Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
Showing 10,661 - 10,680 of 14,108 CVEs
CVE-2025-67840 HIGH - 7.2

Multiple authenticated OS command injection vulnerabilities exist in the Cohesity (formerly Stone Ram) TranZman 4.0 Build 14614 through TZM_1757588060_SEP2025_FULL.depot web application API endpoints (including Scheduler and Actions pages). The appliance directly concatenates user-controlled paramet...

Vendor: cohesity
Product: tranzman
Published: Mar 03, 2026
Source: NVD
CVE-2025-63912 HIGH - 7.5

Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to use a weak cryptography algorithm for data encryption, allowing attackers to trivially reverse the encyption and expose credentials.

Vendor: cohesity
Product: tranzman
Published: Mar 03, 2026
Source: NVD
CVE-2025-63911 HIGH - 7.2

Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to contain an authenticated command injection vulnerability.

Vendor: cohesity
Product: tranzman
Published: Mar 03, 2026
Source: NVD
CVE-2025-63910 HIGH - 7.2

An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted patch file.

Vendor: cohesity
Product: tranzman
Published: Mar 03, 2026
Source: NVD
CVE-2025-63909 HIGH - 7.2

Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers to escalate privileges to root and read and write arbitrary files.

Vendor: cohesity
Product: tranzman
Published: Mar 03, 2026
Source: NVD
CVE-2021-35486 HIGH - 8.1

A Cross-Site Request Forgery (CSRF) vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifically, in /ui/rest-proxy/entity/import, neither the X-CSRF-NONCE HTTP header nor the CSRF-NONCE cookie ...

Published: Mar 03, 2026
Source: NVD
CVE-2021-35485 HIGH - 8.0

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload server-side executable files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editin...

Vendor: nokia
Product: impact
Published: Mar 03, 2026
Source: NVD
CVE-2021-35484 HIGH - 8.2

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic (for the View Campaign page) via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive ...

Vendor: nokia
Product: impact
Published: Mar 03, 2026
Source: NVD
CVE-2026-27905 HIGH - 8.1

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.36, the safe_extract_tarfile() function validates that each tar member's path is within the destination directory, but for symlink members it only validates the symlink's...

Vendor: pip
Product: bentoml
Published: Mar 03, 2026
Source: GitHub
CVE-2026-27601 HIGH - 7.5

Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the _.flatten and _.isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service (DoS) attack by triggering a stack overflow. Untru...

Vendor: npm
Product: underscore
Published: Mar 03, 2026
Source: GitHub
CVE-2025-62817 HIGH - 7.5

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of session->ncp_hdr_buf in __pilot_parsing_ncp() causes a denial of service.

Vendor: samsung
Product: exynos_1280_firmware
Published: Mar 03, 2026
Source: NVD
CVE-2025-66680 HIGH - 7.1

An issue in the WiseDelfile64.sys component of WiseCleaner Wise Force Deleter 7.3.2 and earlier allows attackers to delete arbitrary files via a crafted request.

Vendor: wisecleaner
Product: wise_force_deleter
Published: Mar 03, 2026
Source: NVD
CVE-2025-66363 HIGH - 7.5

An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There was no check for memory initialization within DL NAS Transport messages.

Vendor: samsung
Product: exynos_2200_firmware
Published: Mar 03, 2026
Source: NVD
CVE-2025-62814 HIGH - 7.5

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. A NULL pointer dereference of ft_handle in load_fw_utc_vector() causes a denial of service.

Vendor: samsung
Product: exynos_1280_firmware
Published: Mar 03, 2026
Source: NVD
CVE-2026-28518 HIGH - 7.8

OpenViking versions 0.2.1 and prior, fixed in commitย 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to write files outside the intended import directory. Attackers can craft malicious ZIP archives with traversal sequences, absolute paths, or driv...

Vendor: Volcengine
Product: OpenViking
Published: Mar 03, 2026
Source: NVD
CVE-2026-25673 HIGH - 7.5

An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. `URLField.to_python()` in Django calls `urllib.parse.urlsplit()`, which performs NFKC normalization on Windows that is disproportionately slow for certain Unicode characters, allowing a remote attacker to cause de...

Vendor: djangoproject
Product: Django
Published: Mar 03, 2026
Source: NVD
CVE-2026-20777 HIGH - 8.1

A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted .wft file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Vendor: The Biosig Project
Product: libbiosig
Published: Mar 03, 2026
Source: NVD
CVE-2025-52365 HIGH - 7.8

A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows remote attackers to execute arbitrary system commands via unsanitized user input passed to os.system(). The vulnerability arises from improper input handling where command-line arguments are directly ...

Published: Mar 03, 2026
Source: NVD
CVE-2023-22648 HIGH - 8.0

A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. This would cause the users to retain their previous permissions in Rancher, even if they change groups on Azure AD, for example...

Vendor: go
Product: github.com/rancher/rancher
Published: Mar 03, 2026
Source: GitHub
CVE-2026-3342 HIGH - 7.2

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged administrator to execute arbitrary code with root permissions via an exposed management interface. This vulnerability affects Fireware OS 11.9 up to and including 11.12.4_Update1, 12.0 up to and inc...

Vendor: watchguard
Product: fireware
Published: Mar 03, 2026
Source: NVD