Export limit exceeded: 17717 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (17717 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-27220 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2026-03-11 | 7.8 High |
| Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-27267 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2026-03-11 | 7.8 High |
| Illustrator versions 29.8.4, 30.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-27268 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2026-03-11 | 5.5 Medium |
| Illustrator versions 29.8.4, 30.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-27270 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2026-03-11 | 5.5 Medium |
| Illustrator versions 29.8.4, 30.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-27271 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2026-03-11 | 7.8 High |
| Illustrator versions 29.8.4, 30.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-27272 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2026-03-11 | 7.8 High |
| Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-21362 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2026-03-11 | 7.8 High |
| Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-21333 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2026-03-11 | 8.6 High |
| Illustrator versions 29.8.4, 30.1 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-3538 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-03-11 | 8.8 High |
| Integer overflow in Skia in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-3537 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-03-11 | 8.8 High |
| Object lifecycle issue in PowerVR in Google Chrome on Android prior to 145.0.7632.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-3536 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-03-11 | 8.8 High |
| Integer overflow in ANGLE in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-28711 | 2 Acronis, Microsoft | 3 Acronis Cyber Protect 17, Cyber Protect, Windows | 2026-03-11 | N/A |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186. | ||||
| CVE-2026-28722 | 2 Acronis, Microsoft | 3 Acronis Cyber Protect 17, Cyber Protect, Windows | 2026-03-11 | N/A |
| Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186. | ||||
| CVE-2026-28721 | 2 Acronis, Microsoft | 3 Acronis Cyber Protect 17, Cyber Protect, Windows | 2026-03-11 | N/A |
| Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186. | ||||
| CVE-2026-28717 | 2 Acronis, Microsoft | 3 Acronis Cyber Protect 17, Cyber Protect, Windows | 2026-03-11 | N/A |
| Local privilege escalation due to improper directory permissions. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186. | ||||
| CVE-2026-28712 | 2 Acronis, Microsoft | 3 Acronis Cyber Protect 17, Cyber Protect, Windows | 2026-03-11 | N/A |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186. | ||||
| CVE-2021-40444 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2026-03-11 | 8.8 High |
| <p>Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.</p> <p>An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Microsoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability. Customers should keep antimalware products up to date. Customers who utilize automatic updates do not need to take additional action. Enterprise customers who manage updates should select the detection build 1.349.22.0 or newer and deploy it across their environments. Microsoft Defender for Endpoint alerts will be displayed as: “Suspicious Cpl File Execution”.</p> <p>Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.</p> <p>Please see the <strong>Mitigations</strong> and <strong>Workaround</strong> sections for important information about steps you can take to protect your system from this vulnerability.</p> <p><strong>UPDATE</strong> September 14, 2021: Microsoft has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. Please see the FAQ for important information about which updates are applicable to your system.</p> | ||||
| CVE-2026-3787 | 3 Microsoft, Ultravnc, Uvnc | 3 Windows, Ultravnc, Ultravnc | 2026-03-10 | 7 High |
| A weakness has been identified in UltraVNC 1.6.4.0 on Windows. This affects an unknown function in the library cryptbase.dll of the component Windows Service. This manipulation causes uncontrolled search path. The attack requires local access. A high degree of complexity is needed for the attack. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-15558 | 2 Docker, Microsoft | 4 Command Line Interface, Composer, Docker and 1 more | 2026-03-09 | 8.0 High |
| Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the docker CLI is executed as a privileged user. This issue affects Docker CLI: through 29.1.5 and Windows binaries acting as a CLI-plugin manager using the github.com/docker/cli/cli-plugins/manager https://pkg.go.dev/github.com/docker/cli@v29.1.5+incompatible/cli-plugins/manager package, such as Docker Compose. This issue does not impact non-Windows binaries, and projects not using the plugin-manager code. | ||||
| CVE-2023-45243 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2026-03-06 | 5.5 Medium |
| Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186. | ||||