Export limit exceeded: 350338 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (350338 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-36983 | 1 Dlink | 2 Dcs-932l, Dcs-932l Firmware | 2026-05-12 | 7.3 High |
| D-Link DCS-932L v2.18.01 is vulnerable to Command Injection in the function sub_42EF14 of the file /bin/alphapd. The manipulation of the argument LightSensorControl leads to command injection. | ||||
| CVE-2026-23821 | 2026-05-12 | 7.2 High | ||
| A vulnerability in the configuration processing logic of Access Points running AOS-10 could allow an authenticated remote attacker to execute system commands under certain pre-existing conditions. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. Note: Access Points running AOS-8 Instant software are not affected by this vulnerability. | ||||
| CVE-2026-23826 | 2026-05-12 | 7.5 High | ||
| A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploit this vulnerability by sending specially crafted network packets to the affected device, potentially resulting in a denial-of-service condition. Successful exploitation could cause the affected service process to terminate unexpectedly, disrupting normal device operations. | ||||
| CVE-2026-44855 | 2026-05-12 | 7.2 High | ||
| Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system. | ||||
| CVE-2026-44858 | 2026-05-12 | 7.2 High | ||
| Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system. | ||||
| CVE-2026-44859 | 2026-05-12 | 7.2 High | ||
| Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system. | ||||
| CVE-2026-44860 | 2026-05-12 | 7.2 High | ||
| SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database queries. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system. | ||||
| CVE-2026-44861 | 2026-05-12 | 7.2 High | ||
| SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database queries. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system. | ||||
| CVE-2026-44862 | 2026-05-12 | 7.2 High | ||
| SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database queries. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system. | ||||
| CVE-2026-44864 | 2026-05-12 | 7.2 High | ||
| SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters that are passed unsanitized to backend database queries. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system. | ||||
| CVE-2026-44865 | 2026-05-12 | 7.2 High | ||
| Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system. | ||||
| CVE-2026-44866 | 2026-05-12 | 7.2 High | ||
| Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system. | ||||
| CVE-2026-44867 | 2026-05-12 | 7.2 High | ||
| Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system. | ||||
| CVE-2026-44868 | 2026-05-12 | 7.2 High | ||
| Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system. | ||||
| CVE-2026-44869 | 2026-05-12 | 7.2 High | ||
| Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system. | ||||
| CVE-2026-44870 | 2026-05-12 | 7.2 High | ||
| Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system. | ||||
| CVE-2026-44873 | 2026-05-12 | 5.4 Medium | ||
| A session management vulnerability in AOS-8 allows previously authenticated users to retain network access after their accounts are administratively disabled. Existing sessions are not invalidated when credentials are revoked, enabling continued access until session expiration. An attacker with compromised credentials could exploit this behavior to maintain unauthorized access even after the account has been disabled. | ||||
| CVE-2026-40360 | 1 Microsoft | 8 365 Apps, Excel 2016, Office 2019 and 5 more | 2026-05-12 | 7.8 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-41095 | 1 Microsoft | 12 Windows Server 2012 R2, Windows Server 2012 R2, Windows Server 2012 R2 (server Core Installation) and 9 more | 2026-05-12 | 7.8 High |
| Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-41100 | 1 Microsoft | 2 365 Copilot Android, 365 Copilot Android | 2026-05-12 | 4.4 Medium |
| Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally. | ||||