Export limit exceeded: 334978 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334978 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-0537 | 1 Autodesk | 1 3ds Max | 2026-02-26 | 7.8 High |
| A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2026-20931 | 1 Microsoft | 23 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 20 more | 2026-02-26 | 8 High |
| External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network. | ||||
| CVE-2026-0661 | 1 Autodesk | 1 3ds Max | 2026-02-26 | 7.8 High |
| A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2026-20948 | 1 Microsoft | 13 365 Apps, Office, Office 2019 and 10 more | 2026-02-26 | 7.8 High |
| Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-0660 | 1 Autodesk | 1 3ds Max | 2026-02-26 | 7.8 High |
| A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2026-20949 | 1 Microsoft | 6 365 Apps, Office 2021, Office 2024 and 3 more | 2026-02-26 | 7.8 High |
| Improper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2026-0662 | 1 Autodesk | 1 3ds Max | 2026-02-26 | 7.8 High |
| A maliciously crafted project directory, when opening a max file in Autodesk 3ds Max, could lead to execution of arbitrary code in the context of the current process due to an Untrusted Search Path being utilized. | ||||
| CVE-2026-20950 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-02-26 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-0536 | 1 Autodesk | 1 3ds Max | 2026-02-26 | 7.8 High |
| A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2026-20952 | 1 Microsoft | 9 365 Apps, Office, Office 2016 and 6 more | 2026-02-26 | 8.4 High |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-11730 | 1 Zyxel | 4 Atp Series Firmware, Usg20(w)-vpn Series Firmware, Usg Flex 50(w) Series Firmware and 1 more | 2026-02-26 | 7.2 High |
| A post‑authentication command injection vulnerability in the Dynamic DNS (DDNS) configuration CLI command in Zyxel ATP series firmware versions from V5.35 through V5.41, USG FLEX series firmware versions from V5.35 through V5.41, USG FLEX 50(W) series firmware versions from V5.35 through V5.41, and USG20(W)-VPN series firmware versions from V5.35 through V5.41 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on an affected device by supplying a specially crafted string as an argument to the CLI command. | ||||
| CVE-2026-20957 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-02-26 | 7.8 High |
| Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2024-1709 | 1 Connectwise | 1 Screenconnect | 2026-02-26 | 10 Critical |
| ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems. | ||||
| CVE-2025-13379 | 1 Ibm | 1 Aspera Console | 2026-02-26 | 8.6 High |
| IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. | ||||
| CVE-2026-20941 | 1 Microsoft | 5 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 2 more | 2026-02-26 | 7.8 High |
| Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-1707 | 1 Pgadmin | 1 Pgadmin 4 | 2026-02-26 | 7.4 High |
| pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract the `\restrict` key in real time, and race the restore process by overwriting the restore script with a payload that re-enables meta-commands using `\unrestrict <key>`. This results in reliable command execution on the pgAdmin host during the restore operation. | ||||
| CVE-2026-21268 | 3 Adobe, Apple, Microsoft | 3 Dreamweaver, Macos, Windows | 2026-02-26 | 8.6 High |
| Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed. | ||||
| CVE-2026-0106 | 1 Google | 1 Android | 2026-02-26 | 9.3 Critical |
| In vpu_mmap of vpu_ioctl, there is a possible arbitrary address mmap due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-21272 | 3 Adobe, Apple, Microsoft | 3 Dreamweaver, Macos, Windows | 2026-02-26 | 8.6 High |
| Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could leverage this vulnerability to manipulate or inject malicious data into files on the system. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed. | ||||
| CVE-2026-24302 | 1 Microsoft | 1 Azure Arc | 2026-02-26 | 8.6 High |
| Azure Arc Elevation of Privilege Vulnerability | ||||