Export limit exceeded: 20271 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 20271 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20271 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43548 | 3 Debian, Nodejs, Redhat | 5 Debian Linux, Node.js, Enterprise Linux and 2 more | 2025-04-30 | 8.1 High |
| A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix. | ||||
| CVE-2023-47004 | 1 Redislabs | 1 Redisgraph | 2025-04-29 | 8.8 High |
| Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an attacker to execute arbitrary code via the code logic after valid authentication. | ||||
| CVE-2022-44807 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2025-04-29 | 9.8 Critical |
| D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow via webGetVarString. | ||||
| CVE-2022-44806 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2025-04-29 | 9.8 Critical |
| D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow. | ||||
| CVE-2022-44804 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2025-04-29 | 9.8 Critical |
| D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer Overflow via the websRedirect function. | ||||
| CVE-2022-44202 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2025-04-29 | 9.8 Critical |
| D-Link DIR878 1.02B04 and 1.02B05 are vulnerable to Buffer Overflow. | ||||
| CVE-2022-44169 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-04-29 | 7.5 High |
| Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function formSetVirtualSer. | ||||
| CVE-2025-3729 | 1 Senior-walter | 1 Web-based Pharmacy Product Management System | 2025-04-29 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This issue affects some unknown processing of the file backup.php of the component Database Backup Handler. The manipulation of the argument txtdbname leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-44158 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2025-04-29 | 7.5 High |
| Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function via set_device_name. | ||||
| CVE-2022-44156 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-04-29 | 7.5 High |
| Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetIpMacBind. | ||||
| CVE-2025-28137 | 1 Totolink | 2 A810r, A810r Firmware | 2025-04-29 | 9.8 Critical |
| The TOTOLINK A810R V4.1.2cu.5182_B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. | ||||
| CVE-2025-28034 | 1 Totolink | 12 A3000ru, A3000ru Firmware, A3100r and 9 more | 2025-04-29 | 9.8 Critical |
| TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth remote command execution vulnerability in the NTPSyncWithHost function through the hostTime parameter. | ||||
| CVE-2022-44168 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-04-29 | 7.5 High |
| Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function fromSetRouteStatic.. | ||||
| CVE-2022-44167 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-04-29 | 7.5 High |
| Tenda AC15 V15.03.05.18 is avulnerable to Buffer Overflow via function formSetPPTPServer. | ||||
| CVE-2022-44163 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2025-04-29 | 7.5 High |
| Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function formSetMacFilterCfg. | ||||
| CVE-2022-43171 | 1 Lief-project | 1 Lief | 2025-04-29 | 6.5 Medium |
| A heap buffer overflow in the LIEF::MachO::BinaryParser::parse_dyldinfo_generic_bind function of LIEF v0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted MachO file. | ||||
| CVE-2022-41131 | 1 Apache | 2 Airflow, Apache-airflow-providers-apache-hive | 2025-04-29 | 7.8 High |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed). | ||||
| CVE-2022-35407 | 1 Insyde | 1 Kernel | 2025-04-29 | 7.8 High |
| An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of the second variable exceeds the size of the first, then the buffer will be overwritten. This issue affects the SetupUtility driver of InsydeH2O. | ||||
| CVE-2025-28035 | 1 Totolink | 12 A3000ru, A3000ru Firmware, A3100r and 9 more | 2025-04-29 | 9.8 Critical |
| TOTOLINK A830R V4.1.2cu.5182_B20201102 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. | ||||
| CVE-2025-28036 | 1 Totolink | 12 A3000ru, A3000ru Firmware, A3100r and 9 more | 2025-04-29 | 9.8 Critical |
| TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. | ||||