Search Results (21211 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-53495 1 Linux 1 Linux Kernel 2026-01-16 7.8 High
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mvpp2_main: fix possible OOB write in mvpp2_ethtool_get_rxnfc() rules is allocated in ethtool_get_rxnfc and the size is determined by rule_cnt from user space. So rule_cnt needs to be check before using rules to avoid OOB writing or NULL pointer dereference.
CVE-2022-50795 1 Sound4 21 Big Voice2, Big Voice2 Firmware, Big Voice4 and 18 more 2026-01-16 7.8 High
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains a conditional command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory. Unauthenticated attackers can execute commands by making a single HTTP POST request to the traceroute.php script, which triggers the malicious file and then deletes it after execution.
CVE-2022-50791 1 Sound4 21 Big Voice2, Big Voice2 Firmware, Big Voice4 and 18 more 2026-01-16 7.8 High
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains a conditional command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory. Unauthenticated attackers can execute commands by making a single HTTP POST request to the vulnerable ping.php script, which triggers the malicious file and then deletes it.
CVE-2022-50789 1 Sound4 21 Big Voice2, Big Voice2 Firmware, Big Voice4 and 18 more 2026-01-16 7.8 High
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains a command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory with .dns.pid extension. Unauthenticated attackers can execute the malicious commands by making a single HTTP POST request to the vulnerable dns.php script, which triggers command execution and then deletes the file.
CVE-2025-70753 1 Tenda 2 Ax1806, Ax1806 Firmware 2026-01-16 7.5 High
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_4CA50 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-71024 1 Tenda 2 Ax3, Ax3 Firmware 2026-01-16 7.5 High
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the serviceName2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-71025 1 Tenda 2 Ax3, Ax3 Firmware 2026-01-16 7.5 High
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the cloneType2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-71027 1 Tenda 2 Ax3, Ax3 Firmware 2026-01-16 7.5 High
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanMTU2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-71026 1 Tenda 2 Ax3, Ax3 Firmware 2026-01-16 7.5 High
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-10568 2 Hp, Hyperx 2 Hyperx Ngenuity, Ngenuity 2026-01-16 9.8 Critical
HyperX NGENUITY software is potentially vulnerable to arbitrary code execution. HP is releasing updated software to address the potential vulnerability.
CVE-2024-48014 1 Dell 1 Bsafe Micro-edition-suite 2026-01-16 7.5 High
Dell BSAFE Micro Edition Suite, versions prior to 5.0.2.3 contain an Out-of-bounds Write vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.
CVE-2025-43943 1 Dell 1 Cloud Disaster Recovery 2026-01-16 6.7 Medium
Dell Cloud Disaster Recovery, version(s) prior to 19.20, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.
CVE-2025-42892 1 Sap 1 Business Connector 2026-01-16 6.8 Medium
Due to an OS Command Injection vulnerability in SAP Business Connector, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this content enables execution of arbitrary operating system commands. Successful exploitation could lead to full compromise of the system�s confidentiality, integrity, and availability.
CVE-2025-7404 2 Gelbphoenix, Janeczku 2 Autocaliweb, Calibre-web 2026-01-16 9.8 Critical
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Calibre Web, Autocaliweb allows Blind OS Command Injection.This issue affects Calibre Web: 0.6.24 (Nicolette); Autocaliweb: from 0.7.0 before 0.7.1.
CVE-2025-11541 1 Sharp 52 Np-cr5450h, Np-cr5450h Firmware, Np-cr5450hl and 49 more 2026-01-15 9.8 Critical
Stack-based Buffer Overflow vulnerability in Sharp Display Solutions projectors allows a attacker may execute arbitrary commands and programs.
CVE-2025-11542 1 Sharp 52 Np-cr5450h, Np-cr5450h Firmware, Np-cr5450hl and 49 more 2026-01-15 9.8 Critical
Stack-based Buffer Overflow vulnerability in Sharp Display Solutions projectors allows a attacker may execute arbitrary commands and programs.
CVE-2025-60738 1 Ilevia 2 Eve X1 Server, Eve X1 Server Firmware 2026-01-15 9.8 Critical
An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 2025_07_21 and before allows a remote attacker to execute arbitrary code via the ping.php component does not perform secure filtering on IP parameters
CVE-2024-50566 1 Fortinet 3 Fortimanager, Fortimanager Cloud, Fortimanagercloud 2026-01-15 7.2 High
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiManager Cloud 7.6.0 through 7.6.1, FortiManager Cloud 7.4.0 through 7.4.4, FortiManager Cloud 7.2.2 through 7.2.7, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.0 through 7.4.5, FortiManager 7.2.1 through 7.2.8 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests.
CVE-2025-26508 1 Hp 593 115p9aw, 115q0aw, 17f27aw and 590 more 2026-01-15 9.8 Critical
Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.
CVE-2024-27778 1 Fortinet 1 Fortisandbox 2026-01-15 8.3 High
An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0.5 through 3.0.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests.