Export limit exceeded: 19433 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19433 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-6771 | 1 Ivanti | 1 Endpoint Manager Mobile | 2025-07-13 | 7.2 High |
| OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges to achieve remote code execution | ||||
| CVE-2025-20684 | 1 Mediatek | 4 Mt7615, Mt7622, Mt7663 and 1 more | 2025-07-13 | 9.8 Critical |
| In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00416939; Issue ID: MSV-3422. | ||||
| CVE-2025-47228 | 1 Scriptcase | 1 Scriptcase | 2025-07-13 | 6.7 Medium |
| In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), shell injection in the SSH connection settings allows authenticated attackers to execute system commands via crafted HTTP requests. | ||||
| CVE-2025-1229 | 1 Olajowon | 1 Loggrove | 2025-07-13 | 6.3 Medium |
| A vulnerability classified as critical was found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. Affected by this vulnerability is an unknown functionality of the file /read/?page=1&logfile=eee&match=. The manipulation of the argument path leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. | ||||
| CVE-2024-40641 | 1 Projectdiscovery | 1 Nuclei | 2025-07-13 | 7.4 High |
| Nuclei is a fast and customizable vulnerability scanner based on simple YAML based DSL. In affected versions it a way to execute code template without -code option and signature has been discovered. Some web applications inherit from Nuclei and allow users to edit and execute workflow files. In this case, users can execute arbitrary commands. (Although, as far as I know, most web applications use -t to execute). This issue has been addressed in version 3.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-32672 | 1 Samsung Open Source | 1 Escargot | 2025-07-13 | 5.3 Medium |
| A Segmentation Fault issue discovered in Samsung Open Source Escargot JavaScript engine allows remote attackers to cause a denial of service via crafted input. This issue affects Escargot: 4.0.0. | ||||
| CVE-2024-3346 | 1 Byzoro | 1 Smart S80 | 2025-07-13 | 6.3 Medium |
| A vulnerability was found in Byzoro Smart S80 up to 20240328. It has been declared as critical. This vulnerability affects unknown code of the file /log/webmailattach.php. The manipulation of the argument mail_file_path leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259450 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-13170 | 1 Ivanti | 1 Endpoint Manager | 2025-07-13 | 7.5 High |
| An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | ||||
| CVE-2024-20295 | 1 Cisco | 1 Integrated Management Controller | 2025-07-13 | 8.8 High |
| A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. | ||||
| CVE-2024-39840 | 1 Factorio | 1 Factorio | 2025-07-13 | 8.8 High |
| Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake objects. | ||||
| CVE-2025-20014 | 1 Myscada | 1 Mypro Manager | 2025-07-13 | 9.8 Critical |
| mySCADA myPRO does not properly neutralize POST requests sent to a specific port with version information. This vulnerability could be exploited by an attacker to execute arbitrary commands on the affected system. | ||||
| CVE-2024-4696 | 1 Lenovo | 1 Service Bridge | 2025-07-12 | 7.5 High |
| A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited. | ||||
| CVE-2024-0074 | 1 Nvidia | 1 Gpu Display Driver | 2025-07-12 | 7.1 High |
| NVIDIA GPU Display Driver for Linux contains a vulnerability where an attacker may access a memory location after the end of the buffer. A successful exploit of this vulnerability may lead to denial of service and data tampering. | ||||
| CVE-2024-38510 | 1 Lenovo | 1 Xclarity Controller | 2025-07-12 | 7.2 High |
| A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads. | ||||
| CVE-2024-23608 | 1 Ni | 1 Labview | 2025-07-12 | 7.8 High |
| An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions. | ||||
| CVE-2023-5912 | 1 Lenovo | 1 Notebook | 2025-07-12 | 6.7 Medium |
| A potential memory leakage vulnerability was reported in some Lenovo Notebook products that may allow a local attacker with elevated privileges to write to NVRAM variables. | ||||
| CVE-2021-47667 | 1 Zend | 1 Zendto | 2025-07-12 | 10 Critical |
| An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6.10-7 allows unauthenticated remote attackers to execute arbitrary commands via shell metacharacters in the tmp_name parameter when dropping off a file via a POST /dropoff request. | ||||
| CVE-2024-38512 | 1 Lenovo | 1 Xclarity Controller | 2025-07-12 | 7.2 High |
| A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands. | ||||
| CVE-2024-25578 | 1 Microdicom | 1 Dicom Viewer | 2025-07-12 | 7.8 High |
| MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior contain a lack of proper validation of user-supplied data, which could result in memory corruption within the application. | ||||
| CVE-2025-35975 | 1 Microdicom | 1 Dicom Viewer | 2025-07-12 | 8.8 High |
| MicroDicom DICOM Viewer is vulnerable to an out-of-bounds write which may allow an attacker to execute arbitrary code. The user must open a malicious DCM file for exploitation. | ||||