Export limit exceeded: 19938 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19938 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-42877 | 1 Sap | 3 Content Server, Internet Communication Manager, Web Dispatcher | 2025-12-09 | 7.5 High |
| SAP Web Dispatcher, Internet Communication Manager (ICM), and SAP Content Server allow an unauthenticated user to exploit logical errors that lead to a memory corruption vulnerability. This results in high impact on the availability with no impact on confidentiality or integrity of the application. | ||||
| CVE-2024-58255 | 1 Huawei | 2 Enzoh-w5611t, Enzoh-w5611t Firmware | 2025-12-08 | 5 Medium |
| EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution. | ||||
| CVE-2024-58256 | 1 Huawei | 2 Enzoh-w5611t, Enzoh-w5611t Firmware | 2025-12-08 | 4.5 Medium |
| EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution. | ||||
| CVE-2024-58257 | 1 Huawei | 2 Enzoh-w5611t, Enzoh-w5611t Firmware | 2025-12-08 | 5.7 Medium |
| EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution. | ||||
| CVE-2025-66208 | 2 Collabora, Collaboraoffice | 2 Online, Online | 2025-12-08 | 9.8 Critical |
| Collabora Online - Built-in CODE Server (richdocumentscode) provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE (OS Command Injection) in richdocumentscode proxy. Users of Nextcloud with Collabora Online - Built-in CODE Server app can be vulnerable to attack via proxy.php and an intermediate reverse proxy. This vulnerability is fixed in 25.04.702. | ||||
| CVE-2023-47220 | 1 Qnap | 1 Media Streaming Add-on | 2025-12-08 | 6.6 Medium |
| An OS command injection vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later | ||||
| CVE-2025-64331 | 1 Oisf | 1 Suricata | 2025-12-08 | 7.5 High |
| Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow can occur on large HTTP file transfers if the user has increased the HTTP response body limit and enabled the logging of printable http bodies. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves using default HTTP response body limits and/or disabling http-body-printable logging; body logging is disabled by default. | ||||
| CVE-2025-8854 | 2 Bullet3 Project, Bulletphysics | 2 Bullet3, Pybullet | 2025-12-08 | 9.8 Critical |
| Stack-based buffer overflow in LoadOFF in bulletphysics bullet3 before 3.26 on all platforms allows remote attackers to execute arbitrary code via a crafted OFF file with an overlong initial token processed by the VHACD test utility or invoked indirectly through PyBullet's vhacd function. | ||||
| CVE-2025-14204 | 2025-12-08 | 6.3 Medium | ||
| A vulnerability has been found in TykoDev cherry-studio-TykoFork 0.1. This issue affects the function redirectToAuthorization of the file /.well-known/oauth-authorization-server of the component OAuth Server Discovery. Such manipulation of the argument authorizationUrl leads to os command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-48863 | 1 Qnap | 1 License Center | 2025-12-08 | 9.8 Critical |
| A command injection vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following version: License Center 1.9.43 and later | ||||
| CVE-2025-44015 | 1 Qnap | 1 Hybriddesk Station | 2025-12-08 | 8.4 High |
| A command injection vulnerability has been reported to affect HybridDesk Station. If an attacker gains local network access, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: HybridDesk Station 4.2.18 and later | ||||
| CVE-2025-9809 | 1 Libretro | 2 Libretro, Libretro-common | 2025-12-08 | 9.8 Critical |
| Out-of-bounds write in cdfs_open_cue_track in libretro libretro-common latest on all platforms allows remote attackers to execute arbitrary code via a crafted .cue file with a file path exceeding PATH_MAX_LENGTH that is copied using memcpy into a fixed-size buffer. | ||||
| CVE-2023-39786 | 1 Tenda | 3 Ac8 Firmware, Ac8v4, Ac8v4 Firmware | 2025-12-08 | 7.5 High |
| Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sscanf function. | ||||
| CVE-2023-40900 | 1 Tenda | 2 Ac8 Firmware, Ac8v4 | 2025-12-08 | 9.8 Critical |
| Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList. | ||||
| CVE-2023-40899 | 1 Tenda | 3 Ac8, Ac8 Firmware, Ac8v4 | 2025-12-08 | 9.8 Critical |
| Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at /goform/setMacFilterCfg. | ||||
| CVE-2023-40898 | 1 Tenda | 3 Ac8, Ac8 Firmware, Ac8v4 | 2025-12-08 | 9.8 Critical |
| Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter timeZone at /goform/SetSysTimeCfg. | ||||
| CVE-2023-40897 | 1 Tenda | 2 Ac8 Firmware, Ac8v4 | 2025-12-08 | 9.8 Critical |
| Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter mac at /goform/GetParentControlInfo. | ||||
| CVE-2023-40896 | 1 Tenda | 2 Ac8 Firmware, Ac8v4 | 2025-12-08 | 9.8 Critical |
| Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list and bindnum at /goform/SetIpMacBind. | ||||
| CVE-2023-40895 | 1 Tenda | 2 Ac8 Firmware, Ac8v4 | 2025-12-08 | 9.8 Critical |
| Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg. | ||||
| CVE-2023-40894 | 1 Tenda | 2 Ac8 Firmware, Ac8v4 | 2025-12-08 | 9.8 Critical |
| Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetStaticRouteCfg. | ||||