Export limit exceeded: 365339 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 35583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 365339 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (6843 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3116 | 3 Fedoraproject, Pgadmin, Postgresql | 3 Fedora, Pgadmin 4, Pgadmin 4 | 2025-03-17 | 7.4 High |
| pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the underlying data. | ||||
| CVE-2024-35519 | 1 Netgear | 6 Ex3700, Ex3700 Firmware, Ex6100 and 3 more | 2025-03-17 | 8.4 High |
| Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operating_mode.cgi via the ap_mode parameter. | ||||
| CVE-2024-32292 | 1 Tenda | 2 W30e, W30e Firmware | 2025-03-17 | 8.8 High |
| Tenda W30E v1.0 V1.0.1.25(633) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. | ||||
| CVE-2024-32283 | 1 Tenda | 2 Fh1203, Fh1203 Firmware | 2025-03-17 | 7.3 High |
| Tenda FH1203 V2.0.1.6 firmware has a command injection vulnerablility in formexeCommand function via the cmdinput parameter. | ||||
| CVE-2024-32314 | 1 Tenda | 2 Ac500, Ac500 Firmware | 2025-03-17 | 3.8 Low |
| Tenda AC500 V2.0.1.9(1307) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. | ||||
| CVE-2024-32281 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2025-03-17 | 8.8 High |
| Tenda AC7V1.0 v15.03.06.44 firmware contains a command injection vulnerablility in formexeCommand function via the cmdinput parameter. | ||||
| CVE-2025-25675 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-03-17 | 9.8 Critical |
| Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to the cmd_buf variable, which is directly used in the doSystemCmd function, causing an arbitrary command execution. | ||||
| CVE-2023-26249 | 1 Nic | 1 Knot Resolver | 2025-03-14 | 7.5 High |
| Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. Specifically, a single client query may lead to a hundred TCP connection attempts if a DNS server closes connections without providing a response. | ||||
| CVE-2023-24184 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-03-14 | 9.8 Critical |
| TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability. | ||||
| CVE-2024-9264 | 1 Grafana | 1 Grafana | 2025-03-14 | 9.9 Critical |
| The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack. The `duckdb` binary must be present in Grafana's $PATH for this attack to function; by default, this binary is not installed in Grafana distributions. | ||||
| CVE-2024-30637 | 1 Tenda | 2 F1202, F1202 Firmware | 2025-03-13 | 8.8 High |
| Tenda F1202 v1.2.0.20(408) has a command injection vulnerablility in the formWriteFacMac function in the mac parameter. | ||||
| CVE-2024-28545 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-03-13 | 9.8 Critical |
| Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in the deviceName parameter of formsetUsbUnload function. | ||||
| CVE-2024-41888 | 1 Apache | 1 Answer | 2025-03-13 | 5.3 Medium |
| Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. The password reset link remains valid within its expiration period even after it has been used. This could potentially lead to the link being misused or hijacked. Users are recommended to upgrade to version 1.3.6, which fixes the issue. | ||||
| CVE-2024-41890 | 1 Apache | 1 Answer | 2025-03-13 | 5.3 Medium |
| Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. User sends multiple password reset emails, each containing a valid link. Within the link's validity period, this could potentially lead to the link being misused or hijacked. Users are recommended to upgrade to version 1.3.6, which fixes the issue. | ||||
| CVE-2022-28652 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2025-03-13 | 5.5 Medium |
| ~/.config/apport/settings parsing is vulnerable to "billion laughs" attack | ||||
| CVE-2024-35522 | 1 Netgear | 3 Ex3700, Ex3700 Ac750, Ex3700 Firmware | 2025-03-13 | 8.4 High |
| Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operating_mode.cgi via the ap_mode parameter with ap_24g_manual set to 1 and ap_24g_manual_sec set to NotNone. | ||||
| CVE-2024-35517 | 1 Netgear | 2 Xr1000, Xr1000 Firmware | 2025-03-13 | 8.4 High |
| Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter. | ||||
| CVE-2024-42947 | 1 Tenda | 2 Fh1201, Fh1201 Firmware | 2025-03-13 | 9.8 Critical |
| An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 (408) allows attackers to execute arbitrary commands via a crafted HTTP request. | ||||
| CVE-2023-23916 | 6 Debian, Fedoraproject, Haxx and 3 more | 19 Debian Linux, Fedora, Curl and 16 more | 2025-03-12 | 6.5 Medium |
| An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors. | ||||
| CVE-2023-23917 | 1 Rocket.chat | 1 Rocket.chat | 2025-03-12 | 8.8 High |
| A prototype pollution vulnerability exists in Rocket.Chat server <5.2.0 that could allow an attacker to a RCE under the admin account. Any user can create their own server in your cloud and become an admin so this vulnerability could affect the cloud infrastructure. This attack vector also may increase the impact of XSS to RCE which is dangerous for self-hosted users as well. | ||||