Export limit exceeded: 335034 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335034 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-12009 | 1 Zyxel | 76 Ax7501-b0, Ax7501-b0 Firmware, Ax7501-b1 and 73 more | 2026-02-26 | 7.2 High |
| A post-authentication command injection vulnerability in the "ZyEE" function of the Zyxel EX5601-T1 firmware version V5.70(ACDZ.3.6)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. | ||||
| CVE-2024-12010 | 1 Zyxel | 82 Ax7501-b0, Ax7501-b0 Firmware, Ax7501-b1 and 79 more | 2026-02-26 | 7.2 High |
| A post-authentication command injection vulnerability in the ”zyUtilMailSend” function of the Zyxel AX7501-B1 firmware version V5.17(ABPC.5.3)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. | ||||
| CVE-2025-27363 | 3 Debian, Freetype, Redhat | 9 Debian Linux, Freetype, Enterprise Linux and 6 more | 2026-02-26 | 8.1 High |
| An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild. | ||||
| CVE-2024-54085 | 2 Ami, Netapp | 19 Megarac Sp-x, H300s, H300s Firmware and 16 more | 2026-02-26 | 9.8 Critical |
| AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | ||||
| CVE-2025-22454 | 1 Ivanti | 1 Secure Access Client | 2026-02-26 | 7.8 High |
| Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2023-40723 | 1 Fortinet | 1 Fortisiem | 2026-02-26 | 7.7 High |
| An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.4 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 and 6.3.0 through 6.3.3 and 6.2.0 through 6.2.1 and 6.1.0 through 6.1.2 and 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 allows attacker to execute unauthorized code or commands via api request. | ||||
| CVE-2024-45328 | 1 Fortinet | 1 Fortisandbox | 2026-02-26 | 7.1 High |
| An incorrect authorization vulnerability [CWE-863] in FortiSandbox 4.4.0 through 4.4.6 may allow a low priviledged administrator to execute elevated CLI commands via the GUI console menu. | ||||
| CVE-2024-52961 | 1 Fortinet | 1 Fortisandbox | 2026-02-26 | 8.6 High |
| An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0, FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2.1 through 4.2.7, FortiSandbox 4.0.0 through 4.0.5, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests. | ||||
| CVE-2024-46663 | 1 Fortinet | 1 Fortimail | 2026-02-26 | 6.5 Medium |
| A stack-buffer overflow vulnerability [CWE-121] in Fortinet FortiMail CLI version 7.6.0 through 7.6.1 and before 7.4.3 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI commands. | ||||
| CVE-2024-45324 | 1 Fortinet | 5 Fortios, Fortipam, Fortiproxy and 2 more | 2026-02-26 | 7 High |
| A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attacker to execute unauthorized code or commands via specially crafted HTTP or HTTPS commands. | ||||
| CVE-2023-37933 | 1 Fortinet | 1 Fortiadc | 2026-02-26 | 8.6 High |
| An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC GUI version 7.4.0, 7.2.0 through 7.2.1 and before 7.1.3 allows an authenticated attacker to perform an XSS attack via crafted HTTP or HTTPs requests. | ||||
| CVE-2024-54018 | 1 Fortinet | 1 Fortisandbox | 2026-02-26 | 6.5 Medium |
| Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox before 4.4.5 allows a privileged attacker to execute unauthorized commands via crafted requests. | ||||
| CVE-2024-32123 | 1 Fortinet | 3 Fortianalyzer, Fortianalyzer Big Data, Fortimanager | 2026-02-26 | 6.5 Medium |
| Multiple improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 and 5.6.0 through 5.6.11 and 5.4.0 through 5.4.7 and 5.2.0 through 5.2.10 and 5.0.0 through 5.0.12 and 4.3.4 through 4.3.8 allows attacker to execute unauthorized code or commands via crafted CLI requests. | ||||
| CVE-2025-27172 | 1 Adobe | 1 Substance 3d Designer | 2026-02-26 | 7.8 High |
| Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-21169 | 1 Adobe | 1 Substance 3d Designer | 2026-02-26 | 7.8 High |
| Substance3D - Designer versions 14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-26634 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2026-02-26 | 7.5 High |
| Heap-based buffer overflow in Windows Core Messaging allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-24983 | 1 Microsoft | 8 Windows 10 1507, Windows 10 1607, Windows Server 2008 and 5 more | 2026-02-26 | 7 High |
| Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-24984 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2026-02-26 | 4.6 Medium |
| Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack. | ||||
| CVE-2025-24985 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-26 | 7.8 High |
| Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-24991 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-26 | 5.5 Medium |
| Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally. | ||||