Export limit exceeded: 10203 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10203 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-28219 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-23 | 8.1 High |
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | ||||
| CVE-2023-21554 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 9 more | 2025-01-23 | 9.8 Critical |
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | ||||
| CVE-2023-24893 | 1 Microsoft | 1 Visual Studio Code | 2025-01-23 | 7.8 High |
| Visual Studio Code Remote Code Execution Vulnerability | ||||
| CVE-2023-28223 | 1 Microsoft | 4 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 1 more | 2025-01-23 | 6.6 Medium |
| Windows Domain Name Service Remote Code Execution Vulnerability | ||||
| CVE-2023-28305 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2025-01-23 | 6.6 Medium |
| Windows DNS Server Remote Code Execution Vulnerability | ||||
| CVE-2023-28292 | 1 Microsoft | 5 Raw Image Extension, Windows 10 20h2, Windows 10 21h2 and 2 more | 2025-01-23 | 7.8 High |
| Raw Image Extension Remote Code Execution Vulnerability | ||||
| CVE-2023-28291 | 1 Microsoft | 5 Raw Image Extension, Windows 10 20h2, Windows 10 21h2 and 2 more | 2025-01-23 | 8.4 High |
| Raw Image Extension Remote Code Execution Vulnerability | ||||
| CVE-2023-23375 | 1 Microsoft | 2 Odbc, Ole Db | 2025-01-23 | 7.8 High |
| Microsoft ODBC and OLE DB Remote Code Execution Vulnerability | ||||
| CVE-2023-21727 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 9 more | 2025-01-23 | 8.8 High |
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | ||||
| CVE-2023-23384 | 1 Microsoft | 1 Sql Server | 2025-01-23 | 7.3 High |
| Microsoft SQL Server Remote Code Execution Vulnerability | ||||
| CVE-2024-29974 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2025-01-22 | 9.8 Critical |
| ** UNSUPPORTED WHEN ASSIGNED ** The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute arbitrary code by uploading a crafted configuration file to a vulnerable device. | ||||
| CVE-2023-32314 | 2 Redhat, Vm2 Project | 3 Acm, Multicluster Engine, Vm2 | 2025-01-22 | 9.8 Critical |
| vm2 is a sandbox that can run untrusted code with Node's built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. It abuses an unexpected creation of a host object based on the specification of `Proxy`. As a result a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.18` of `vm2`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-2295 | 2 Libreswan, Redhat | 7 Libreswan, Enterprise Linux, Enterprise Linux Eus and 4 more | 2025-01-22 | 7.5 High |
| A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible. This CVE exists because of a CVE-2023-30570 security regression for libreswan package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2. | ||||
| CVE-2023-31902 | 1 Mobilemouse | 1 Mobile Mouse | 2025-01-22 | 9.8 Critical |
| RPA Technology Mobile Mouse 3.6.0.4 is vulnerable to Remote Code Execution (RCE). | ||||
| CVE-2019-25137 | 1 Umbraco | 1 Umbraco Cms | 2025-01-22 | 7.2 High |
| Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx. | ||||
| CVE-2022-36327 | 1 Westerndigital | 17 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 14 more | 2025-01-22 | 5.8 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to write files to locations with certain critical filesystem types leading to remote code execution was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires an authentication bypass issue to be triggered before this can be exploited. This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202. | ||||
| CVE-2023-30470 | 1 Facebook | 1 Hermes | 2025-01-21 | 9.8 Critical |
| A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990f737ebb9d9810633502f65ed462b819c09 could have been used by an attacker to achieve remote code execution. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected. | ||||
| CVE-2023-6764 | 1 Zyxel | 42 Atp100, Atp100 Firmware, Atp100w and 39 more | 2025-01-21 | 8.1 High |
| A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could allow an attacker to achieve unauthorized remote code execution by sending a sequence of specially crafted payloads containing an invalid pointer; however, such an attack would require detailed knowledge of an affected device’s memory layout and configuration. | ||||
| CVE-2024-3486 | 1 Microfocus | 1 Imanager | 2025-01-21 | 7.8 High |
| XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure and remote code execution. | ||||
| CVE-2024-3969 | 1 Microfocus | 1 Imanager | 2025-01-21 | 7.8 High |
| XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML payload | ||||