Search Results (14132 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-1976 1 Broadcom 1 Fabric Operating System 2026-02-26 6.7 Medium
Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6.
CVE-2025-37099 1 Hpe 1 Insight Remote Support 2026-02-26 9.8 Critical
A remote code execution vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646.
CVE-2025-36014 1 Ibm 2 Integration Bus, Z\/os 2026-02-26 8.2 High
IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable to code injection by a privileged user with access to the IIB install directory.
CVE-2025-25021 1 Ibm 2 Cloud Pak For Security, Qradar Suite 2026-02-26 7.2 High
IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a privileged execute code in case management script creation due to the improper generation of code.
CVE-2025-47988 1 Microsoft 2 Azure Monitor, Azure Monitor Agent 2026-02-26 7.5 High
Improper control of generation of code ('code injection') in Azure Monitor Agent allows an unauthorized attacker to execute code over an adjacent network.
CVE-2025-53547 1 Helm 1 Helm 2026-02-26 8.5 High
Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when dependencies are updated and this file is written, can be crafted in a way that can cause execution if that same content were in a file that is executed (e.g., a bash.rc file or shell script). If the Chart.lock file is symlinked to one of these files updating dependencies will write the lock file content to the symlinked file. This can lead to unwanted execution. Helm warns of the symlinked file but did not stop execution due to symlinking. This issue has been resolved in Helm v3.18.4.
CVE-2025-33070 1 Microsoft 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more 2026-02-26 8.1 High
Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network.
CVE-2024-51768 1 Hpe 1 Autopass License Server 2026-02-26 8 High
An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.
CVE-2025-5309 1 Beyondtrust 2 Privileged Remote Access, Remote Support 2026-02-26 9.8 Critical
The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution.
CVE-2025-5777 2 Citrix, Netscaler 4 Netscaler Application Delivery Controller, Netscaler Gateway, Adc and 1 more 2026-02-26 7.5 High
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
CVE-2025-37105 1 Hpe 1 Autopass License Server 2026-02-26 7.5 High
An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.
CVE-2025-36595 1 Dell 2 Solutions Enabler Virtual Appliance, Unisphere For Powermax Virtual Appliance 2026-02-26 7.2 High
Dell Unisphere for PowerMax vApp, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.
CVE-2025-54451 2 Samsung, Samsung Electronics 2 Magicinfo 9 Server, Magicinfo 9 Server 2026-02-26 9.8 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.
CVE-2025-7361 2 Microsoft, Ni 2 Windows, Labview 2026-02-26 7.8 High
A code injection vulnerability due to an improper initialization check exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI using a CIN node. This vulnerability affects 32-bit NI LabVIEW 2025 Q1 and prior versions. LabVIEW 64-bit versions do not support CIN nodes and are not affected.
CVE-2025-6204 1 3ds 1 Delmia Apriso 2026-02-26 8 High
An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.
CVE-2025-53767 1 Microsoft 3 Azure, Azure Open-ai, Azure Openai 2026-02-26 10 Critical
Azure OpenAI Elevation of Privilege Vulnerability
CVE-2025-8356 1 Xerox 1 Freeflow Core 2026-02-26 9.8 Critical
In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.
CVE-2025-32347 1 Google 1 Android 2026-02-26 7.8 High
In onStart of BiometricEnrollIntroduction.java, there is a possible way to determine the device's location due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2025-53759 1 Microsoft 13 365, 365 Apps, Excel and 10 more 2026-02-26 7.8 High
Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-50165 1 Microsoft 6 Server, Windows, Windows 11 24h2 and 3 more 2026-02-26 9.8 Critical
Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.