Export limit exceeded: 15132 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 41604 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (41604 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-20700 | 1 Apple | 7 Ios And Ipados, Ipados, Iphone Os and 4 more | 2026-02-26 | 7.8 High |
| A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report. | ||||
| CVE-2026-2004 | 1 Postgresql | 1 Postgresql | 2026-02-26 | 8.8 High |
| Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected. | ||||
| CVE-2026-2005 | 1 Postgresql | 1 Postgresql | 2026-02-26 | 8.8 High |
| Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected. | ||||
| CVE-2026-2006 | 1 Postgresql | 1 Postgresql | 2026-02-26 | 8.8 High |
| Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected. | ||||
| CVE-2025-52533 | 1 Amd | 36 Amd Ryzen™ Embedded V1000 Series Processors (formerly Codenamed , Athlon 3000 Series Mobile Processors With Radeon Graphics, Epyc 7001 Series Processors and 33 more | 2026-02-26 | N/A |
| Improper Access Control in an on-chip debug interface could allow a privileged attacker to enable a debug interface and potentially compromise data confidentiality or integrity. | ||||
| CVE-2024-36319 | 1 Amd | 14 Instinct Mi300a, Instinct Mi300x, Instinct Mi308x and 11 more | 2026-02-26 | N/A |
| Debug code left active in AMD's Video Decoder Engine Firmware (VCN FW) could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity and availabilability of the system. | ||||
| CVE-2026-2648 | 1 Google | 1 Chrome | 2026-02-26 | 8.8 High |
| Heap buffer overflow in PDFium in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file. (Chromium security severity: High) | ||||
| CVE-2026-2650 | 1 Google | 1 Chrome | 2026-02-26 | 8.8 High |
| Heap buffer overflow in Media in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-30411 | 1 Acronis | 2 Acronis Cyber Protect 15, Acronis Cyber Protect 16 | 2026-02-26 | N/A |
| Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800. | ||||
| CVE-2025-30412 | 1 Acronis | 2 Acronis Cyber Protect 15, Acronis Cyber Protect 16 | 2026-02-26 | N/A |
| Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800. | ||||
| CVE-2026-0797 | 1 Gimp | 1 Gimp | 2026-02-26 | 8.8 High |
| GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28599. | ||||
| CVE-2026-2047 | 1 Gimp | 1 Gimp | 2026-02-26 | 7.8 High |
| GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICNS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28530. | ||||
| CVE-2026-3061 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-26 | 8.8 High |
| Out of bounds read in Media in Google Chrome prior to 145.0.7632.116 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-3062 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-26 | 8.8 High |
| Out of bounds read and write in Tint in Google Chrome on Mac prior to 145.0.7632.116 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-3203 | 1 Wireshark | 1 Wireshark | 2026-02-26 | 5.5 Medium |
| RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service | ||||
| CVE-2026-24481 | 1 Imagemagick | 1 Imagemagick | 2026-02-26 | 7.5 High |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap information disclosure vulnerability exists in ImageMagick's PSD (Adobe Photoshop) format handler. When processing a maliciously crafted PSD file containing ZIP-compressed layer data that decompresses to less than the expected size, uninitialized heap memory is leaked into the output image. Versions 7.1.2-15 and 6.9.13-40 contain a patch. | ||||
| CVE-2026-3167 | 1 Tenda | 2 F453, F453 Firmware | 2026-02-26 | 8.8 High |
| A security flaw has been discovered in Tenda F453 1.0.0.3. The impacted element is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component httpd. Performing a manipulation of the argument webSiteId results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-3168 | 1 Tenda | 2 F453, F453 Firmware | 2026-02-26 | 8.8 High |
| A weakness has been identified in Tenda F453 1.0.0.3. This affects the function fromNatStaticSetting of the file /goform/NatStaticSetting of the component httpd. Executing a manipulation of the argument page can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-3169 | 1 Tenda | 2 F453, F453 Firmware | 2026-02-26 | 8.8 High |
| A security vulnerability has been detected in Tenda F453 1.0.0.3. This impacts the function fromSafeEmailFilter of the file /goform/SafeEmailFilter of the component httpd. The manipulation of the argument page leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-14104 | 1 Redhat | 5 Ceph Storage, Enterprise Linux, Insights Proxy and 2 more | 2026-02-26 | 6.1 Medium |
| A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database. | ||||