Export limit exceeded: 337517 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337517 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-33216 | 1 Nvidia | 1 Snap-4 Container | 2026-03-25 | 6.8 Medium |
| NVIDIA SNAP-4 Container contains a vulnerability in the configuration interface where an attacker on a VM may cause an incorrect calculation of buffer size by sending crafted configurations. A successful exploit of this vulnerability may lead to crash of the SNAP service, causing denial of service of the storage service to the host. | ||||
| CVE-2025-33242 | 1 Nvidia | 2 Dgx B300, Hgx B300 | 2026-03-25 | 5.9 Medium |
| NVIDIA B300 MCU contains a vulnerability in the CX8 MCU that could allow a malicious actor to modify unsupported registries, causing a bad state. A successful exploit of this vulnerability might lead to denial of service and data tampering. | ||||
| CVE-2025-33244 | 1 Nvidia | 1 Apex | 2026-03-25 | 9 Critical |
| NVIDIA APEX for Linux contains a vulnerability where an unauthorized attacker could cause a deserialization of untrusted data. This vulnerability affects environments that use PyTorch versions earlier than 2.6. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, data tampering, and information disclosure. | ||||
| CVE-2025-33238 | 1 Nvidia | 1 Triton Inference Server | 2026-03-25 | 7.5 High |
| NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability where an attacker may cause an exception. A successful exploit of this vulnerability may lead to denial of service. | ||||
| CVE-2025-33254 | 1 Nvidia | 1 Triton Inference Server | 2026-03-25 | 7.5 High |
| NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause internal state corruption. A successful exploit of this vulnerability may lead to a denial of service. | ||||
| CVE-2026-24158 | 1 Nvidia | 1 Triton Inference Server | 2026-03-25 | 7.5 High |
| NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of service by providing a large compressed payload. A successful exploit of this vulnerability may lead to denial of service. | ||||
| CVE-2026-24141 | 1 Nvidia | 1 Nvidia Model Optimizer | 2026-03-25 | 7.8 High |
| NVIDIA Model Optimizer for Windows and Linux contains a vulnerability in the ONNX quantization feature, where a user could cause unsafe deserialization by providing a specially crafted input file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure. | ||||
| CVE-2026-24157 | 1 Nvidia | 1 Nemo Framework | 2026-03-25 | 7.8 High |
| NVIDIA NeMo Framework contains a vulnerability in checkpoint loading where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering. | ||||
| CVE-2026-24159 | 1 Nvidia | 1 Nemo Framework | 2026-03-25 | 7.8 High |
| NVIDIA NeMo Framework contains a vulnerability where an attacker may cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering. | ||||
| CVE-2026-28425 | 1 Statamic | 2 Cms, Statamic | 2026-03-25 | 8 High |
| Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, an authenticated control panel user with access to Antlers-enabled inputs may be able to achieve remote code execution in the application context. That can lead to full compromise of the application, including access to sensitive configuration, modification or exfiltration of data, and potential impact on availability. Exploitation is only possible where Antlers runs on user-controlled content—for example, content fields with Antlers explicitly enabled (requiring permission to configure fields and to edit entries), built-in config that supports Antlers such as Forms email notification settings (requiring configuration permission), or third-party addons that add Antlers-enabled fields to entries (for example, the SEO Pro addon). In each case the attacker must have the relevant control panel permissions. This has been fixed in 5.73.16 and 6.7.2. Users of addons that depend on Statamic should ensure that after updating they are running a patched Statamic version. | ||||
| CVE-2026-3912 | 1 Tibco | 2 Activematrix Businessworks, Enterprise Administrator | 2026-03-25 | N/A |
| Injection vulnerabilities due to validation/sanitisation of user-supplied input in ActiveMatrix BusinessWorks and Enterprise Administrator allows information disclosure, including exposure of accessible local files and host system details, and may allow manipulation of application behaviour. | ||||
| CVE-2026-28841 | 1 Apple | 1 Macos | 2026-03-25 | 6.2 Medium |
| A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Tahoe 26.4. A buffer overflow may result in memory corruption and unexpected app termination. | ||||
| CVE-2026-28894 | 1 Apple | 4 Ios And Ipados, Ipados, Iphone Os and 1 more | 2026-03-25 | 7.5 High |
| A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. A remote attacker may be able to cause a denial-of-service. | ||||
| CVE-2026-20699 | 1 Apple | 1 Macos | 2026-03-25 | 6.2 Medium |
| A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. An app may be able to access user-sensitive data. | ||||
| CVE-2026-20637 | 1 Apple | 7 Ios And Ipados, Ipados, Iphone Os and 4 more | 2026-03-25 | 6.2 Medium |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to cause unexpected system termination. | ||||
| CVE-2026-4689 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-03-25 | 10 Critical |
| Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-4690 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-03-25 | 9.6 Critical |
| Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | ||||
| CVE-2026-4722 | 1 Mozilla | 1 Firefox | 2026-03-25 | 8.8 High |
| Privilege escalation in the IPC component. This vulnerability affects Firefox < 149 and Thunderbird < 149. | ||||
| CVE-2026-4725 | 1 Mozilla | 1 Firefox | 2026-03-25 | 9.3 Critical |
| Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149 and Thunderbird < 149. | ||||
| CVE-2026-33309 | 1 Langflow | 1 Langflow | 2026-03-25 | 10 Critical |
| Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 (External Control of File Name), leading to the root architectural issue within `LocalStorageService` remaining unresolved. Because the underlying storage layer lacks boundary containment checks, the system relies entirely on the HTTP-layer `ValidatedFileName` dependency. This defense-in-depth failure leaves the `POST /api/v2/files/` endpoint vulnerable to Arbitrary File Write. The multipart upload filename bypasses the path-parameter guard, allowing authenticated attackers to write files anywhere on the host system, leading to Remote Code Execution (RCE). Version 1.9.0 contains an updated fix. | ||||