Export limit exceeded: 19216 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19216 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38025 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2026-02-10 | 7.2 High |
| Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | ||||
| CVE-2026-25857 | 1 Tenda | 1 G300-f | 2026-02-10 | N/A |
| Tenda G300-F router firmware version 16.01.14.2 and prior contain an OS command injection vulnerability in the WAN diagnostic functionality (formSetWanDiag). The implementation constructs a shell command that invokes curl and incorporates attacker-controlled input into the command line without adequate neutralization. As a result, a remote attacker with access to the affected management interface can inject additional shell syntax and execute arbitrary commands on the device with the privileges of the management process. | ||||
| CVE-2025-20993 | 1 Samsung | 1 Android | 2026-02-10 | 4 Medium |
| Out-of-bounds write in libsecimaging.camera.samsung.so prior to SMR Jun-2025 Release 1 allows local attackers to write out-of-bounds memory. | ||||
| CVE-2026-26009 | 1 Karutoil | 1 Catalyst | 2026-02-10 | 10 Critical |
| Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating system as root via bash -c, with no sandboxing or containerization. Any user with template.create or template.update permission can define arbitrary shell commands that achieve full root-level remote code execution on every node machine in the cluster. This vulnerability is fixed in commit 11980aaf3f46315b02777f325ba02c56b110165d. | ||||
| CVE-2025-52626 | 1 Hcltech | 1 Aion | 2026-02-10 | 4.5 Medium |
| A Potential Command Injection vulnerability in HCL AION. An This can allow unintended command execution, potentially leading to unauthorized actions on the underlying system.This issue affects AION: 2.0 | ||||
| CVE-2025-47320 | 1 Qualcomm | 427 9206 Lte Modem, 9206 Lte Modem Firmware, Apq8017 and 424 more | 2026-02-10 | 7.8 High |
| Memory corruption while processing MFC channel configuration during music playback. | ||||
| CVE-2025-13447 | 1 Progress | 5 Connection Manager For Objectscale*, Ecs Connection Manager, Loadmaster and 2 more | 2026-02-10 | 8.4 High |
| OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters | ||||
| CVE-2026-24926 | 1 Huawei | 1 Harmonyos | 2026-02-10 | 8.4 High |
| Out-of-bounds write vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-24925 | 1 Huawei | 1 Harmonyos | 2026-02-10 | 7.3 High |
| Heap-based buffer overflow vulnerability in the image module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-24919 | 1 Huawei | 2 Emui, Harmonyos | 2026-02-10 | 6 Medium |
| Out-of-bounds write vulnerability in the DFX module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2019-14193 | 1 Denx | 1 U-boot | 2026-02-10 | N/A |
| An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the "if" block after calculating the new path length. | ||||
| CVE-2023-52356 | 2 Libtiff, Redhat | 4 Libtiff, Ai Inference Server, Discovery and 1 more | 2026-02-10 | 7.5 High |
| A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. | ||||
| CVE-2026-25502 | 2 Color, Internationalcolorconsortium | 2 Iccdev, Iccdev | 2026-02-10 | 7.8 High |
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, stack-based buffer overflow in icFixXml() function when processing malformed ICC profiles, allows potential arbitrary code execution through crafted NamedColor2 tags. This issue has been patched in version 2.3.1.2. | ||||
| CVE-2026-25063 | 1 Gradle | 1 Gradle-completion | 2026-02-10 | N/A |
| gradle-completion provides Bash and Zsh completion support for Gradle. A command injection vulnerability was found in gradle-completion up to and including 9.3.0 that allows arbitrary code execution when a user triggers Bash tab completion in a project containing a malicious Gradle build file. The `gradle-completion` script for Bash fails to adequately sanitize Gradle task names and task descriptions, allowing command injection via a malicious Gradle build file when the user completes a command in Bash (without them explicitly running any task in the build). For example, given a task description that includes a string between backticks, then that string would be evaluated as a command when presenting the task description in the completion list. While task execution is the core feature of Gradle, this inherent execution may lead to unexpected outcomes. The vulnerability does not affect zsh completion. The first patched version is 9.3.1. As a workaround, it is possible and effective to temporarily disable bash completion for Gradle by removing `gradle-completion` from `.bashrc` or `.bash_profile`. | ||||
| CVE-2020-37133 | 2 Ultravnc, Uvnc | 2 Ultravnc, Ultravnc | 2026-02-09 | 7.5 High |
| UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allows attackers to crash the application. Attackers can paste an overly long string of 300 characters into the Repeater Host property to trigger an application crash. | ||||
| CVE-2020-37132 | 2 Ultravnc, Uvnc | 2 Ultravnc, Ultravnc | 2026-02-09 | 6.2 Medium |
| UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration properties that allows local attackers to crash the application. Attackers can paste an overly long 300-character string into the password field to trigger an application crash and prevent normal launcher functionality. | ||||
| CVE-2020-37119 | 1 Nsasoft | 1 Nsauditor | 2026-02-09 | 9.8 Critical |
| Nsauditor 3.0.28 and 3.2.1.0 contains a buffer overflow vulnerability in the DNS Lookup tool that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious DNS query payload to trigger a three-byte overwrite, bypass ASLR, and execute shellcode through a carefully constructed exploit. | ||||
| CVE-2023-53541 | 1 Linux | 1 Linux Kernel | 2026-02-09 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write When the oob buffer length is not in multiple of words, the oob write function does out-of-bounds read on the oob source buffer at the last iteration. Fix that by always checking length limit on the oob buffer read and fill with 0xff when reaching the end of the buffer to the oob registers. | ||||
| CVE-2025-69212 | 1 Devcode | 1 Openstamanager | 2026-02-09 | 8.8 High |
| OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a critical OS Command Injection vulnerability exists in the P7M (signed XML) file decoding functionality. An authenticated attacker can upload a ZIP file containing a .p7m file with a malicious filename to execute arbitrary system commands on the server. | ||||
| CVE-2025-57283 | 1 Browserstack | 1 Browserstack-local | 2026-02-09 | 7.8 High |
| The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js. | ||||