Search Results (86059 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-8657 1 Benjamine 1 Jsondiffpatch 2026-07-05 8.2 High
Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Prototype Pollution via the jsondiffpatch.patch() and jsondiffpatch/formatters/jsonpatch.patch() APIs. An attacker can perform prototype pollution by supplying crafted delta or JSON Patch documents, as attacker-controlled property names and path segments are used to traverse and modify objects without restricting access to special properties like __proto__ or constructor.prototype, allowing modification of Object.prototype.
CVE-2024-48733 1 Sas 1 Studio 2026-07-05 8.8 High
SQL injection vulnerability in /SASStudio/sasexec/sessions/{sessionID}/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. NOTE: this is disputed by the vendor because SQL statement execution is allowed for authorized users.
CVE-2021-40905 2 Checkmk, Tribe29 2 Checkmk, Checkmk 2026-07-05 8.8 High
The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session of a user with administrator role. NOTE: the vendor states that this is the intended behavior: admins are supposed to be able to execute code in this manner.
CVE-2020-21468 1 Redislabs 1 Redis 2026-07-05 7.5 High
A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot reproduce this issue in a released version, such as 5.0.7.
CVE-2023-43303 1 Linecorp 1 Line 2026-07-05 8.2 High
An issue in craftbeer bar canvas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token (via captured network traffic).
CVE-2026-36478 1 Technitium 1 Dns Server 2026-07-05 7.5 High
An issue in Technitium DNS Server v.14.3 and before allows a remote attacker to cause a denial of service via the DnsServerApp.exe, DnsServerApp.dll, TechnitiumLibrary.Net/Dns/DnsClient.cs components
CVE-2024-44667 1 Shenzhen Haichangxing Technology 1 Hcx H822 Firmware 2026-07-05 8 High
Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router M7628NNxISPxUIv2_v1.0.1557.15.35_P0 is vulnerable to Incorrect Access Control. Unauthenticated factory mode reset and command injection leads to information exposure and root shell access.
CVE-2024-28714 1 Crmeb 1 Crmeb Java 2026-07-05 8.1 High
SQL Injection vulnerability in CRMEB_Java e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter.
CVE-2023-51148 1 Trendnet 4 Tew-821dap, Tew-821dap Firmware, Tew-821dap V2.0r Firmware and 1 more 2026-07-05 8 High
An issue in TRENDnet Trendnet AC1200 Dual Band PoE Indoor Wireless Access Point TEW-821DAP v.3.00b06 allows an attacker to execute arbitrary code via the 'mycli' command-line interface component.
CVE-2022-27406 3 Fedoraproject, Freetype, Redhat 4 Fedora, Freetype, Enterprise Linux and 1 more 2026-07-05 7.5 High
FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.
CVE-2022-27405 3 Fedoraproject, Freetype, Redhat 4 Fedora, Freetype, Enterprise Linux and 1 more 2026-07-05 7.5 High
FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.
CVE-2020-22623 1 Insightsoftware 1 Jreport 2026-07-05 7.5 High
Directory traversal vulnerability in Jinfornet Jreport 15.6 allows unauthenticated attackers to gain sensitive information.
CVE-2021-35269 4 Debian, Fedoraproject, Redhat and 1 more 5 Debian Linux, Fedora, Advanced Virtualization and 2 more 2026-07-05 7.8 High
NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation of privileges.
CVE-2021-35267 4 Debian, Fedoraproject, Redhat and 1 more 5 Debian Linux, Fedora, Advanced Virtualization and 2 more 2026-07-05 7.8 High
NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root.
CVE-2021-35266 4 Debian, Fedoraproject, Redhat and 1 more 5 Debian Linux, Fedora, Advanced Virtualization and 2 more 2026-07-05 7.8 High
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code execution.
CVE-2021-33289 4 Debian, Fedoraproject, Redhat and 1 more 5 Debian Linux, Fedora, Advanced Virtualization and 2 more 2026-07-05 7.8 High
In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.
CVE-2022-35203 1 Trendnet 2 Tv-ip572pi, Tv-ip572pi Firmware 2026-07-05 7.2 High
An access control issue in TrendNet TV-IP572PI v1.0 allows unauthenticated attackers to access sensitive system information.
CVE-2020-21883 1 Indionetworks 10 Unibox U1000, Unibox U1000 Firmware, Unibox U2500 and 7 more 2026-07-05 8.8 High
Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover.
CVE-2021-44595 1 Wondershare 1 Dr.fone 2026-07-05 8.8 High
Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges.
CVE-2020-21046 1 Softonic 1 Eagleget 2026-07-04 7.8 High
A local privilege escalation vulnerability was identified within the "luminati_net_updater_win_eagleget_com" service in EagleGet Downloader version 2.1.5.20 Stable. This issue allows authenticated non-administrative user to escalate their privilege and conduct code execution as a SYSTEM privilege.