Export limit exceeded: 74723 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74723 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-4085 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-02-26 | 7.1 High |
| An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability affects Firefox < 138 and Thunderbird < 138. | ||||
| CVE-2025-5268 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2026-02-26 | 8.1 High |
| Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 139, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11. | ||||
| CVE-2025-36014 | 1 Ibm | 2 Integration Bus, Z\/os | 2026-02-26 | 8.2 High |
| IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable to code injection by a privileged user with access to the IIB install directory. | ||||
| CVE-2025-27700 | 1 Google | 1 Android | 2026-02-26 | 8.4 High |
| There is a possible bypass of carrier restrictions due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-5063 | 1 Google | 1 Chrome | 2026-02-26 | 8.8 High |
| Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-24338 | 2026-02-26 | 7.1 High | ||
| A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to execute arbitrary client-side code in the context of another user's browser via multiple crafted HTTP requests. | ||||
| CVE-2025-5280 | 1 Google | 1 Chrome | 2026-02-26 | 8.8 High |
| Out of bounds write in V8 in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-42953 | 1 Sap | 1 Netweaver | 2026-02-26 | 8.1 High |
| SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system. | ||||
| CVE-2025-24346 | 2026-02-26 | 7.5 High | ||
| A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to manipulate the “/etc/environment” file via a crafted HTTP request. | ||||
| CVE-2025-42959 | 2026-02-26 | 8.1 High | ||
| An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused in a replay attack against a different system. Even if the target system is fully patched, successful exploitation could result in complete system compromise, affecting confidentiality, integrity, and availability. | ||||
| CVE-2025-24351 | 2026-02-26 | 8.8 High | ||
| A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to execute arbitrary OS commands in the context of user “root” via a crafted HTTP request. | ||||
| CVE-2025-25251 | 1 Fortinet | 1 Forticlient | 2026-02-26 | 7.4 High |
| An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages. | ||||
| CVE-2025-48734 | 2 Apache, Redhat | 8 Commons Beanutils, Amq Streams, Apache Camel Spring Boot and 5 more | 2026-02-26 | 8.8 High |
| Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default. Releases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum’s class loader via the “declaredClass” property available on all Java “enum” objects. Accessing the enum’s “declaredClass” allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty(). Starting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the “declaredClass” property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user's guide and the unit tests. This issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.Users of the artifact commons-beanutils:commons-beanutils 1.x are recommended to upgrade to version 1.11.0, which fixes the issue. Users of the artifact org.apache.commons:commons-beanutils2 2.x are recommended to upgrade to version 2.0.0-M2, which fixes the issue. | ||||
| CVE-2025-2501 | 1 Lenovo | 2 Pc Manager, Pcmanager | 2026-02-26 | 7.8 High |
| An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges. | ||||
| CVE-2025-2502 | 1 Lenovo | 2 Pc Manager, Pcmanager | 2026-02-26 | 7.8 High |
| An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges. | ||||
| CVE-2025-21422 | 1 Qualcomm | 443 Aqt1000, Aqt1000 Firmware, Ar8035 and 440 more | 2026-02-26 | 7.1 High |
| Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses. | ||||
| CVE-2025-21432 | 1 Qualcomm | 493 Aqt1000, Aqt1000 Firmware, Ar8035 and 490 more | 2026-02-26 | 7.8 High |
| Memory corruption while retrieving the CBOR data from TA. | ||||
| CVE-2025-21444 | 1 Qualcomm | 54 Qam8255p, Qam8255p Firmware, Qam8295p and 51 more | 2026-02-26 | 7.8 High |
| Memory corruption while copying the result to the transmission queue in EMAC. | ||||
| CVE-2025-47971 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-26 | 7.8 High |
| Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2025-47985 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-26 | 7.8 High |
| Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally. | ||||