Export limit exceeded: 41588 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (41588 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-7775 | 2 Citrix, Netscaler | 4 Netscaler Application Delivery Controller, Netscaler Gateway, Adc and 1 more | 2026-02-26 | 9.8 Critical |
| Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers (OR) CR virtual server with type HDX | ||||
| CVE-2025-8424 | 1 Netscaler | 2 Adc, Gateway | 2026-02-26 | N/A |
| Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access | ||||
| CVE-2025-57803 | 1 Imagemagick | 1 Imagemagick | 2026-02-26 | 7.5 High |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2 for ImageMagick's 32-bit build, a 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses bytes_per_line (stride) to a tiny value while the per-row writer still emits 3 × width bytes for 24-bpp images. The row base pointer advances using the (overflowed) stride, so the first row immediately writes past its slot and into adjacent heap memory with attacker-controlled bytes. This is a classic, powerful primitive for heap corruption in common auto-convert pipelines. This issue has been patched in versions 6.9.13-28 and 7.1.2-2. | ||||
| CVE-2025-47317 | 1 Qualcomm | 107 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 104 more | 2026-02-26 | 7.8 High |
| Memory corruption due to global buffer overflow when a test command uses an invalid payload type. | ||||
| CVE-2025-27053 | 1 Qualcomm | 639 215 Mobile Platform, 215 Mobile Platform Firmware, 315 5g Iot Modem and 636 more | 2026-02-26 | 7.8 High |
| Memory corruption during PlayReady APP usecase while processing TA commands. | ||||
| CVE-2025-10502 | 4 Apple, Google, Linux and 1 more | 5 Macos, Angle, Chrome and 2 more | 2026-02-26 | 8.8 High |
| Heap buffer overflow in ANGLE in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High) | ||||
| CVE-2025-10892 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-26 | 8.8 High |
| Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-47341 | 1 Qualcomm | 63 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 60 more | 2026-02-26 | 7.8 High |
| memory corruption while processing an image encoding completion event. | ||||
| CVE-2025-47347 | 2 Qnx, Qualcomm | 76 Qnx, Qam8255p, Qam8255p Firmware and 73 more | 2026-02-26 | 7.8 High |
| Memory corruption while processing control commands in the virtual memory management interface. | ||||
| CVE-2025-20352 | 1 Cisco | 4 Ios, Ios Xe, Ios Xe Sd-wan and 1 more | 2026-02-26 | 7.7 High |
| A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the following: An authenticated, remote attacker with low privileges could cause a denial of service (DoS) condition on an affected device that is running Cisco IOS Software or Cisco IOS XE Software. To cause the DoS, the attacker must have the SNMPv2c or earlier read-only community string or valid SNMPv3 user credentials. An authenticated, remote attacker with high privileges could execute code as the root user on an affected device that is running Cisco IOS XE Software. To execute code as the root user, the attacker must have the SNMPv1 or v2c read-only community string or valid SNMPv3 user credentials and administrative or privilege 15 credentials on the affected device. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device over IPv4 or IPv6 networks. This vulnerability is due to a stack overflow condition in the SNMP subsystem of the affected software. A successful exploit could allow a low-privileged attacker to cause the affected system to reload, resulting in a DoS condition, or allow a high-privileged attacker to execute arbitrary code as the root user and obtain full control of the affected system. Note: This vulnerability affects all versions of SNMP. | ||||
| CVE-2025-47351 | 1 Qualcomm | 57 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 54 more | 2026-02-26 | 7.8 High |
| Memory corruption while processing user buffers. | ||||
| CVE-2025-20338 | 1 Cisco | 2 Ios Xe, Ios Xe Software | 2026-02-26 | 6 Medium |
| A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by logging in to the device CLI with valid administrative (level 15) credentials and using crafted commands at the CLI prompt. A successful exploit could allow the attacker to execute arbitrary commands as root. | ||||
| CVE-2025-59251 | 1 Microsoft | 1 Edge Chromium | 2026-02-26 | 7.6 High |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||||
| CVE-2025-20333 | 1 Cisco | 3 Adaptive Security Appliance Software, Firepower Threat Defense, Firepower Threat Defense Software | 2026-02-26 | 9.9 Critical |
| A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker with valid VPN user credentials could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of the affected device. | ||||
| CVE-2025-20363 | 1 Cisco | 9 Adaptive Security Appliance Software, Asr 9001, Firepower Threat Defense and 6 more | 2026-02-26 | 9 Critical |
| A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, remote attacker (Cisco ASA and FTD Software) or authenticated, remote attacker (Cisco IOS, IOS XE, and IOS XR Software) with low user privileges to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web service on an affected device after obtaining additional information about the system, overcoming exploit mitigations, or both. A successful exploit could allow the attacker to execute arbitrary code as root, which may lead to the complete compromise of the affected device. For more information about this vulnerability, see the Details ["#details"] section of this advisory. | ||||
| CVE-2025-34523 | 1 Arcserve | 1 Udp | 2026-02-26 | 9.8 Critical |
| A heap-based buffer overflow vulnerability exists in the exists in the network-facing input handling routines of Arcserve Unified Data Protection (UDP). This flaw is reachable without authentication and results from improper bounds checking when processing attacker-controlled input. By sending specially crafted data, a remote attacker can corrupt heap memory, potentially causing a denial of service or enabling arbitrary code execution depending on the memory layout and exploitation techniques used. This vulnerability is similar in nature to CVE-2025-34522 but affects a separate code path or component. No user interaction is required, and exploitation occurs in the context of the vulnerable process. This vulnerability affects all UDP versions prior to 10.2. UDP 10.2 includes the necessary patches and requires no action. Versions 8.0 through 10.1 are supported and require either patch application or upgrade to 10.2. Versions 7.x and earlier are unsupported or out of maintenance and must be upgraded to 10.2 to remediate the issue. | ||||
| CVE-2025-34522 | 1 Arcserve | 1 Udp | 2026-02-26 | 9.8 Critical |
| A heap-based buffer overflow vulnerability exists in the input parsing logic of Arcserve Unified Data Protection (UDP). This flaw can be triggered without authentication by sending specially crafted input to the target system. Improper bounds checking allows an attacker to overwrite heap memory, potentially leading to application crashes or remote code execution. Exploitation occurs in the context of the affected process and does not require user interaction. The vulnerability poses a high risk due to its pre-authentication nature and potential for full compromise. This vulnerability affects all UDP versions prior to 10.2. UDP 10.2 includes the necessary patches and requires no action. Versions 8.0 through 10.1 are supported and require either patch application or upgrade to 10.2. Versions 7.x and earlier are unsupported or out of maintenance and must be upgraded to 10.2 to remediate the issue. | ||||
| CVE-2025-7493 | 1 Redhat | 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more | 2026-02-26 | 9.1 Critical |
| A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA still does not validate the root@REALM canonical name, which can also be used as the realm administrator's name. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration. | ||||
| CVE-2025-6034 | 1 Ni | 1 Circuit Design Suite | 2026-02-26 | 7.8 High |
| There is a memory corruption vulnerability due to an out of bounds read in DefaultFontOptions() when using SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.1 and prior versions. | ||||
| CVE-2025-37729 | 1 Elastic | 1 Elastic Cloud Enterprise | 2026-02-26 | 9.1 Critical |
| Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise (ECE) can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated. | ||||