Export limit exceeded: 364285 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (6808 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6940 | 1 Lfprojects | 1 Mlflow | 2025-05-07 | 8.8 High |
| with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system. | ||||
| CVE-2023-41282 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2025-05-07 | 5.5 Medium |
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later | ||||
| CVE-2023-47562 | 1 Qnap | 1 Photo Station | 2025-05-07 | 7.4 High |
| An OS command injection vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 ( 2023/12/15 ) and later | ||||
| CVE-2023-52529 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-05-07 | 6 Medium |
| In the Linux kernel, the following vulnerability has been resolved: HID: sony: Fix a potential memory leak in sony_probe() If an error occurs after a successful usb_alloc_urb() call, usb_free_urb() should be called. | ||||
| CVE-2025-3987 | 1 Totolink | 2 N150rt, N150rt Firmware | 2025-05-07 | 6.3 Medium |
| A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument localPin leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-57235 | 1 Netgear | 2 Rax50, Rax50 Firmware | 2025-05-07 | 6.5 Medium |
| NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function. | ||||
| CVE-2024-57234 | 1 Netgear | 2 Rax50, Rax50 Firmware | 2025-05-07 | 6.5 Medium |
| NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function. | ||||
| CVE-2024-57233 | 1 Netgear | 2 Rax50, Rax50 Firmware | 2025-05-07 | 6.5 Medium |
| NETGEAR RAX5 (AX1600 WiFi Router) v1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function. | ||||
| CVE-2024-57232 | 1 Netgear | 2 Rax50, Rax50 Firmware | 2025-05-07 | 6.5 Medium |
| NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function. | ||||
| CVE-2024-57231 | 1 Netgear | 2 Rax50, Rax50 Firmware | 2025-05-07 | 6.5 Medium |
| NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function. | ||||
| CVE-2024-57230 | 1 Netgear | 2 Rax50, Rax50 Firmware | 2025-05-07 | 6.5 Medium |
| NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. | ||||
| CVE-2024-57229 | 1 Netgear | 2 Rax50, Rax50 Firmware | 2025-05-07 | 6.5 Medium |
| NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function. | ||||
| CVE-2025-45042 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-05-07 | 9.8 Critical |
| Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function. | ||||
| CVE-2021-26731 | 1 Lannerinc | 2 Iac-ast2500a, Iac-ast2500a Firmware | 2025-05-07 | 9.1 Critical |
| Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserb_func function of spx_restservice allow an authenticated attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | ||||
| CVE-2021-26729 | 1 Lannerinc | 2 Iac-ast2500a, Iac-ast2500a Firmware | 2025-05-07 | 10 Critical |
| Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | ||||
| CVE-2021-26727 | 1 Lannerinc | 2 Iac-ast2500a, Iac-ast2500a Firmware | 2025-05-07 | 10 Critical |
| Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | ||||
| CVE-2024-51186 | 1 Dlink | 2 Dir-820l, Dir-820l Firmware | 2025-05-07 | 8 High |
| D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr parameter in the ping_v4 and ping_v6 functions. | ||||
| CVE-2022-34439 | 1 Dell | 1 Emc Powerscale Onefs | 2025-05-07 | 5.3 Medium |
| Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service and performance issue on that node. | ||||
| CVE-2024-4311 | 2 Zenml, Zenmlio | 2 Zenml, Zenml | 2025-05-07 | 5.4 Medium |
| zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rate-limiting in the password change function. An attacker can brute-force the current password in the 'Update Password' function, allowing them to take over the user's account. This vulnerability is due to the absence of rate-limiting on the '/api/v1/current-user' endpoint, which does not restrict the number of attempts an attacker can make to guess the current password. Successful exploitation results in the attacker being able to change the password and take control of the account. | ||||
| CVE-2024-29435 | 1 Alldata | 1 Alldata | 2025-05-07 | 4.1 Medium |
| An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId parameter. | ||||