Export limit exceeded: 10225 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10225 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-26804 | 1 Microsoft | 1 365 Apps | 2025-07-22 | 7.8 High |
| Microsoft Office Graphics Remote Code Execution Vulnerability | ||||
| CVE-2022-44702 | 1 Microsoft | 3 Terminal, Windows 10, Windows 11 | 2025-07-22 | 7.8 High |
| Windows Terminal Remote Code Execution Vulnerability | ||||
| CVE-2022-44695 | 1 Microsoft | 7 365 Apps, Office, Office 2019 and 4 more | 2025-07-22 | 7.8 High |
| Microsoft Office Visio Remote Code Execution Vulnerability | ||||
| CVE-2022-44694 | 1 Microsoft | 4 365 Apps, Office, Office 2019 and 1 more | 2025-07-22 | 7.8 High |
| Microsoft Office Visio Remote Code Execution Vulnerability | ||||
| CVE-2022-44693 | 1 Microsoft | 7 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Foundation 2013 and 4 more | 2025-07-22 | 8.8 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2022-44692 | 1 Microsoft | 6 365 Apps, Office, Office 2019 and 3 more | 2025-07-22 | 7.8 High |
| Microsoft Office Graphics Remote Code Execution Vulnerability | ||||
| CVE-2022-44690 | 1 Microsoft | 6 Sharepoint Foundation, Sharepoint Foundation 2013, Sharepoint Server and 3 more | 2025-07-22 | 8.8 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2022-44676 | 1 Microsoft | 22 Windows 10, Windows 10 1507, Windows 10 1607 and 19 more | 2025-07-22 | 8.1 High |
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | ||||
| CVE-2022-44668 | 1 Microsoft | 21 Windows 10, Windows 10 1507, Windows 10 1607 and 18 more | 2025-07-22 | 7.8 High |
| Windows Media Remote Code Execution Vulnerability | ||||
| CVE-2022-44667 | 1 Microsoft | 21 Windows 10, Windows 10 1507, Windows 10 1607 and 18 more | 2025-07-22 | 7.8 High |
| Windows Media Remote Code Execution Vulnerability | ||||
| CVE-2022-41127 | 1 Microsoft | 11 Dynamics 365 Business Central, Dynamics 365 Business Central 2019, Dynamics 365 Business Central 2020 and 8 more | 2025-07-22 | 8.5 High |
| Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability | ||||
| CVE-2025-53832 | 2025-07-22 | 7.5 High | ||
| Lara Translate MCP Server is a Model Context Protocol (MCP) Server for Lara Translate API. Versions 0.0.11 and below contain a command injection vulnerability which exists in the @translated/lara-mcp MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to child_process.exec, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code execution under the server process's privileges. The server constructs and executes shell commands using unvalidated user input directly within command-line strings. This introduces the possibility of shell metacharacter injection (|, >, &&, etc.). This vulnerability is fixed in version 0.0.12. | ||||
| CVE-2025-54082 | 2025-07-22 | N/A | ||
| marshmallow-packages/nova-tiptap is a rich text editor for Laravel Nova based on tiptap. Prior to 5.7.0, a vulnerability was discovered in the marshmallow-packages/nova-tiptap Laravel Nova package that allows unauthenticated users to upload arbitrary files to any Laravel disk configured in the application. The vulnerability is due to missing authentication middleware (Nova and Nova.Auth) on the /nova-tiptap/api/file upload endpoint, the lack of validation on uploaded files (no MIME/type or extension restrictions), and the ability for an attacker to choose the disk parameter dynamically. This means an attacker can craft a custom form and send a POST request to /nova-tiptap/api/file, supplying a valid CSRF token, and upload executable or malicious files (e.g., .php, binaries) to public disks such as local, public, or s3. If a publicly accessible storage path is used (e.g. S3 with public access, or Laravel’s public disk), the attacker may gain the ability to execute or distribute arbitrary files — amounting to a potential Remote Code Execution (RCE) vector in some environments. This vulnerability was fixed in 5.7.0. | ||||
| CVE-2024-7760 | 1 Aimstack | 1 Aim | 2025-07-21 | 9.6 Critical |
| aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server, which can be chained with other existing vulnerabilities such as remote code execution, denial of service, and arbitrary file read/write. | ||||
| CVE-2025-23217 | 1 Mitmproxy | 1 Mitmproxy | 2025-07-21 | N/A |
| mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server (bound to `*:8080` by default) to access mitmweb's internal API (bound to `127.0.0.1:8081` by default). In other words, while the cannot access the API directly, they can access the API through the proxy. An attacker may be able to escalate this SSRF-style access to remote code execution. The mitmproxy and mitmdump tools are unaffected. Only mitmweb is affected. This vulnerability has been fixed in mitmproxy 11.1.2 and above. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-27218 | 1 Sitecore | 2 Experience Manager, Experience Platform | 2025-07-21 | 5.3 Medium |
| Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 before KB1002844 allow remote code execution through insecure deserialization. | ||||
| CVE-2024-3403 | 1 Pribai | 1 Privategpt | 2025-07-17 | N/A |
| imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. By manipulating file upload functionality to ingest arbitrary local files, attackers can exploit the 'Search in Docs' feature or query the AI to retrieve or disclose the contents of any file on the system. This vulnerability could lead to various impacts, including but not limited to remote code execution by obtaining private SSH keys, unauthorized access to private files, source code disclosure facilitating further attacks, and exposure of configuration files. | ||||
| CVE-2024-24724 | 1 Gibbonedu | 1 Gibbon | 2025-07-17 | 9.8 Critical |
| Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Remote Code Execution because input is passed to the Twig template engine (messengerSettings.php) without sanitization. | ||||
| CVE-2024-10901 | 1 Dbgpt | 1 Db-gpt | 2025-07-17 | 9.8 Critical |
| In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /api/v1/editor/chart/run` allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write, enabling them to write arbitrary files to the victim's file system. This can potentially lead to Remote Code Execution (RCE) by writing malicious files such as `__init__.py` in the Python's `/site-packages/` directory. | ||||
| CVE-2024-10835 | 1 Dbgpt | 1 Db-gpt | 2025-07-17 | 9.8 Critical |
| In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /api/v1/editor/sql/run` allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write using DuckDB SQL, enabling them to write arbitrary files to the victim's file system. This can potentially lead to Remote Code Execution (RCE). | ||||