Export limit exceeded: 328243 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 328243 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (328243 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27059 | 1 Microsoft | 2 Excel, Office | 2025-07-30 | 7.6 High |
| Microsoft Office Remote Code Execution Vulnerability | ||||
| CVE-2021-21193 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-07-30 | 8.8 High |
| Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2021-22506 | 1 Microfocus | 1 Access Manager | 2025-07-30 | 7.5 High |
| Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage. | ||||
| CVE-2021-25370 | 1 Samsung | 1 Android | 2025-07-30 | 6.1 Medium |
| An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic. | ||||
| CVE-2021-22991 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2025-07-30 | 9.8 Critical |
| On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, undisclosed requests to a virtual server may be incorrectly handled by the Traffic Management Microkernel (TMM) URI normalization, which may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may theoretically allow bypass of URL based access control or remote code execution (RCE). Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | ||||
| CVE-2021-22205 | 1 Gitlab | 1 Gitlab | 2025-07-30 | 10 Critical |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution. | ||||
| CVE-2021-21206 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-07-30 | 8.8 High |
| Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2021-32030 | 1 Asus | 4 Gt-ac2900, Gt-ac2900 Firmware, Lyra Mini and 1 more | 2025-07-30 | 9.8 Critical |
| The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.4_384_46630 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handle_request in router/httpd/httpd.c and auth_check in web_hook.o. An attacker-supplied value of '\0' matches the device's default value of '\0' in some situations. Note: All versions of Lyra Mini and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability, Consumers can mitigate this vulnerability by disabling the remote access features from WAN. | ||||
| CVE-2021-1906 | 1 Qualcomm | 800 Apq8009, Apq8009 Firmware, Apq8009w and 797 more | 2025-07-30 | 6.2 Medium |
| Improper handling of address deregistration on failure can lead to new GPU address allocation failure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | ||||
| CVE-2021-31755 | 1 Tenda | 2 Ac11, Ac11 Firmware | 2025-07-30 | 9.8 Critical |
| An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request. | ||||
| CVE-2021-28663 | 1 Arm | 3 Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2025-07-30 | 8.8 High |
| The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0. | ||||
| CVE-2021-31166 | 1 Microsoft | 7 Windows 10 1809, Windows 10 2004, Windows 10 20h2 and 4 more | 2025-07-30 | 9.8 Critical |
| HTTP Protocol Stack Remote Code Execution Vulnerability | ||||
| CVE-2021-28799 | 1 Qnap | 4 Hybrid Backup Sync, Qts, Quts Hero and 1 more | 2025-07-30 | 10 Critical |
| An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to v3.0.210412 on QTS 4.3.6; versions prior to v3.0.210411 on QTS 4.3.4; versions prior to v3.0.210411 on QTS 4.3.3; versions prior to v16.0.0419 on QuTS hero h4.5.1; versions prior to v16.0.0419 on QuTScloud c4.5.1~c4.5.4. This issue does not affect: QNAP Systems Inc. HBS 2 . QNAP Systems Inc. HBS 1.3 . | ||||
| CVE-2021-21985 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2025-07-30 | 9.8 Critical |
| The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. | ||||
| CVE-2021-22894 | 1 Ivanti | 1 Connect Secure | 2025-07-30 | 8.8 High |
| A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room. | ||||
| CVE-2021-22899 | 1 Ivanti | 1 Connect Secure | 2025-07-30 | 8.8 High |
| A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature | ||||
| CVE-2021-30533 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-07-30 | 6.5 Medium |
| Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe. | ||||
| CVE-2021-1675 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2025-07-30 | 7.8 High |
| Windows Print Spooler Remote Code Execution Vulnerability | ||||
| CVE-2021-31199 | 1 Microsoft | 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more | 2025-07-30 | 5.2 Medium |
| Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability | ||||
| CVE-2021-31201 | 1 Microsoft | 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more | 2025-07-30 | 5.2 Medium |
| Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability | ||||