Export limit exceeded: 11459 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10184 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-21646 | 1 Microsoft | 1 Azure Uamqp | 2025-06-16 | 9.8 Critical |
| Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remote code execution. This vulnerability has been patched in release 2024-01-01. | ||||
| CVE-2023-43822 | 1 Deltaww | 1 Dopsoft | 2025-06-16 | 8.8 High |
| A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesTimeLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution. | ||||
| CVE-2024-23619 | 1 Ibm | 1 Merge Efilm Workstation | 2025-06-16 | 9.8 Critical |
| A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution. | ||||
| CVE-2023-21413 | 1 Axis | 1 Axis Os | 2025-06-16 | 9.1 Critical |
| GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | ||||
| CVE-2025-26014 | 1 Olajowon | 1 Loggrove | 2025-06-13 | 9.8 Critical |
| A Remote Code Execution (RCE) vulnerability in Loggrove v.1.0 allows a remote attacker to execute arbitrary code via the path parameter. | ||||
| CVE-2023-50395 | 1 Solarwinds | 1 Solarwinds Platform | 2025-06-13 | 8 High |
| SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited | ||||
| CVE-2024-46213 | 1 Redaxo | 1 Redaxo | 2025-06-13 | 7.2 High |
| REDAXO CMS v2.11.0 was discovered to contain a remote code execution (RCE) vulnerability. | ||||
| CVE-2024-51322 | 1 Zucchetti | 1 Ad Hoc Infinity | 2025-06-12 | 5.4 Medium |
| Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /jsp/home.jsp, /jsp/gsfr_feditorHTML.jsp, /servlet/SPVisualZoom, /jsp/gsmd_container.jsp components | ||||
| CVE-2025-47785 | 1 Emlog | 1 Emlog | 2025-06-12 | 8.3 High |
| Emlog is an open source website building system. In versions up to and including 2.5.9, SQL injection occurs because the $origContent parameter in admin/article_save.php is not strictly filtered. Since admin/article_save.php can be accessed by ordinary registered users, this will cause SQL injection to occur when the registered site is enabled, resulting in the injection of the admin account and password, which is then exploited by the backend remote code execution. As of time of publication, it is unknown whether a fix exists. | ||||
| CVE-2025-47273 | 3 Debian, Python, Redhat | 4 Debian Linux, Setuptools, Enterprise Linux and 1 more | 2025-06-12 | 8.8 High |
| setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue. | ||||
| CVE-2024-6486 | 1 Orangelab | 1 Imagemagick Engine | 2025-06-11 | 7.2 High |
| The ImageMagick Engine ImageMagick Engine WordPress plugin before 1.7.11 for WordPress is vulnerable to OS Command Injection via the "cli_path" parameter. This allows authenticated attackers, with administrator-level permission to execute arbitrary OS commands on the server leading to remote code execution. | ||||
| CVE-2021-43905 | 1 Microsoft | 2 365 Copilot, Office | 2025-06-11 | 9.6 Critical |
| Microsoft Office app Remote Code Execution Vulnerability | ||||
| CVE-2024-35373 | 2 Mocado, Mocodo | 2 Mocado, Mocodo Online | 2025-06-10 | 9.8 Critical |
| Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Execution via /web/rewrite.php. | ||||
| CVE-2024-35374 | 1 Mocodo | 1 Mocodo Online | 2025-06-10 | 9.8 Critical |
| Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary commands and potentially command injection, leading to remote code execution (RCE) under certain conditions. | ||||
| CVE-2024-28283 | 1 Linksys | 2 E1000, E1000 Firmware | 2025-06-10 | 6.7 Medium |
| There is stack-based buffer overflow vulnerability in pc_change_act function in Linksys E1000 router firmware version v.2.1.03 and before, leading to remote code execution. | ||||
| CVE-2025-48471 | 1 Freescout | 1 Freescout | 2025-06-10 | 9.8 Critical |
| FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, the application does not check or performs insufficient checking of files uploaded to the application. This allows files to be uploaded with the phtml and phar extensions, which can lead to remote code execution if the Apache web server is used. This issue has been patched in version 1.8.179. | ||||
| CVE-2025-23196 | 1 Apache | 1 Ambari | 2025-06-09 | 8.8 High |
| A code injection vulnerability exists in the Ambari Alert Definition feature, allowing authenticated users to inject and execute arbitrary shell commands. The vulnerability arises when defining alert scripts, where the script filename field is executed using `sh -c`. An attacker with authenticated access can exploit this vulnerability to inject malicious commands, leading to remote code execution on the server. The issue has been fixed in the latest versions of Ambari. | ||||
| CVE-2025-48744 | 1 Sigb | 1 Pmb | 2025-06-09 | 6.4 Medium |
| In SIGB PMB before 8.0.1.2, attackers can achieve Local File Inclusion and remote code execution. | ||||
| CVE-2023-51066 | 1 Qstar | 1 Archive Storage Manager | 2025-06-06 | 8.8 High |
| An authenticated remote code execution vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows attackers to arbitrarily execute commands. | ||||
| CVE-2024-20697 | 1 Microsoft | 3 Windows 11 22h2, Windows 11 23h2, Windows Server 2022 23h2 | 2025-06-05 | 7.3 High |
| Windows libarchive Remote Code Execution Vulnerability | ||||