Export limit exceeded: 19584 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19584 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-36324 | 1 Amd | 25 Amd Ryzen™ Ai 300 Series Processors, Radeon Pro V520, Radeon Pro V620 and 22 more | 2026-02-26 | 8.8 High |
| Improper input validation in AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary code execution. | ||||
| CVE-2026-1837 | 1 Google | 1 Libjxl | 2026-02-26 | 8.8 High |
| A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data. This can be done by requesting color transformation of grayscale images to another grayscale color space. Buffers allocated for 1-float-per-pixel are used as if they are allocated for 3-float-per-pixel. That happens only if LCMS2 is used as CMS engine. There is another CMS engine available (selected by build flags). | ||||
| CVE-2026-2314 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-26 | 8.8 High |
| Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-25108 | 2 Soliton, Soliton Systems K.k. | 2 Filezen, Filezen | 2026-02-26 | 8.8 High |
| FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command. | ||||
| CVE-2026-2630 | 1 Tenable | 1 Security Center | 2026-02-26 | 8.8 High |
| A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable Security Center is hosted. | ||||
| CVE-2026-0874 | 1 Autodesk | 16 3ds Max, Advance Steel, Autocad and 13 more | 2026-02-26 | 7.8 High |
| A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | ||||
| CVE-2026-0875 | 1 Autodesk | 16 3ds Max, Advance Steel, Autocad and 13 more | 2026-02-26 | 7.8 High |
| A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | ||||
| CVE-2026-0797 | 1 Gimp | 1 Gimp | 2026-02-26 | 8.8 High |
| GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28599. | ||||
| CVE-2026-2042 | 1 Nagios | 2 Host, Nagios Xi | 2026-02-26 | 8.8 High |
| Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within the monitoringwizard module. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28245. | ||||
| CVE-2026-2043 | 1 Nagios | 2 Host, Nagios Xi | 2026-02-26 | 8.8 High |
| Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within the esensors_websensor_configwizard_func method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28249. | ||||
| CVE-2026-2041 | 1 Nagios | 2 Host, Nagios Xi | 2026-02-26 | 8.8 High |
| Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within the zabbixagent_configwizard_func method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28250. | ||||
| CVE-2026-2045 | 1 Gimp | 1 Gimp | 2026-02-26 | 7.3 High |
| GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28265. | ||||
| CVE-2026-2047 | 1 Gimp | 1 Gimp | 2026-02-26 | 7.8 High |
| GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICNS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28530. | ||||
| CVE-2026-2048 | 1 Gimp | 1 Gimp | 2026-02-26 | 7.8 High |
| GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28591. | ||||
| CVE-2026-3062 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-26 | 8.8 High |
| Out of bounds read and write in Tint in Google Chrome on Mac prior to 145.0.7632.116 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-13942 | 1 Zyxel | 36 Dx4510-b0, Dx4510-b0 Firmware, Dx4510-b1 and 33 more | 2026-02-26 | 9.8 Critical |
| A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP requests. | ||||
| CVE-2025-13943 | 1 Zyxel | 104 Am7510-00, Am7510-00 Firmware, Ax7501-b1 and 101 more | 2026-02-26 | 8.8 High |
| A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware versions through 5.50(ABVY.7)C0 could allow an authenticated attacker to execute operating system (OS) commands on an affected device. | ||||
| CVE-2026-1459 | 1 Zyxel | 12 Dx5401-b1, Dx5401-b1 Firmware, Emg3525-t50b and 9 more | 2026-02-26 | 7.2 High |
| A post-authentication command injection vulnerability in the TR-369 certificate download CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.7)C0 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on an affected device. | ||||
| CVE-2026-2792 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-02-26 | 9.8 Critical |
| Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | ||||
| CVE-2026-2793 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-02-26 | 9.8 Critical |
| Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | ||||