 Jetbrains | 1 Pycharm | 2026-02-26 | 8.2 High |
| In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible | ||||
| CVE-2026-21280 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2026-02-26 | 8.6 High |
| Illustrator versions 29.8.3, 30.0 and earlier are affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed. | ||||
| CVE-2026-25848 | 1 Jetbrains | 1 Hub | 2026-02-26 | 9.1 Critical |
| In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible | ||||
| CVE-2026-21281 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2026-02-26 | 7.8 High |
| InCopy versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-26207 | 2026-02-26 | 5.4 Medium | ||
| Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, `discourse-policy` plugin allows any authenticated user to interact with policies on posts they do not have permission to view. The `PolicyController` loads posts by ID without verifying the current user's access, enabling policy group members to accept/unaccept policies on posts in private categories or PMs they cannot see and any authenticated user to enumerate which post IDs have policies attached via differentiated error responses (information disclosure). The issue is patched in versions 2025.12.2, 2026.1.1, and 2026.2.0 by adding a `guardian.can_see?(@post)` check in the `set_post` before_action, ensuring post visibility is verified before any policy action is processed. As a workaround, disabling the discourse-policy plugin (`policy_enabled = false`) eliminates the vulnerability. There is no other workaround without upgrading. | ||||
| CVE-2026-21419 | 1 Dell | 1 Display And Peripheral Manager | 2026-02-26 | 6.6 Medium |
| Dell Display and Peripheral Manager (Windows) versions prior to 2.2 contain an Improper Link Resolution Before File Access ('Link Following') vulnerability in the Installer and Service. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges | ||||
| CVE-2026-21283 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2026-02-26 | 7.8 High |
| Bridge versions 15.1.2, 16.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-0488 | 2 Sap, Sap Se | 4 Netweaver Application Server Abap, S\/4hana, Webclient Ui Framework and 1 more | 2026-02-26 | 9.9 Critical |
| An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impact on confidentiality, integrity, and availability. | ||||
| CVE-2026-21305 | 1 Adobe | 1 Substance 3d Painter | 2026-02-26 | 7.8 High |
| Substance3D - Painter versions 11.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-0508 | 2 Sap, Sap Se | 2 Businessobjects Business Intelligence Platform, Sap Business Objects Business Intgelligence Platform | 2026-02-26 | 7.3 High |
| The SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker with high privileges to insert malicious URL within the application. Upon successful exploitation, the victim may click on this malicious URL, resulting in an unvalidated redirect to the attacker-controlled domain and subsequently download the malicious content. This vulnerability has a high impact on the confidentiality and integrity of the application, with no effect on the availability of the application. | ||||
| CVE-2026-21287 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2026-02-26 | 7.8 High |
| Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-23687 | 2 Sap, Sap Se | 2 Sap Basis, Sap Netweaver And Abap Platform | 2026-02-26 | 8.8 High |
| SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive user data and potential disruption of normal system usage. | ||||
| CVE-2023-6549 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2026-02-26 | 8.2 High |
| Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read | ||||