Export limit exceeded: 20090 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20090 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45188 | 3 Debian, Fedoraproject, Netatalk | 3 Debian Linux, Fedora, Netatalk | 2026-02-13 | 7.8 High |
| Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS). | ||||
| CVE-2018-1160 | 3 Debian, Netatalk, Synology | 7 Debian Linux, Netatalk, Diskstation Manager and 4 more | 2026-02-13 | 9.8 Critical |
| Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution. | ||||
| CVE-2025-27487 | 1 Microsoft | 27 Remote Desktop, Remote Desktop Client, Windows 10 1507 and 24 more | 2026-02-13 | 8 High |
| Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-27477 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-13 | 8.8 High |
| Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-24063 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-13 | 7.8 High |
| Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-30376 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-02-13 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-29979 | 1 Microsoft | 11 365 Apps, Excel, Office and 8 more | 2026-02-13 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-29967 | 1 Microsoft | 25 Remote Desktop, Windows 10 1507, Windows 10 1607 and 22 more | 2026-02-13 | 8.8 High |
| Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-29966 | 1 Microsoft | 26 Remote Desktop, Windows 10 1507, Windows 10 1607 and 23 more | 2026-02-13 | 8.8 High |
| Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-51958 | 1 Aelsantex | 1 Runcommand | 2026-02-13 | 9.8 Critical |
| aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/plugins/runcommand/postaction.php. | ||||
| CVE-2026-25157 | 2 Apple, Openclaw | 2 Macos, Openclaw | 2026-02-13 | 7.8 High |
| OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When the cd command failed, the unescaped path was interpolated directly into an echo statement, allowing arbitrary command execution on the remote SSH host. The parseSSHTarget function did not validate that SSH target strings could not begin with a dash. An attacker-supplied target like -oProxyCommand=... would be interpreted as an SSH configuration flag rather than a hostname, allowing arbitrary command execution on the local machine. This issue has been patched in version 2026.1.29. | ||||
| CVE-2026-24763 | 1 Openclaw | 1 Openclaw | 2026-02-13 | 8.8 High |
| OpenClaw (formerly Clawdbot) is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in OpenClaw’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An authenticated user able to control environment variables could influence command execution within the container context. This vulnerability is fixed in 2026.1.29. | ||||
| CVE-2024-56808 | 1 Qnap | 1 Media Streaming Add-on | 2026-02-12 | 7.8 High |
| A command injection vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later | ||||
| CVE-2025-64091 | 1 Zenitel | 3 Tcis-3, Tcis-3+, Tcis-3 Firmware | 2026-02-12 | 8.6 High |
| This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device. | ||||
| CVE-2025-56590 | 1 Apryse | 2 Html2pdf, Html2pdf Sdk | 2026-02-12 | 9.8 Critical |
| An issue was discovered in the InsertFromURL() function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary operating system commands on the local server. | ||||
| CVE-2025-57709 | 2 Qnap, Qnap Systems | 2 Qsync Central, Qsync Central | 2026-02-12 | 8.1 High |
| A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later | ||||
| CVE-2025-54149 | 2 Qnap, Qnap Systems | 2 Qsync Central, Qsync Central | 2026-02-12 | 5.5 Medium |
| An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later | ||||
| CVE-2025-54150 | 2 Qnap, Qnap Systems | 2 Qsync Central, Qsync Central | 2026-02-12 | 5.5 Medium |
| An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later | ||||
| CVE-2025-54151 | 2 Qnap, Qnap Systems | 2 Qsync Central, Qsync Central | 2026-02-12 | 5.5 Medium |
| An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later | ||||
| CVE-2025-30276 | 2 Qnap, Qnap Systems | 2 Qsync Central, Qsync Central | 2026-02-11 | 8.8 High |
| An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later | ||||