Export limit exceeded: 20188 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20188 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-7081 | 1 Belkin | 2 F9k1122, F9k1122 Firmware | 2025-07-09 | 6.3 Medium |
| A vulnerability has been found in Belkin F9K1122 1.00.33 and classified as critical. Affected by this vulnerability is the function formSetWanStatic of the file /goform/formSetWanStatic of the component webs. The manipulation of the argument m_wan_ipaddr/m_wan_netmask/m_wan_gateway/m_wan_staticdns1/m_wan_staticdns2 is directly passed by the attacker/so we can control the m_wan_ipaddr/m_wan_netmask/m_wan_gateway/m_wan_staticdns1/m_wan_staticdns2 leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-7082 | 1 Belkin | 2 F9k1122, F9k1122 Firmware | 2025-07-09 | 6.3 Medium |
| A vulnerability was found in Belkin F9K1122 1.00.33 and classified as critical. Affected by this issue is the function formBSSetSitesurvey of the file /goform/formBSSetSitesurvey of the component webs. The manipulation of the argument wan_ipaddr/wan_netmask/wan_gateway/wl_ssid is directly passed by the attacker/so we can control the wan_ipaddr/wan_netmask/wan_gateway/wl_ssid leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-7083 | 1 Belkin | 2 F9k1122, F9k1122 Firmware | 2025-07-09 | 6.3 Medium |
| A vulnerability was found in Belkin F9K1122 1.00.33. It has been classified as critical. This affects the function mp of the file /goform/mp of the component webs. The manipulation of the argument command leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-20681 | 2 Mediatek, Openwrt | 7 Mt6890, Mt7615, Mt7622 and 4 more | 2025-07-09 | 9.8 Critical |
| In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00416936; Issue ID: MSV-3446. | ||||
| CVE-2025-20683 | 2 Mediatek, Openwrt | 10 Mt6890, Mt7615, Mt7622 and 7 more | 2025-07-09 | 9.8 Critical |
| In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00416938; Issue ID: MSV-3444. | ||||
| CVE-2019-16639 | 1 Ruijie | 3 Eg-2000se, Eg-2000se Eg Rgos, Eg-2000se Firmware | 2025-07-09 | 9.8 Critical |
| An issue was found on the Ruijie EG-2000 series gateway. There is a newcli.php API interface without access control, which can allow an attacker (who only has web interface access) to use TELNET commands and/or show admin passwords via the mode_url=exec&command= substring. This affects EG-2000SE EG_RGOS 11.9 B11P1. | ||||
| CVE-2023-51585 | 2 Power-software-download, Voltronicpower | 2 Viewpower, Viewpower | 2025-07-09 | N/A |
| Voltronic Power ViewPower USBCommEx shutdown Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. User interaction is required to exploit this vulnerability in that an administrator must trigger a shutdown operation. The specific flaw exists within the shutdown method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22071. | ||||
| CVE-2024-42815 | 1 Tp-link | 2 Re365, Re365 Firmware | 2025-07-09 | 9.8 Critical |
| In the TP-Link RE365 V1_180213, there is a buffer overflow vulnerability due to the lack of length verification for the USER_AGENT field in /usr/bin/httpd. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands. | ||||
| CVE-2024-3126 | 1 Lollms | 1 Lollms Web Ui | 2025-07-09 | N/A |
| A command injection vulnerability exists in the 'run_xtts_api_server' function of the parisneo/lollms-webui application, specifically within the 'lollms_xtts.py' script. The vulnerability arises due to the improper neutralization of special elements used in an OS command. The affected function utilizes 'subprocess.Popen' to execute a command constructed with a Python f-string, without adequately sanitizing the 'xtts_base_url' input. This flaw allows attackers to execute arbitrary commands remotely by manipulating the 'xtts_base_url' parameter. The vulnerability affects versions up to and including the latest version before 9.5. Successful exploitation could lead to arbitrary remote code execution (RCE) on the system where the application is deployed. | ||||
| CVE-2024-1520 | 1 Lollms | 1 Lollms Web Ui | 2025-07-09 | N/A |
| An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the 'discussion_id' parameter. Attackers can exploit this vulnerability by injecting malicious OS commands, leading to unauthorized command execution on the underlying operating system. This could result in unauthorized access, data leakage, or complete system compromise. | ||||
| CVE-2025-42971 | 2025-07-08 | 4 Medium | ||
| A memory corruption vulnerability exists in SAPCAR allowing an attacker to craft malicious SAPCAR archives. When a high privileged victim extracts this malicious archive, it gets processed by SAPCAR on their system, resulting in out-of-bounds memory read and write. This could lead to file extraction and file overwrite outside the intended directories. This vulnerability has low impact on the confidentiality, integrity and availability of the application. | ||||
| CVE-2012-5863 | 1 Sinapsitech | 4 Esolar Duo Photovoltaic System Monitor, Esolar Light Photovoltaic System Monitor, Esolar Photovoltaic System Monitor and 1 more | 2025-07-08 | N/A |
| These Sinapsi devices do not check for special elements in commands sent to the system. By accessing certain pages with administrative privileges that do not require authentication within the device, attackers can execute arbitrary, unexpected, or dangerous commands directly onto the operating system. | ||||
| CVE-2023-50190 | 1 Trimble | 1 Sketchup Viewer | 2025-07-08 | N/A |
| Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21784. | ||||
| CVE-2024-43484 | 4 Apple, Linux, Microsoft and 1 more | 26 Macos, Linux Kernel, .net and 23 more | 2025-07-08 | 7.5 High |
| .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | ||||
| CVE-2022-22049 | 1 Microsoft | 21 Windows 10, Windows 10 1507, Windows 10 1607 and 18 more | 2025-07-08 | 7.8 High |
| Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | ||||
| CVE-2022-22026 | 1 Microsoft | 21 Windows 10, Windows 10 1507, Windows 10 1607 and 18 more | 2025-07-08 | 8.8 High |
| Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | ||||
| CVE-2022-24457 | 1 Microsoft | 1 Heif Image Extension | 2025-07-08 | 7.8 High |
| HEIF Image Extensions Remote Code Execution Vulnerability | ||||
| CVE-2022-24456 | 1 Microsoft | 1 Hevc Video Extensions | 2025-07-08 | 7.8 High |
| HEVC Video Extensions Remote Code Execution Vulnerability | ||||
| CVE-2022-24453 | 1 Microsoft | 1 Hevc Video Extensions | 2025-07-08 | 7.8 High |
| HEVC Video Extensions Remote Code Execution Vulnerability | ||||
| CVE-2022-22007 | 1 Microsoft | 1 Hevc Video Extensions | 2025-07-08 | 7.8 High |
| HEVC Video Extensions Remote Code Execution Vulnerability | ||||