Search Results (21181 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-23126 1 Autodesk 12 Advance Steel, Autocad, Autocad Advance Steel and 9 more 2025-12-31 7.8 High
A maliciously crafted CATPART file when parsed CC5Dll.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVE-2024-23125 1 Autodesk 12 Advance Steel, Autocad, Autocad Advance Steel and 9 more 2025-12-31 7.8 High
A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVE-2024-11422 1 Autodesk 4 Navisworks, Navisworks Freedom, Navisworks Manage and 1 more 2025-12-31 7.8 High
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVE-2024-23138 1 Autodesk 17 Aautocad Lt, Advance Steel, Autocad and 14 more 2025-12-31 7.8 High
A maliciously crafted DWG file when parsed through Autodesk DWG TrueView can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVE-2025-62862 1 Amperecomputing 27 Ampereone A128-34x, Ampereone A128-34x Firmware, Ampereone A144-24x and 24 more 2025-12-31 4.6 Medium
Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM Boot Error Record Table driver that could result in (1) an out-of-bounds read which leaks Secure-EL0 information to a process running in Non-Secure state or (2) an out-of-bounds write which corrupts Secure or Non-Secure memory, limited to memory mapped to UEFI-MM Secure Partition by the Secure Partition Manager.
CVE-2025-63414 2 Allsky, Allskyteam 2 Allsky, Allsky 2025-12-31 10 Critical
A Path Traversal vulnerability in the Allsky WebUI version v2024.12.06_06 allows an unauthenticated remote attacker to achieve arbitrary command execution. By sending a crafted HTTP request to the /html/execute.php endpoint with a malicious payload in the id parameter, an attacker can execute arbitrary commands on the underlying operating system, leading to full remote code execution (RCE).
CVE-2021-22555 4 Brocade, Linux, Netapp and 1 more 43 Fabric Operating System, Linux Kernel, Aff 500f and 40 more 2025-12-30 8.3 High
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space
CVE-2025-14958 1 Floooh 1 Sokol 2025-12-30 5.3 Medium
A security flaw has been discovered in floooh sokol up to 33e2271c431bf21de001e972f72da17a984da932. This vulnerability affects the function _sg_pipeline_common_init in the library sokol_gfx.h. Performing manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The exploit has been released to the public and may be exploited. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The patch is named 33e2271c431bf21de001e972f72da17a984da932. It is suggested to install a patch to address this issue.
CVE-2022-2068 7 Broadcom, Debian, Fedoraproject and 4 more 49 Sannav, Debian Linux, Fedora and 46 more 2025-12-30 9.8 Critical
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
CVE-2022-1292 7 Debian, Fedoraproject, Netapp and 4 more 58 Debian Linux, Fedora, A250 and 55 more 2025-12-30 9.8 Critical
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).
CVE-2025-30004 1 Xorcom 1 Completepbx 2025-12-27 8.8 High
Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user. This issue affects CompletePBX: all versions up to and prior to 5.2.35
CVE-2024-8957 1 Ptzoptics 5 Pt30x-ndi-xx-g2, Pt30x-ndi-xx-g2 Firmware, Pt30x-ndi Firmware and 2 more 2025-12-27 7.2 High
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices.
CVE-2025-56086 1 Ruijie 4 Rg-ew1200, Rg-ew1200 Firmware, Rg-x60 and 1 more 2025-12-26 8.8 High
OS Command Injection vulnerability in Ruijie RG-EW1200 EW_3.0(1)B11P227_EW1200_11130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.
CVE-2025-56085 1 Ruijie 4 Rg-ew1200, Rg-ew1200 Firmware, Rg-ew300 Pro and 1 more 2025-12-26 8.8 High
OS Command Injection vulnerability in Ruijie RG-EW1200 EW_3.0(1)B11P227_EW1200_11130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua.
CVE-2025-56087 1 Ruijie 2 Rg-bcr600w, Rg-bcr600w Firmware 2025-12-26 8.8 High
OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the run_tcpdump in file /usr/lib/lua/luci/controller/admin/common_tcpdump.lua.
CVE-2025-56107 1 Ruijie 2 Rg-bcr600w, Rg-bcr600w Firmware 2025-12-26 8.8 High
OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the submit_wifi in file /usr/lib/lua/luci/controller/admin/common_quick_config.lua.
CVE-2025-56096 1 Ruijie 2 Rg-bcr600w, Rg-bcr600w Firmware 2025-12-26 8.8 High
OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the restart_modules in file /usr/lib/lua/luci/controller/admin/common.lua.
CVE-2025-56082 1 Ruijie 2 Rg-bcr600w, Rg-bcr600w Firmware 2025-12-26 8.8 High
OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the check_changes in file /usr/lib/lua/luci/controller/admin/common.lua.
CVE-2025-56077 2 Ruijie, Ruijienetworks 6 Rg-eap162\(g\), Rg-rap1260, Rg-rap2200(e) and 3 more 2025-12-26 8.8 High
OS Command Injection vulnerability in Ruijie RG-RAP2200(E) 247 2200 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua.
CVE-2025-56079 1 Ruijie 4 Be50, Be50 Firmware, Rg-ew1300g and 1 more 2025-12-26 8.8 High
OS Command Injection vulnerability in Ruijie RG-EW1300G EW1300G V1.00/V2.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.