Export limit exceeded: 363281 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (6779 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-48746 1 Lensvisual 1 Lensvisual 2026-04-15 9.8 Critical
An issue in Lens Visual integration with Power BI v.4.0.0.3 allows a remote attacker to execute arbitrary code via the Natural language processing component
CVE-2024-48747 1 Alist Project 1 Alist 2026-04-15 6.8 Medium
An issue in alist-tvbox v1.7.1 allows a remote attacker to execute arbitrary code via the /atv-cli file.
CVE-2024-48841 2026-04-15 10 Critical
Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older.
CVE-2024-48848 1 Abb 3 Aspect Enterprise, Matrix Series, Nexus Series 2026-04-15 6.5 Medium
Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on a system if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
CVE-2024-47461 1 Arubanetworks 2 Arubaos, Instant 2026-04-15 7.2 High
An authenticated command injection vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. A successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying host operating system.
CVE-2024-49589 2026-04-15 6.5 Medium
Foundry Artifacts was found to be vulnerable to a Denial Of Service attack due to disk being potentially filled up based on an user supplied argument (size).
CVE-2024-5023 1 Netflix 1 Consoleme 2026-04-15 N/A
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Netflix ConsoleMe allows Command Injection.This issue affects ConsoleMe: before 1.4.0.
CVE-2024-47460 1 Arubanetworks 2 Arubaos, Instant 2026-04-15 9 Critical
Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVE-2024-5035 2026-04-15 N/A
The affected device expose a network service called "rftest" that is vulnerable to unauthenticated command injection on ports TCP/8888, TCP/8889, and TCP/8890. By successfully exploiting this flaw, remote unauthenticated attacker can gain arbitrary command execution on the device with elevated privileges.This issue affects Archer C4500X: through 1_1.1.6.
CVE-2024-50591 1 Hasomed 1 Elefant Software Updater 2026-04-15 7.8 High
An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a command injection vulnerability in the Elefant Update Service. The command injection can be exploited by communicating with the Elefant Update Service which is running as "SYSTEM" via Windows Named Pipes.The Elefant Software Updater (ESU) consists of two components. An ESU service which runs as "NT AUTHORITY\SYSTEM" and an ESU tray client which communicates with the service to update or repair the installation and is running with user permissions. The communication is implemented using named pipes. A crafted message of type "MessageType.SupportServiceInfos" can be sent to the local ESU service to inject commands, which are then executed as "NT AUTHORITY\SYSTEM".
CVE-2024-50955 1 Xinje 1 Xd5e-24r-e Firmware 2026-04-15 7.5 High
An issue in how XINJE XD5E-24R and XL5E-16T v3.5.3b handles TCP protocol messages allows attackers to cause a Denial of Service (DoS) via a crafted TCP message.
CVE-2024-51442 2026-04-15 8.8 High
Command Injection in Minidlna version v1.3.3 and before allows an attacker to execute arbitrary OS commands via a specially crafted minidlna.conf configuration file.
CVE-2024-4578 2026-04-15 8.4 High
This Advisory describes an issue that impacts Arista Wireless Access Points. Any entity with the ability to authenticate via SSH to an affected AP as the “config” user is able to cause a privilege escalation via spawning a bash shell. The SSH CLI session does not require high permissions to exploit this vulnerability, but the config password is required to establish the session. The spawned shell is able to obtain root privileges.
CVE-2024-44610 1 Pcan Ethernet 1 Gateway Fd 2026-04-15 5.6 Medium
PCAN-Ethernet Gateway FD before 1.3.0 and PCAN-Ethernet Gateway before 2.11.0 are vulnerable to Command injection via shell metacharacters in a Software Update to processing.php.
CVE-2024-44413 1 Dlink 1 Di-8200 Firmware 2026-04-15 8.8 High
A vulnerability was discovered in DI_8200-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection.
CVE-2024-44335 1 Dlink 7 Di-7003g Firmware, Di-7003gv2 Firmware, Di-7100g\+v2 Firmware and 4 more 2026-04-15 8.8 High
D-Link DI-7003G v19.12.24A1, DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution (RCE) via version_upgrade.asp.
CVE-2024-52796 1 Pglombardo 1 Password Pusher 2026-04-15 5.3 Medium
Password Pusher, an open source application to communicate sensitive information over the web, comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad actors to send unlimited traffic to the site potentially causing a denial of service. In v1.49.0, a fix was implemented to only authorize proxies on local IPs which resolves this issue. As a workaround, one may add rules to one's proxy and/or firewall to not accept external proxy headers such as `X-Forwarded-*` from clients.
CVE-2024-44334 1 Dlink 7 Di-7003g Firmware, Di-7003gv2 Firmware, Di-7100g\+v2 Firmware and 4 more 2026-04-15 8.8 High
D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution due to insufficient parameter filtering in the CGI handling function of upgrade_filter.asp.
CVE-2025-54575 1 Sixlabors 1 Imagesharp 2026-04-15 5.3 Medium
ImageSharp is a 2D graphics library. In versions below 2.1.11 and 3.0.0 through 3.1.10, a specially crafted GIF file containing a malformed comment extension block (with a missing block terminator) can cause the ImageSharp GIF decoder to enter an infinite loop while attempting to skip the block. This leads to a denial of service. Applications processing untrusted GIF input should upgrade to a patched version. This issue is fixed in versions 2.1.11 and 3.1.11.
CVE-2024-42509 1 Arubanetworks 2 Arubaos, Instant 2026-04-15 9.8 Critical
Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.