Search Results (21005 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-31195 1 Altice 2 Gr140dg, Gr140ig 2026-06-18 8.8 High
OS command injection vulnerability in the ping diagnostic handler in /bin/httpd_clientside in ALTICE LABS / SFR France GR140DG Fibre Router with firmware 3GN8020801R13, 3GN8020802R0A, or 3GN8020803R0A inserts unsanitized user input into a system() call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters using shell command substitution.
CVE-2025-63705 1 Node Ts Ocr 1 Node Ts Ocr 2026-06-18 8.8 High
NPM package node-ts-ocr 1.0.15 is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js.
CVE-2024-51092 1 Librenms 1 Librenms 2026-06-18 9.1 Critical
LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index(), SettingsController.php's update(), and PollDevice.php's initRrdDirectory().
CVE-2025-41270 2 Waterfall, Waterfall-security 3 Wf-500, Wf-500, Wf-500 Firmware 2026-06-18 9.8 Critical
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device.
CVE-2025-41272 2 Waterfall, Waterfall-security 3 Wf-500, Wf-500, Wf-500 Firmware 2026-06-18 9.8 Critical
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device.
CVE-2025-41274 2 Waterfall, Waterfall-security 3 Wf-500, Wf-500, Wf-500 Firmware 2026-06-18 9.8 Critical
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device.
CVE-2026-8358 1 The Document Foundation 1 Libreoffice 2026-06-18 6.6 Medium
LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its allocation. In fixed versions records with a duplicate identifier are rejected.
CVE-2025-24118 1 Apple 2 Ipados, Macos 2026-06-18 9.8 Critical
The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to cause unexpected system termination or write kernel memory.
CVE-2026-31196 1 Altice 2 Gr140dg, Gr140ig 2026-06-18 8.8 High
OS command injection vulnerability in the traceroute diagnostic handler in /bin/httpd_clientside in ALTICE LABS / SFR France GR140DG Fibre Router with firmware 3GN8020801R13, 3GN8020802R0A, or 3GN8020803R0A inserts unsanitized user input into a system() call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters using shell command substitution.
CVE-2026-6040 1 The Document Foundation 1 Libreoffice 2026-06-18 7.3 High
A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed versions the position is bounds-checked before use.
CVE-2026-8357 1 The Document Foundation 1 Libreoffice 2026-06-18 7.8 High
LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element past its end. In fixed versions the array is sized to hold the largest possible nesting.
CVE-2026-28819 1 Apple 4 Ios And Ipados, Ipados, Iphone Os and 1 more 2026-06-18 5.4 Medium
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to execute arbitrary code with kernel privileges.
CVE-2026-12318 1 Mozilla 1 Firefox 2026-06-17 7.3 High
Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
CVE-2026-12161 1 Devolutions 1 Remote Desktop Manager 2026-06-17 8.8 High
Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials via a crafted alternate username and user interaction with the Elevate Shell action.
CVE-2026-22313 1 Radiflow 1 Isap Smart Collector 2026-06-17 9.1 Critical
The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by the underlying operating system.
CVE-2026-0147 1 Google 1 Android 2026-06-17 8.8 High
In __mfc_core_nal_q_get_dec_metadata_sei_nal of mfc_core_nal_q.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2026-47294 1 Microsoft 5 Sharepoint Enterprise Server 2016, Sharepoint Server, Sharepoint Server 2016 and 2 more 2026-06-17 8 High
Improper neutralization of special elements used in an os command ('os command injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-0149 1 Google 1 Android 2026-06-17 8.8 High
In RtpSession::rtpSendRtcpPacket, there is a possible OOB write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2026-0151 1 Google 1 Android 2026-06-17 8.8 High
In IntfGraphCreate of intfgraph.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2026-0138 1 Google 1 Android 2026-06-17 7.8 High
In lwis_io_buffer_write of lwis_io_buffer.c, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.