Export limit exceeded: 335552 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 74807 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74807 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-8747 | 1 Keras | 1 Keras | 2026-02-26 | 7.8 High |
| A safe mode bypass vulnerability in the `Model.load_model` method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted `.keras` model archive. | ||||
| CVE-2025-9817 | 1 Wireshark | 1 Wireshark | 2026-02-26 | 7.8 High |
| SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service | ||||
| CVE-2025-9866 | 1 Google | 1 Chrome | 2026-02-26 | 8.8 High |
| Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-42951 | 1 Sap | 1 Business One | 2026-02-26 | 8.8 High |
| Due to broken authorization, SAP Business One (SLD) allows an authenticated attacker to gain administrator privileges of a database by invoking the corresponding API.�As a result , it has a high impact on the confidentiality, integrity, and availability of the application. | ||||
| CVE-2025-36891 | 1 Google | 1 Android | 2026-02-26 | 8.8 High |
| Elevation of privilege | ||||
| CVE-2025-36898 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| There is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36899 | 1 Google | 1 Android | 2026-02-26 | 8.4 High |
| There is a possible escalation of privilege due to test/debugging code left in a production build. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-8296 | 1 Ivanti | 1 Avalanche | 2026-02-26 | 7.2 High |
| SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this can also lead to remote code execution | ||||
| CVE-2025-8297 | 1 Ivanti | 1 Avalanche | 2026-02-26 | 7.2 High |
| Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution | ||||
| CVE-2025-36901 | 1 Google | 2 Android, Pixel | 2026-02-26 | 8.8 High |
| WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396462223. | ||||
| CVE-2025-36903 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In lwis_io_buffer_write, there is a possible OOB read/write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36905 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In gxp_mapping_create of gxp_mapping.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-20037 | 1 Intel | 1 Converged Security And Management Engine | 2026-02-26 | 7.2 High |
| Time-of-check time-of-use race condition in firmware for some Intel(R) Converged Security and Management Engine may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-36906 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In ConvertReductionOp of darwinn_mlir_converter_aidl.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36907 | 1 Google | 1 Android | 2026-02-26 | 7.3 High |
| In draw_surface_image() of abl/android/lib/draw/draw.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege via USB fastboot, after a bootloader unlock, with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2025-20053 | 1 Intel | 3 Processor, Xeon, Xeon Processors | 2026-02-26 | 7.2 High |
| Improper buffer restrictions for some Intel(R) Xeon(R) Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-56190 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In wl_update_hidden_ap_ie() of wl_cfgscan.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-20074 | 1 Intel | 1 Connectivity Performance Suite | 2026-02-26 | 7.8 High |
| Time-of-check Time-of-use race condition for some Intel(R) Connectivity Performance Suite software installers before version 40.24.11210 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-36887 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In wl_cfgscan_update_v3_schedscan_results() of wl_cfgscan.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-7388 | 1 Progress | 2 Openedge, Progress | 2026-02-26 | 8.4 High |
| It was possible to perform Remote Command Execution (RCE) via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated authority of the AdminServer process. An RMI interface permitted manipulation of a configuration property with inadequate input validation leading to OS command injection. | ||||