Export limit exceeded: 362599 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 16496 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (16496 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-3812 2 Linux, Redhat 7 Linux Kernel, Enterprise Linux, Rhel Aus and 4 more 2026-02-26 7.8 High
An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2025-27516 3 Debian, Palletsprojects, Redhat 11 Debian Linux, Jinja, Ansible Automation Platform and 8 more 2026-02-26 8.8 High
Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to use the |attr filter to get a reference to a string's plain format method, bypassing the sandbox. After the fix, the |attr filter no longer bypasses the environment's attribute lookup. This vulnerability is fixed in 3.1.6.
CVE-2025-24855 2 Redhat, Xmlsoft 8 Enterprise Linux, Openshift, Rhel Aus and 5 more 2026-02-26 7.8 High
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
CVE-2025-21171 4 Apple, Linux, Microsoft and 1 more 7 Macos, Linux Kernel, .net and 4 more 2026-02-26 7.5 High
.NET Remote Code Execution Vulnerability
CVE-2025-21176 4 Apple, Linux, Microsoft and 1 more 25 Macos, Linux Kernel, .net and 22 more 2026-02-26 8.8 High
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
CVE-2025-21172 4 Apple, Linux, Microsoft and 1 more 10 Macos, Linux Kernel, .net and 7 more 2026-02-26 7.5 High
.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2025-24928 3 Netapp, Redhat, Xmlsoft 28 Active Iq Unified Manager, H300s, H300s Firmware and 25 more 2026-02-26 7.8 High
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.
CVE-2024-11235 2 Php, Redhat 2 Php, Enterprise Linux 2026-02-26 8.1 High
In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??=  operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the script, it could lead to remote code execution.
CVE-2023-42875 2 Apple, Redhat 12 Ipados, Iphone Os, Macos and 9 more 2026-02-26 7.3 High
Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. The issue was addressed with improved memory handling.
CVE-2023-42970 2 Apple, Redhat 12 Ipados, Iphone Os, Macos and 9 more 2026-02-26 8.8 High
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. Processing web content may lead to arbitrary code execution.
CVE-2025-21587 2 Oracle, Redhat 13 Graalvm, Graalvm For Jdk, Java Se and 10 more 2026-02-26 7.4 High
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE:8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK:17.0.14, 21.0.6, 24; Oracle GraalVM Enterprise Edition:20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
CVE-2025-26646 4 Apple, Linux, Microsoft and 1 more 9 Macos, Linux Kernel, .net and 6 more 2026-02-26 8 High
External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.
CVE-2025-4802 2 Gnu, Redhat 7 Glibc, Discovery, Enterprise Linux and 4 more 2026-02-26 7.8 High
Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).
CVE-2025-48734 2 Apache, Redhat 8 Commons Beanutils, Amq Streams, Apache Camel Spring Boot and 5 more 2026-02-26 8.8 High
Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default. Releases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum’s class loader via the “declaredClass” property available on all Java “enum” objects. Accessing the enum’s “declaredClass” allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty(). Starting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the “declaredClass” property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user's guide and the unit tests. This issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.Users of the artifact commons-beanutils:commons-beanutils 1.x are recommended to upgrade to version 1.11.0, which fixes the issue. Users of the artifact org.apache.commons:commons-beanutils2 2.x are recommended to upgrade to version 2.0.0-M2, which fixes the issue.
CVE-2025-32463 6 Canonical, Debian, Opensuse and 3 more 8 Ubuntu Linux, Debian Linux, Leap and 5 more 2026-02-26 9.3 Critical
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
CVE-2024-5154 2 Kubernetes, Redhat 4 Cri-o, Enterprise Linux, Openshift and 1 more 2026-02-25 8.1 High
A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.
CVE-2023-7216 2 Gnu, Redhat 2 Cpio, Enterprise Linux 2026-02-25 5.3 Medium
A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which allows files to be written in arbitrary directories through symlinks.
CVE-2024-1062 2 Fedoraproject, Redhat 16 Fedora, 389 Directory Server, Directory Server and 13 more 2026-02-25 5.5 Medium
A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.
CVE-2023-6917 2 Redhat, Sgi 2 Enterprise Linux, Performance Co-pilot 2026-02-25 6 Medium
A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation.
CVE-2023-5633 2 Linux, Redhat 23 Linux Kernel, Codeready Linux Builder, Codeready Linux Builder Eus and 20 more 2026-02-25 7.8 High
The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.