Total
13751 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-20783 | 2 Google, Mediatek | 46 Android, Mt6739, Mt6761 and 43 more | 2026-02-26 | 6.7 Medium |
| In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4684. | ||||
| CVE-2026-1284 | 1 Dassault | 1 Edrawings | 2026-02-26 | 7.8 High |
| An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file. | ||||
| CVE-2025-68119 | 2 Golang, Gotoolchain | 2 Go, Cmd/go | 2026-02-26 | 7 High |
| Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. This issue can also be triggered by providing a malicious version string to the toolchain. On systems with Git installed, downloading and building modules with malicious version strings can allow an attacker to write to arbitrary files on the filesystem. This can only be triggered by explicitly providing the malicious version strings to the toolchain and does not affect usage of @latest or bare module paths. | ||||
| CVE-2025-25249 | 1 Fortinet | 3 Fortios, Fortisase, Fortiswitchmanager | 2026-02-26 | 7.4 High |
| A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows attacker to execute unauthorized code or commands via specially crafted packets | ||||
| CVE-2026-20407 | 2 Mediatek, Mediatk | 13 Mt7902, Mt7920, Mt7921 and 10 more | 2026-02-26 | 9.3 Critical |
| In wlan STA driver, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00464377; Issue ID: MSV-4905. | ||||
| CVE-2026-20408 | 2 Mediatek, Openwrt | 8 Mt6890, Mt7615, Mt7915 and 5 more | 2026-02-26 | 8.8 High |
| In wlan, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00461651; Issue ID: MSV-4758. | ||||
| CVE-2026-20409 | 3 Google, Mediatek, Mediatk | 4 Android, Mt6897, Mt6989 and 1 more | 2026-02-26 | 7.8 High |
| In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10363246; Issue ID: MSV-5779. | ||||
| CVE-2026-20410 | 2 Google, Mediatek | 6 Android, Mt6897, Mt6989 and 3 more | 2026-02-26 | 6.7 Medium |
| In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362552; Issue ID: MSV-5760. | ||||
| CVE-2026-20412 | 2 Google, Mediatek | 25 Android, Mt6878, Mt6879 and 22 more | 2026-02-26 | 7.8 High |
| In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10351676; Issue ID: MSV-5733. | ||||
| CVE-2026-20413 | 2 Google, Mediatek | 5 Android, Mt6899, Mt6991 and 2 more | 2026-02-26 | 6.7 Medium |
| In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362725; Issue ID: MSV-5694. | ||||
| CVE-2026-20417 | 2 Google, Mediatek | 4 Android, Mt6991, Mt6993 and 1 more | 2026-02-26 | 5.3 Medium |
| In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10314946 / ALPS10340155; Issue ID: MSV-5154. | ||||
| CVE-2026-20418 | 2 Google, Mediatek | 3 Matter, Mt7931, Mt7933 | 2026-02-26 | 9.8 Critical |
| In Thread, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00465153; Issue ID: MSV-4927. | ||||
| CVE-2026-1861 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-26 | 8.8 High |
| Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-0659 | 1 Autodesk | 3 3ds Max, Arnold, Usd For Arnold | 2026-02-26 | 7.8 High |
| A maliciously crafted USD file, when loaded or imported into Autodesk Arnold or Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2026-0538 | 1 Autodesk | 1 3ds Max | 2026-02-26 | 7.8 High |
| A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2026-0537 | 1 Autodesk | 1 3ds Max | 2026-02-26 | 7.8 High |
| A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2026-0661 | 1 Autodesk | 1 3ds Max | 2026-02-26 | 7.8 High |
| A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2026-0536 | 1 Autodesk | 1 3ds Max | 2026-02-26 | 7.8 High |
| A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2026-0106 | 1 Google | 1 Android | 2026-02-26 | 9.3 Critical |
| In vpu_mmap of vpu_ioctl, there is a possible arbitrary address mmap due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-21304 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2026-02-26 | 7.8 High |
| InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||