Export limit exceeded: 21217 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (21217 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-59738 1 Andsoft 1 E-tms 2025-10-02 9.8 Critical
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRM_BET.ASP'.
CVE-2025-10328 1 Sourcefabric 2 Phoniebox, Rpi-jukebox-rfid 2025-10-02 6.3 Medium
A security vulnerability has been detected in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this issue is some unknown functionality of the file /htdocs/api/playlist/playsinglefile.php. The manipulation of the argument File leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-59737 1 Andsoft 1 E-tms 2025-10-02 9.8 Critical
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRM_LXA.ASP'.
CVE-2025-10358 1 Wavlink 2 Wl-wn578w2, Wl-wn578w2 Firmware 2025-10-02 7.3 High
A security vulnerability has been detected in Wavlink WL-WN578W2 221110. This affects the function sub_404850 of the file /cgi-bin/wireless.cgi. The manipulation of the argument delete_list leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-10359 1 Wavlink 2 Wl-wn578w2, Wl-wn578w2 Firmware 2025-10-02 7.3 High
A vulnerability was detected in Wavlink WL-WN578W2 221110. This impacts the function sub_404DBC of the file /cgi-bin/wireless.cgi. The manipulation of the argument macAddr results in os command injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-59736 1 Andsoft 1 E-tms 2025-10-02 9.8 Critical
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRM_DJO.ASP'.
CVE-2025-59735 1 Andsoft 1 E-tms 2025-10-02 9.8 Critical
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRM.ASP'.
CVE-2025-27262 1 Ericsson 2 Indoor Connect 8855, Indoor Connect 8855 Firmware 2025-10-02 7.8 High
Ericsson Indoor Connect 8855 contains a command injection vulnerability which if exploited can result in an escalation of privileges.
CVE-2025-43020 1 Hp 1 Poly Clariti Manager 2025-10-02 6.8 Medium
A potential command injection vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could allow a privileged user to submit arbitrary input. HP has addressed the issue in the latest software update.
CVE-2025-20980 1 Google 1 Android 2025-10-02 4 Medium
Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to cause memory corruption.
CVE-2024-52064 1 Rti 1 Connext Professional 2025-10-02 7.1 High
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45.
CVE-2024-52065 1 Rti 1 Connext Professional 2025-10-02 7.1 High
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional on non-Windows (Persistence Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.1.2 before 6.1.2.21, from 5.3.1.40 before 5.3.1.41.
CVE-2024-52066 1 Rti 1 Connext Professional 2025-10-02 7.8 High
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40.
CVE-2024-52063 1 Rti 1 Connext Professional 2025-10-02 8.6 High
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries, Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45.
CVE-2024-52062 1 Rti 1 Connext Professional 2025-10-02 7.8 High
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45.
CVE-2024-52061 1 Rti 1 Connext Professional 2025-10-02 9.8 Critical
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries, Queuing Service, Recording Service, Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45.
CVE-2024-52058 1 Rti 1 Connext Professional 2025-10-02 7.8 High
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in RTI Connext Professional (System Designer) allows OS Command Injection.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.19.
CVE-2024-39935 1 Jc21 1 Nginx Proxy Manager 2025-10-02 8.8 High
jc21 NGINX Proxy Manager before 2.11.3 allows backend/internal/certificate.js OS command injection by an authenticated user (with certificate management privileges) via untrusted input to the DNS provider configuration. NOTE: this is not part of any NGINX software shipped by F5.
CVE-2024-12199 1 Autodesk 4 Navisworks, Navisworks Freedom, Navisworks Manage and 1 more 2025-10-02 7.8 High
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVE-2024-53098 1 Linux 1 Linux Kernel 2025-10-01 7.8 High
In the Linux kernel, the following vulnerability has been resolved: drm/xe/ufence: Prefetch ufence addr to catch bogus address access_ok() only checks for addr overflow so also try to read the addr to catch invalid addr sent from userspace. (cherry picked from commit 9408c4508483ffc60811e910a93d6425b8e63928)