Export limit exceeded: 334864 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 334864 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 334864 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334864 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-43314 | 1 Zyxel | 2 Pmg2005-t20b, Pmg2005-t20b Firmware | 2026-02-25 | 7.5 High |
| ** UNSUPPORTED WHEN ASSIGNED **The buffer overflow vulnerability in the Zyxel PMG2005-T20B firmware version V1.00(ABNK.2)b11_C0 could allow an unauthenticated attacker to cause a denial of service condition via a crafted uid. | ||||
| CVE-2023-40283 | 4 Canonical, Debian, Linux and 1 more | 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more | 2026-02-25 | 7.8 High |
| An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled. | ||||
| CVE-2023-40238 | 2 Fujitsu, Insyde | 373 Celsius C780, Celsius C780 Firmware, Celsius H5511 and 370 more | 2026-02-25 | 5.5 Medium |
| A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address during the DXE phase of UEFI execution. This occurs because of an integer signedness error involving PixelHeight and PixelWidth during RLE4/RLE8 compression. | ||||
| CVE-2023-39975 | 2 Mit, Redhat | 2 Kerberos 5, Enterprise Linux | 2026-02-25 | 8.8 High |
| kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another. | ||||
| CVE-2023-2976 | 2 Google, Redhat | 10 Guava, Amq Broker, Amq Streams and 7 more | 2026-02-25 | 5.5 Medium |
| Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows. | ||||
| CVE-2023-22522 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2026-02-25 | 8.8 High |
| This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve Remote Code Execution (RCE) on an affected instance. Publicly accessible Confluence Data Center and Server versions as listed below are at risk and require immediate attention. See the advisory for additional details Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. | ||||
| CVE-2022-41704 | 3 Apache, Debian, Redhat | 4 Batik, Debian Linux, Camel Spring Boot and 1 more | 2026-02-25 | 7.5 High |
| A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16. | ||||
| CVE-2021-43113 | 2 Debian, Itextpdf | 2 Debian Linux, Itext | 2026-02-25 | 9.8 Critical |
| iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java. | ||||
| CVE-2021-3347 | 4 Debian, Fedoraproject, Linux and 1 more | 10 Debian Linux, Fedora, Linux Kernel and 7 more | 2026-02-25 | 7.8 High |
| An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458. | ||||
| CVE-2021-0642 | 1 Google | 1 Android | 2026-02-25 | 5.5 Medium |
| In onResume of VoicemailSettingsFragment.java, there is a possible way to retrieve a trackable identifier without permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-185126149 | ||||
| CVE-2021-0641 | 1 Google | 1 Android | 2026-02-25 | 5.5 Medium |
| In getAvailableSubscriptionInfoList of SubscriptionController.java, there is a possible disclosure of unique identifiers due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-185235454 | ||||
| CVE-2021-0584 | 1 Google | 1 Android | 2026-02-25 | 5.5 Medium |
| In verifyBufferObject of Parcel.cpp, there is a possible out of bounds read due to an improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-179289794 | ||||
| CVE-2020-14381 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-02-25 | 7.8 High |
| A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | ||||
| CVE-2026-2952 | 1 Vaelsys | 1 Vaelsys | 2026-02-25 | 7.3 High |
| A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/tree_server.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxargs causes os command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-12343 | 2026-02-25 | 3.3 Low | ||
| A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backend_tf.c source file. The issue occurs in the dnn_execute_model_tf() function, where a task object is freed multiple times in certain error-handling paths. This redundant memory deallocation can lead to a double-free condition, potentially causing FFmpeg or any application using it to crash when processing TensorFlow-based DNN models. This results in a denial-of-service scenario but does not allow arbitrary code execution under normal conditions. | ||||
| CVE-2025-11847 | 1 Zyxel | 108 Ax7501-b1, Ax7501-b1 Firmware, Dx3300-t0 and 105 more | 2026-02-25 | 4.9 Medium |
| A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request. | ||||
| CVE-2026-20122 | 2026-02-25 | 5.4 Medium | ||
| A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges. | ||||
| CVE-2025-11846 | 1 Zyxel | 108 Ax7501-b1, Ax7501-b1 Firmware, Dx3300-t0 and 105 more | 2026-02-25 | 4.9 Medium |
| A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request. | ||||
| CVE-2025-13943 | 1 Zyxel | 104 Am7510-00, Am7510-00 Firmware, Ax7501-b1 and 101 more | 2026-02-25 | 8.8 High |
| A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware versions through 5.50(ABVY.7)C0 could allow an authenticated attacker to execute operating system (OS) commands on an affected device. | ||||
| CVE-2025-13942 | 1 Zyxel | 36 Dx4510-b0, Dx4510-b0 Firmware, Dx4510-b1 and 33 more | 2026-02-25 | 9.8 Critical |
| A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP requests. | ||||