Export limit exceeded: 334968 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75335 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-13761 | 1 Gitlab | 1 Gitlab | 2026-02-26 | 8 High |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an unauthenticated user to execute arbitrary code in the context of an authenticated user's browser by convincing the legitimate user to visit a specially crafted webpage. | ||||
| CVE-2026-1283 | 1 Dassault | 1 Edrawings | 2026-02-26 | 7.8 High |
| A Heap-based Buffer Overflow vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file. | ||||
| CVE-2025-9222 | 1 Gitlab | 1 Gitlab | 2026-02-26 | 8.7 High |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to achieve stored cross-site scripting by exploiting GitLab Flavored Markdown. | ||||
| CVE-2026-1284 | 1 Dassault | 1 Edrawings | 2026-02-26 | 7.8 High |
| An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file. | ||||
| CVE-2026-21884 | 1 Shopify | 2 React-router, Remix-run\/react | 2026-02-26 | 8.2 High |
| React Router is a router for React. In @remix-run/react version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, a XSS vulnerability exists in in React Router's <ScrollRestoration> API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the keys. There is no impact if server-side rendering in Framework Mode is disabled, or if Declarative Mode (<BrowserRouter>) or Data Mode (createBrowserRouter/<RouterProvider>) is being used. This issue has been patched in @remix-run/react version 2.17.3 and react-router version 7.12.0. | ||||
| CVE-2026-22029 | 1 Shopify | 2 React-router, Remix-run\/react | 2026-02-26 | 8 High |
| React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect. There is no impact if Declarative Mode (<BrowserRouter>) is being used. This issue has been patched in @remix-run/router version 1.23.2 and react-router version 7.12.0. | ||||
| CVE-2026-24747 | 2 Linuxfoundation, Pytorch | 2 Pytorch, Pytorch | 2026-02-26 | 8.8 High |
| PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`.pth`) that, when loaded with `torch.load(..., weights_only=True)`, can corrupt memory and potentially lead to arbitrary code execution. Version 2.10.0 fixes the issue. | ||||
| CVE-2025-40536 | 1 Solarwinds | 1 Web Help Desk | 2026-02-26 | 8.1 High |
| SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality. | ||||
| CVE-2026-0492 | 1 Sap | 2 Hana, Hana Database | 2026-02-26 | 8.8 High |
| SAP HANA database is vulnerable to privilege escalation allowing an attacker with valid credentials of any user to switch to another user potentially gaining administrative access. This exploit could result in a total compromise of the system�s confidentiality, integrity, and availability. | ||||
| CVE-2025-40537 | 1 Solarwinds | 1 Web Help Desk | 2026-02-26 | 7.5 High |
| SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions. | ||||
| CVE-2026-0507 | 1 Sap | 5 Application Server, Netweaver, Netweaver Abap and 2 more | 2026-02-26 | 8.4 High |
| Due to an OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this content enables execution of arbitrary operating system commands. Successful exploitation could lead to full compromise of the system�s confidentiality, integrity, and availability. | ||||
| CVE-2026-0511 | 1 Sap | 1 Fiori | 2026-02-26 | 8.1 High |
| SAP Fiori App Intercompany Balance Reconciliation does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has high impact on confidentiality and integrity of the application ,availability is not impacted. | ||||
| CVE-2025-13774 | 1 Progress | 2 Flowmon, Flowmon Anomaly Detection System | 2026-02-26 | 8.8 High |
| A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.4 and 13.0.1 where an SQL injection vulnerability allows authenticated users to execute unintended SQL queries and commands. | ||||
| CVE-2026-0891 | 1 Mozilla | 4 Firefox, Firefox Esr, Thunderbird and 1 more | 2026-02-26 | 8.1 High |
| Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | ||||
| CVE-2025-33217 | 1 Nvidia | 6 Display Driver, Geforce, Quadro and 3 more | 2026-02-26 | 7.8 High |
| NVIDIA Display Driver for Windows contains a vulnerability where an attacker could trigger a use after free. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. | ||||
| CVE-2025-33218 | 1 Nvidia | 6 Geforce, Gpu Display Driver, Quadro and 3 more | 2026-02-26 | 7.8 High |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure. | ||||
| CVE-2025-11669 | 1 Zohocorp | 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro | 2026-02-26 | 8.1 High |
| Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality. | ||||
| CVE-2025-33219 | 1 Nvidia | 8 Display Driver, Driver, Geforce and 5 more | 2026-02-26 | 7.8 High |
| NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure. | ||||
| CVE-2025-13444 | 1 Progress | 6 Connection Manager For Objectscale, Ecs Connection Manager, Loadmaster and 3 more | 2026-02-26 | 8.4 High |
| OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters | ||||
| CVE-2025-33220 | 1 Nvidia | 6 Geforce, Quadro, Rtx and 3 more | 2026-02-26 | 7.8 High |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause heap memory access after the memory is freed. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure. | ||||