Export limit exceeded: 325294 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (325294 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-22998 | 1 Linux | 1 Linux Kernel | 2026-02-26 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec Commit efa56305908b ("nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length") added ttag bounds checking and data_offset validation in nvmet_tcp_handle_h2c_data_pdu(), but it did not validate whether the command's data structures (cmd->req.sg and cmd->iov) have been properly initialized before processing H2C_DATA PDUs. The nvmet_tcp_build_pdu_iovec() function dereferences these pointers without NULL checks. This can be triggered by sending H2C_DATA PDU immediately after the ICREQ/ICRESP handshake, before sending a CONNECT command or NVMe write command. Attack vectors that trigger NULL pointer dereferences: 1. H2C_DATA PDU sent before CONNECT → both pointers NULL 2. H2C_DATA PDU for READ command → cmd->req.sg allocated, cmd->iov NULL 3. H2C_DATA PDU for uninitialized command slot → both pointers NULL The fix validates both cmd->req.sg and cmd->iov before calling nvmet_tcp_build_pdu_iovec(). Both checks are required because: - Uninitialized commands: both NULL - READ commands: cmd->req.sg allocated, cmd->iov NULL - WRITE commands: both allocated | ||||
| CVE-2026-22999 | 1 Linux | 1 Linux Kernel | 2026-02-26 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: do not free existing class in qfq_change_class() Fixes qfq_change_class() error case. cl->qdisc and cl should only be freed if a new class and qdisc were allocated, or we risk various UAF. | ||||
| CVE-2026-22997 | 1 Linux | 1 Linux Kernel | 2026-02-26 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts Since j1939_session_deactivate_activate_next() in j1939_tp_rxtimer() is called only when the timer is enabled, we need to call j1939_session_deactivate_activate_next() if we cancelled the timer. Otherwise, refcount for j1939_session leaks, which will later appear as | unregister_netdevice: waiting for vcan0 to become free. Usage count = 2. problem. | ||||
| CVE-2025-6298 | 2 Axis, Axis Communications Ab | 2 Axis Os, Axis Os | 2026-02-26 | 6.7 Medium |
| ACAP applications can gain elevated privileges due to improper input validation, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | ||||
| CVE-2025-59241 | 1 Microsoft | 6 Windows, Windows 11, Windows 11 24h2 and 3 more | 2026-02-26 | 7.8 High |
| Improper link resolution before file access ('link following') in Windows Health and Optimized Experiences Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-5452 | 2 Axis, Axis Communications Ab | 234 A1210 \(-b\), A1214, A1601 and 231 more | 2026-02-26 | 6.6 Medium |
| A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP application. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | ||||
| CVE-2025-59230 | 1 Microsoft | 31 Remote, Windows, Windows 10 and 28 more | 2026-02-26 | 7.8 High |
| Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-6571 | 2 Axis, Axis Communications Ab | 2 Axis Os, Axis Os | 2026-02-26 | 6 Medium |
| A 3rd-party component exposed its password in process arguments, allowing for low-privileged users to access it. | ||||
| CVE-2025-59285 | 1 Microsoft | 3 Azure, Azure Monitor, Azure Monitor Agent | 2026-02-26 | 7 High |
| Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-6779 | 2 Axis, Axis Communications Ab | 234 A1210 \(-b\), A1214, A1601 and 231 more | 2026-02-26 | 6.7 Medium |
| An ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | ||||
| CVE-2025-59287 | 1 Microsoft | 12 Server, Server Service, Windows Server and 9 more | 2026-02-26 | 9.8 Critical |
| Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-8108 | 2 Axis, Axis Communications Ab | 234 A1210 \(-b\), A1214, A1601 and 231 more | 2026-02-26 | 6.7 Medium |
| An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | ||||
| CVE-2025-54280 | 1 Adobe | 1 Substance 3d Viewer | 2026-02-26 | 7.8 High |
| Substance3D - Viewer versions 0.25.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-9055 | 3 Axis, Axis Communications Ab, Linux | 3 Axis Os, Axis Os, Linux | 2026-02-26 | 6.4 Medium |
| The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. This flaw can only be exploited after authenticating with an administrator-privileged service account. | ||||
| CVE-2025-54273 | 1 Adobe | 1 Substance 3d Viewer | 2026-02-26 | 7.8 High |
| Substance3D - Viewer versions 0.25.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-7429 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2026-02-26 | 7.3 High |
| Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Mails Deleted or Moved report. | ||||
| CVE-2025-54274 | 1 Adobe | 1 Substance 3d Viewer | 2026-02-26 | 7.8 High |
| Substance3D - Viewer versions 0.25.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-7430 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2026-02-26 | 7.3 High |
| Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Folder Message Count and Size report. | ||||
| CVE-2025-54276 | 1 Adobe | 1 Substance 3d Modeler | 2026-02-26 | 7.8 High |
| Substance3D - Modeler versions 1.22.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-7632 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2026-02-26 | 7.3 High |
| Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report. | ||||