Export limit exceeded: 76324 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76324 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-2795 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-02-26 | 8.8 High |
| Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148. | ||||
| CVE-2026-25747 | 1 Apache | 1 Camel | 2026-02-26 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. An attacker who can write to the LevelDB database files used by a Camel application can inject a crafted serialized Java object that, when deserialized during normal aggregation repository operations, results in arbitrary code execution in the context of the application. This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.5, from 4.15.0 before 4.18.0. Users are recommended to upgrade to version 4.18.0, which fixes the issue. For the 4.10.x LTS releases, users are recommended to upgrade to 4.10.9, while for 4.14.x LTS releases, users are recommended to upgrade to 4.14.5 | ||||
| CVE-2026-24869 | 1 Mozilla | 1 Firefox | 2026-02-26 | 8.8 High |
| Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability affects Firefox < 147.0.2. | ||||
| CVE-2026-21721 | 1 Grafana | 2 Grafana, Grafana Enterprise | 2026-02-26 | 8.1 High |
| The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions:* action. As a result, a user who has permission management rights on one dashboard can read and modify permissions on other dashboards. This is an organization‑internal privilege escalation. | ||||
| CVE-2026-1707 | 1 Pgadmin | 1 Pgadmin 4 | 2026-02-26 | 7.4 High |
| pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract the `\restrict` key in real time, and race the restore process by overwriting the restore script with a payload that re-enables meta-commands using `\unrestrict <key>`. This results in reliable command execution on the pgAdmin host during the restore operation. | ||||
| CVE-2025-67433 | 1 Open Tftp Server | 1 Open Tftp Server Multithreaded | 2026-02-26 | 7.5 High |
| A heap buffer overflow in the processRequest function of Open TFTP Server MultiThreaded v1.7 allows attackers to cause a Denial of Service (DoS) via a crafted DATA packet. | ||||
| CVE-2025-37166 | 1 Hpe | 1 Aruba Instant On | 2026-02-26 | 7.5 High |
| A vulnerability affecting HPE Networking Instant On Access Points has been identified where a device processing a specially crafted packet could enter a non-responsive state, in some cases requiring a hard reset to re-establish services. A malicious actor could leverage this vulnerability to conduct a Denial-of-Service attack on a target network. | ||||
| CVE-2025-12007 | 1 Supermicro | 1 Mbd-x13sem-f | 2026-02-26 | 8.4 High |
| There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image. | ||||
| CVE-2024-32902 | 1 Google | 1 Android | 2026-02-26 | 7.5 High |
| Remote prevention of access to cellular service with no user interaction (for example, crashing the cellular radio service with a malformed packet) | ||||
| CVE-2024-22795 | 1 Forescout | 1 Secureconnector | 2026-02-26 | 7 High |
| Insecure Permissions vulnerability in Forescout SecureConnector v.11.3.06.0063 allows a local attacker to escalate privileges via the Recheck Compliance Status component. | ||||
| CVE-2019-25363 | 2 Allok Soft, Alloksoft | 2 Wmv To Avi Mpeg Dvd Wmv Convertor, Wmv To Avi Mpeg Dvd Wmv Convertor | 2026-02-26 | 7.5 High |
| WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to crash the application by providing an oversized license input. Attackers can generate a 6000-byte payload and paste it into the 'License Name and License Code' field to trigger an application crash. | ||||
| CVE-2026-24129 | 1 Runtipi | 1 Runtipi | 2026-02-26 | 8.1 High |
| Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server by injecting shell metacharacters into backup filenames. The BackupManager fails to sanitize the filenames of uploaded backups. The system persists user-uploaded files directly to the host filesystem using the raw originalname provided in the request. This allows an attacker to stage a file containing shell metacharacters (e.g., $(id).tar.gz) at a predictable path, which is later referenced during the restore process. The successful storage of the file is what allows the subsequent restore command to reference and execute it. This issue has been fixed in version 4.7.0. | ||||
| CVE-2026-25116 | 1 Runtipi | 1 Runtipi | 2026-02-26 | 7.6 High |
| Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the `UserConfigController` allows any remote user to overwrite the system's `docker-compose.yml` configuration file. By exploiting insecure URN parsing, an attacker can replace the primary stack configuration with a malicious one, resulting in full Remote Code Execution (RCE) and host filesystem compromise the next time the instance is restarted by the operator. Version 4.7.2 fixes the vulnerability. | ||||
| CVE-2026-25967 | 1 Imagemagick | 1 Imagemagick | 2026-02-26 | 7.4 High |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow exists in the ImageMagick FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading to a crash. Version 7.1.2-15 contains a patch. | ||||
| CVE-2026-25968 | 1 Imagemagick | 1 Imagemagick | 2026-02-26 | 7.4 High |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a stack buffer overflow occurs when processing the an attribute in msl.c. A long value overflows a fixed-size stack buffer, leading to memory corruption. Versions 7.1.2-15 and 6.9.13-40 contain a patch. | ||||
| CVE-2026-2803 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-02-26 | 7.5 High |
| Information disclosure, mitigation bypass in the Settings UI component. This vulnerability affects Firefox < 148 and Thunderbird < 148. | ||||
| CVE-2026-2801 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-02-26 | 7.5 High |
| Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148. | ||||
| CVE-2026-2790 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-02-26 | 8.8 High |
| Same-origin policy bypass in the Networking: JAR component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | ||||
| CVE-2026-2781 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-02-26 | 8.8 High |
| Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | ||||
| CVE-2026-2767 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-02-26 | 8.8 High |
| Use-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | ||||