Export limit exceeded: 10566 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10566 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 20116 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20116 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-41289 | 1 Qnap | 1 Qcalagent | 2025-06-17 | 6.3 Medium |
| An OS command injection vulnerability has been reported to affect QcalAgent. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QcalAgent 1.1.8 and later | ||||
| CVE-2021-42028 | 1 Siemens-healthineers | 1 Syngo Fastview | 2025-06-17 | 7.8 High |
| A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing BMP files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14860) | ||||
| CVE-2021-40367 | 1 Siemens-healthineers | 1 Syngo Fastview | 2025-06-17 | 7.8 High |
| A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing DICOM files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15097) | ||||
| CVE-2023-52311 | 1 Paddlepaddle | 1 Paddlepaddle | 2025-06-17 | 9.6 Critical |
| PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system. | ||||
| CVE-2023-52304 | 1 Paddlepaddle | 1 Paddlepaddle | 2025-06-17 | 8.2 High |
| Stack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage. | ||||
| CVE-2024-32370 | 2 Hsc, Hsclabs | 2 Mailinspector, Mailinspector | 2025-06-17 | 9.8 Critical |
| An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the id parameter in the mliSystemUsers.php component. | ||||
| CVE-2024-23060 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-06-17 | 9.8 Critical |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function. | ||||
| CVE-2024-21821 | 1 Tp-link | 6 Archer Ax3000, Archer Ax3000 Firmware, Archer Ax5400 and 3 more | 2025-06-17 | 8 High |
| Multiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands. | ||||
| CVE-2022-36660 | 1 Xhyve Project | 1 Xhyve | 2025-06-17 | 9.8 Critical |
| xhyve commit dfbe09b was discovered to contain a stack buffer overflow via the component pci_vtrnd_notify(). | ||||
| CVE-2022-36513 | 1 H3c | 2 Gr-1200w, Gr-1200w Firmware | 2025-06-17 | 9.8 Critical |
| H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function edditactionlist. | ||||
| CVE-2022-36511 | 1 H3c | 2 Gr-1200w, Gr-1200w Firmware | 2025-06-17 | 9.8 Critical |
| H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function EditApAdvanceInfo. | ||||
| CVE-2022-36510 | 1 H3c | 2 Gr2200, Gr2200 Firmware | 2025-06-17 | 7.8 High |
| H3C GR2200 MiniGR1A0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList. | ||||
| CVE-2022-36509 | 1 H3c | 2 Gr3200, Gr3200 Firmware | 2025-06-17 | 7.8 High |
| H3C GR3200 MiniGR1B0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList. | ||||
| CVE-2022-36508 | 1 H3c | 2 Magic Nx18 Plus, Magic Nx18 Plus Firmware | 2025-06-17 | 7.8 High |
| H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function SetAPInfoById. | ||||
| CVE-2022-36504 | 1 H3c | 2 Magic Nx18 Plus, Magic Nx18 Plus Firmware | 2025-06-17 | 7.8 High |
| H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function Edit_BasicSSID. | ||||
| CVE-2025-47868 | 1 Apache | 1 Nuttx | 2025-06-17 | 9.8 Critical |
| Out-of-bounds Write resulting in possible Heap-based Buffer Overflow vulnerability was discovered in tools/bdf-converter font conversion utility that is part of Apache NuttX RTOS repository. This standalone program is optional and neither part of NuttX RTOS nor Applications runtime, but active bdf-converter users may be affected when this tool is exposed to external provided user data data (i.e. publicly available automation). This issue affects Apache NuttX: from 6.9 before 12.9.0. Users are recommended to upgrade to version 12.9.0, which fixes the issue. | ||||
| CVE-2022-46721 | 1 Apple | 1 Macos | 2025-06-17 | 7.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2023-50671 | 1 Aertherwide | 1 Exiftags | 2025-06-17 | 7.8 High |
| In exiftags 1.01, nikon_prop1 in nikon.c has a heap-based buffer overflow (write of size 28) because snprintf can write to an unexpected address. | ||||
| CVE-2024-1283 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-17 | 8.8 High |
| Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-32877 | 2 Google, Mediatek | 22 Android, Mt6762, Mt6765 and 19 more | 2025-06-17 | 6.7 Medium |
| In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308070. | ||||