Export limit exceeded: 76324 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76324 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-10882 | 1 Autodesk | 16 3ds Max, Advance Steel, Autocad and 13 more | 2026-02-26 | 7.8 High |
| AA maliciously crafted X_T file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | ||||
| CVE-2025-10883 | 1 Autodesk | 16 3ds Max, Advance Steel, Autocad and 13 more | 2026-02-26 | 7.8 High |
| A maliciously crafted CATPRODUCT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2025-10884 | 1 Autodesk | 16 3ds Max, Advance Steel, Autocad and 13 more | 2026-02-26 | 7.8 High |
| AA maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | ||||
| CVE-2025-10886 | 1 Autodesk | 16 3ds Max, Advance Steel, Autocad and 13 more | 2026-02-26 | 7.8 High |
| A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2025-10887 | 1 Autodesk | 16 3ds Max, Advance Steel, Autocad and 13 more | 2026-02-26 | 7.8 High |
| A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2025-10888 | 1 Autodesk | 16 3ds Max, Advance Steel, Autocad and 13 more | 2026-02-26 | 7.8 High |
| AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | ||||
| CVE-2025-10889 | 1 Autodesk | 16 3ds Max, Advance Steel, Autocad and 13 more | 2026-02-26 | 7.8 High |
| A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2025-10898 | 1 Autodesk | 16 3ds Max, Advance Steel, Autocad and 13 more | 2026-02-26 | 7.8 High |
| AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | ||||
| CVE-2025-10899 | 1 Autodesk | 16 3ds Max, Advance Steel, Autocad and 13 more | 2026-02-26 | 7.8 High |
| AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | ||||
| CVE-2025-10900 | 1 Autodesk | 16 3ds Max, Advance Steel, Autocad and 13 more | 2026-02-26 | 7.8 High |
| AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | ||||
| CVE-2025-67722 | 2 Freepbx, Sangoma | 2 Freepbx, Freepbx | 2026-02-26 | 7.8 High |
| FreePBX is an open-source web-based graphical user interface (GUI) that manages Asterisk. Prior to versions 16.0.45 and 17.0.24 of the FreePBX framework, an authenticated local privilege escalation exists in the deprecated FreePBX startup script `amportal`. In the deprecated `amportal` utility, the lookup for the `freepbx_engine` file occurs in `/etc/asterisk/` directories. Typically, these are configured by FreePBX as writable by the **asterisk** user and any members of the **asterisk** group. This means that a member of the **asterisk** group can add their own `freepbx_engine` file in `/etc/asterisk/` and upon `amportal` executing, it would exec that file with root permissions (even though the file was created and placed by a non-root user). Version 16.0.45 and 17.0.24 contain a fix for the issue. Other mitigation strategies are also available. Confirm only trusted local OS system users are members of the `asterisk` group. Look for suspicious files in the `/etc/asterisk/` directory (via Admin -> Config Edit in the GUI, or via CLI). Double-check that `live_dangerously = no` is set (or unconfigured, as the default is **no**) in `/etc/asterisk/asterisk.conf` file. Eliminate any unsafe custom use of Asterisk dial plan applications and functions that potentially can manipulate the file system, e.g., System(), FILE(), etc. | ||||
| CVE-2025-67736 | 2 Freepbx, Sangoma | 2 Freepbx, Freepbx | 2026-02-26 | 7.2 High |
| The FreePBX module tts (Text to Speech) for FreePBX, an open-source web-based graphical user interface (GUI) that manages Asterisk. Versions prior to 16.0.5 and 17.0.5 are vulnerable to SQL injection by authenticated users with administrator access. Authenticated users with administrative access to the Administrator Control Panel (ACP) can leverage this SQL injection vulnerability to extract sensitive information from the database and execute code on the system as the `asterisk` user with chained elevation to `root` privileges. Users should upgrade to version 16.0.5 or 17.0.5 to receive a fix. | ||||
| CVE-2025-33189 | 1 Nvidia | 3 Dgx, Dgx Os, Dgx Spark | 2026-02-26 | 7.8 High |
| NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an out-of-bound write. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, information disclosure, or escalation of privileges. | ||||
| CVE-2025-33212 | 1 Nvidia | 1 Nemo | 2026-02-26 | 7.3 High |
| NVIDIA NeMo Framework contains a vulnerability in model loading that could allow an attacker to exploit improper control mechanisms if a user loads a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and data tampering. | ||||
| CVE-2025-33226 | 1 Nvidia | 1 Nemo | 2026-02-26 | 7.8 High |
| NVIDIA NeMo Framework for all platforms contains a vulnerability where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2025-14765 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-26 | 8.8 High |
| Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-14766 | 4 Apple, Google, Linux and 1 more | 5 Macos, Chrome, V8 and 2 more | 2026-02-26 | 8.8 High |
| Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-33204 | 1 Nvidia | 1 Nemo | 2026-02-26 | 7.8 High |
| NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2025-14727 | 1 F5 | 1 Nginx Ingress Controller | 2026-02-26 | 8.3 High |
| A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-33205 | 1 Nvidia | 1 Nemo | 2026-02-26 | 7.3 High |
| NVIDIA NeMo framework contains a vulnerability in a predefined variable, where an attacker could cause inclusion of functionality from an untrusted control sphere by use of a predefined variable. A successful exploit of this vulnerability may lead to code execution. | ||||