Total
337571 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-24289 | 2026-03-11 | N/A | 7.8 HIGH | ||
| Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-25178 | 2026-03-11 | N/A | 7.0 HIGH | ||
| Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-24288 | 2026-03-11 | N/A | 6.8 MEDIUM | ||
| Heap-based buffer overflow in Windows Mobile Broadband allows an unauthorized attacker to execute code with a physical attack. | |||||
| CVE-2026-30984 | 2026-03-11 | N/A | 6.1 MEDIUM | ||
| iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CIccCalculatorFunc::ApplySequence() causing an application crash. This vulnerability is fixed in 2.3.1.5. | |||||
| CVE-2026-25572 | 2026-03-11 | N/A | 5.1 MEDIUM | ||
| A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK server component does not enforce maximum length checks on certain variables before use. This could allow an attacker to send an oversized input that could trigger a stack overflow crashing the process and potentially causing denial of service. | |||||
| CVE-2026-24294 | 2026-03-11 | N/A | 7.8 HIGH | ||
| Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-25187 | 2026-03-11 | N/A | 7.8 HIGH | ||
| Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-13219 | 2026-03-11 | N/A | 5.9 MEDIUM | ||
| IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. | |||||
| CVE-2026-24287 | 2026-03-11 | N/A | 7.8 HIGH | ||
| External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-24295 | 2026-03-11 | N/A | 7.0 HIGH | ||
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-30983 | 2026-03-11 | N/A | 7.8 HIGH | ||
| iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in icFixXml() (strcpy) causing stack memory corruption or crash. This vulnerability is fixed in 2.3.1.5. | |||||
| CVE-2026-26121 | 2026-03-11 | N/A | 7.5 HIGH | ||
| Server-side request forgery (ssrf) in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2026-25177 | 2026-03-11 | N/A | 8.8 HIGH | ||
| Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2026-24018 | 2026-03-11 | N/A | 7.8 HIGH | ||
| A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root. | |||||
| CVE-2026-24017 | 2026-03-11 | N/A | 8.1 HIGH | ||
| An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to bypass the authentication rate-limit via crafted requests. The success of the attack depends on the attacker's resources and the password target complexity. | |||||
| CVE-2026-28292 | 2026-03-11 | N/A | 9.8 CRITICAL | ||
| `simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code execution on the host machine. Version 3.23.0 contains an updated fix for the vulnerability. | |||||
| CVE-2026-25170 | 2026-03-11 | N/A | 7.0 HIGH | ||
| Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-23665 | 2026-03-11 | N/A | 7.8 HIGH | ||
| Heap-based buffer overflow in Azure Linux Virtual Machines allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-25166 | 2026-03-11 | N/A | 7.8 HIGH | ||
| Deserialization of untrusted data in Windows System Image Manager allows an authorized attacker to execute code locally. | |||||
| CVE-2026-23654 | 2026-03-11 | N/A | 8.8 HIGH | ||
| Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network. | |||||