Search Results (14132 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-48558 1 Google 1 Android 2026-02-26 7.8 High
In multiple functions of BatteryService.java, there is a possible way to hijack implicit intent intended for system app due to Implicit intent hijacking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-48807 1 Microsoft 23 Hyper-v, Server, Windows and 20 more 2026-02-26 6.7 Medium
Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally.
CVE-2025-43491 2 Hp, Microsoft 3 Poly Lens, Poly Lens Desktop, Windows 2026-02-26 9.8 Critical
A vulnerability in the Poly Lens Desktop application running on the Windows platform might allow modifications to the filesystem, which might lead to SYSTEM level privileges being granted.
CVE-2025-23304 4 Apple, Linux, Microsoft and 1 more 4 Macos, Linux Kernel, Windows and 1 more 2026-02-26 7.8 High
NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously crafted metadata. A successful exploit of this vulnerability may lead to remote code execution and data tampering.
CVE-2025-23295 1 Nvidia 1 Apex 2026-02-26 7.8 High
NVIDIA Apex for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
CVE-2025-54466 1 Apache 1 Ofbiz 2026-02-26 6.3 Medium
Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache OFBiz scrum plugin. This issue affects Apache OFBiz: before 24.09.02 only when the scrum plugin is used. Even unauthenticated attackers can exploit this vulnerability. Users are recommended to upgrade to version 24.09.02, which fixes the issue.
CVE-2025-20371 1 Splunk 3 Splunk, Splunk Cloud Platform, Splunk Enterprise 2026-02-26 7.5 High
In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery (SSRF) potentially letting an attacker perform REST API calls on behalf of an authenticated high-privileged user.
CVE-2025-9905 1 Keras 1 Keras 2026-02-26 7.3 High
The Keras Model.load_model method can be exploited to achieve arbitrary code execution, even with safe_mode=True. One can create a specially crafted .h5/.hdf5 model archive that, when loaded via Model.load_model, will trigger arbitrary code to be executed. This is achieved by crafting a special .h5 archive file that uses the Lambda layer feature of keras which allows arbitrary Python code in the form of pickled code. The vulnerability comes from the fact that the safe_mode=True option is not honored when reading .h5 archives. Note that the .h5/.hdf5 format is a legacy format supported by Keras 3 for backwards compatibility.
CVE-2025-23307 1 Nvidia 2 Nemo, Nemo Curator 2026-02-26 7.8 High
NVIDIA NeMo Curator for all platforms contains a vulnerability where a malicious file created by an attacker could allow code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
CVE-2025-23312 1 Nvidia 1 Nemo 2026-02-26 7.8 High
NVIDIA NeMo Framework for all platforms contains a vulnerability in the retrieval services component, where malicious data created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
CVE-2025-23313 1 Nvidia 1 Nemo 2026-02-26 7.8 High
NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
CVE-2025-23314 1 Nvidia 1 Nemo 2026-02-26 7.8 High
NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
CVE-2025-23315 4 Apple, Linux, Microsoft and 1 more 4 Macos, Linux Kernel, Windows and 1 more 2026-02-26 7.8 High
NVIDIA NeMo Framework for all platforms contains a vulnerability in the export and deploy component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
CVE-2025-59251 1 Microsoft 1 Edge Chromium 2026-02-26 7.6 High
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2025-61884 1 Oracle 1 Configurator 2026-02-26 7.5 High
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVE-2025-31365 2 Apple, Fortinet 3 Macos, Forticlient, Forticlientmac 2026-02-26 5.5 Medium
An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientMac 7.4.0 through 7.4.3, 7.2.1 through 7.2.8 may allow an unauthenticated attacker to execute arbitrary code on the victim's host via tricking the user into visiting a malicious website.
CVE-2025-23361 1 Nvidia 1 Nemo 2026-02-26 7.8 High
NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious input created by an attacker may cause improper control of code generation. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
CVE-2025-33178 1 Nvidia 1 Nemo 2026-02-26 7.8 High
NVIDIA NeMo Framework for all platforms contains a vulnerability in the bert services component where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to Code execution, Escalation of privileges, Information disclosure, and Data tampering.
CVE-2025-61955 1 F5 3 F5os, F5os-a, F5os-c 2026-02-26 7.8 High
A vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with local access to escalate their privileges.  A successful exploit may allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2025-61932 1 Motex 1 Lanscope Endpoint Manager 2026-02-26 N/A
Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets.