Search Results (6875 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-53945 1 Kuwfi 1 Ac900 Router 2026-04-15 8.8 High
The KuWFi 4G AC900 LTE router 1.0.13 is vulnerable to command injection on the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd. An authenticated attacker can execute arbitrary OS commands with root privileges via shell metacharacters in parameters such as pincode and cmds. Exploitation can lead to full system compromise, including enabling remote access (e.g., enabling telnet).
CVE-2024-50955 1 Xinje 1 Xd5e-24r-e Firmware 2026-04-15 7.5 High
An issue in how XINJE XD5E-24R and XL5E-16T v3.5.3b handles TCP protocol messages allows attackers to cause a Denial of Service (DoS) via a crafted TCP message.
CVE-2024-50591 1 Hasomed 1 Elefant Software Updater 2026-04-15 7.8 High
An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a command injection vulnerability in the Elefant Update Service. The command injection can be exploited by communicating with the Elefant Update Service which is running as "SYSTEM" via Windows Named Pipes.The Elefant Software Updater (ESU) consists of two components. An ESU service which runs as "NT AUTHORITY\SYSTEM" and an ESU tray client which communicates with the service to update or repair the installation and is running with user permissions. The communication is implemented using named pipes. A crafted message of type "MessageType.SupportServiceInfos" can be sent to the local ESU service to inject commands, which are then executed as "NT AUTHORITY\SYSTEM".
CVE-2024-49589 2026-04-15 6.5 Medium
Foundry Artifacts was found to be vulnerable to a Denial Of Service attack due to disk being potentially filled up based on an user supplied argument (size).
CVE-2024-48848 1 Abb 3 Aspect Enterprise, Matrix Series, Nexus Series 2026-04-15 6.5 Medium
Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on a system if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
CVE-2024-48841 2026-04-15 10 Critical
Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older.
CVE-2024-48747 1 Alist Project 1 Alist 2026-04-15 6.8 Medium
An issue in alist-tvbox v1.7.1 allows a remote attacker to execute arbitrary code via the /atv-cli file.
CVE-2024-48746 1 Lensvisual 1 Lensvisual 2026-04-15 9.8 Critical
An issue in Lens Visual integration with Power BI v.4.0.0.3 allows a remote attacker to execute arbitrary code via the Natural language processing component
CVE-2024-48441 1 Whtyglobal 1 Tianyu Cpe Router Firmware 2026-04-15 8.8 High
Wuhan Tianyu Information Industry Co., Ltd Tianyu CPE Router CommonCPExCPETS_v3.2.468.11.04_P4 was discovered to contain a command injection vulnerability via the component at_command.asp.
CVE-2024-48440 1 Tuoshi 1 5g Cpe Router Nr500-ea Firmware 2026-04-15 8.8 High
Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 was discovered to contain a command injection vulnerability via the component at_command.asp.
CVE-2024-47614 1 Graphql 1 Async-graphql 2026-04-15 7.5 High
async-graphql is a GraphQL server library implemented in Rust. async-graphql before 7.0.10 does not limit the number of directives for a field. This can lead to Service Disruption, Resource Exhaustion, and User Experience Degradation. This vulnerability is fixed in 7.0.10.
CVE-2024-46933 2026-04-15 7.7 High
An issue was discovered in Atos Eviden BullSequana XH2140 BMC before C4EM-125: OMF_C4E 101.05.0014. Some BullSequana XH products were shipped without proper hardware programming, leading to a potential denial-of-service with privileged access.
CVE-2024-45989 1 Butterflyeffectpte 1 Monica 2026-04-15 4 Medium
Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. A prompt injection allows an attacker to modify chatbot answer with an unloaded image that exfiltrates the user's sensitive chat data of the current session to a malicious third-party or attacker-controlled server.
CVE-2024-45338 1 Redhat 27 Acm, Advanced Cluster Security, Ceph Storage and 24 more 2026-04-15 5.3 Medium
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
CVE-2025-64508 1 Bugsink 1 Bugsink 2026-04-15 7.5 High
Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.5, brotli "bombs" (highly compressed brotli streams, such as many zeros) can be sent to the server. Since the server will attempt to decompress these streams before applying various maximums, this can lead to exhaustion of the available memory and thus a Denial of Service. This can be done if the `DSN` is known, which it is in many common setups (JavaScript, Mobile Apps). The issue is patched in Bugsink version `2.0.5`. The vulnerability is similar to, but distinct from, another brotli-related problem in Bugsink, GHSA-rrx3-2x4g-mq2h/CVE-2025-64509.
CVE-2024-44413 1 Dlink 1 Di-8200 Firmware 2026-04-15 8.8 High
A vulnerability was discovered in DI_8200-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection.
CVE-2024-44335 1 Dlink 7 Di-7003g Firmware, Di-7003gv2 Firmware, Di-7100g\+v2 Firmware and 4 more 2026-04-15 8.8 High
D-Link DI-7003G v19.12.24A1, DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution (RCE) via version_upgrade.asp.
CVE-2024-44334 1 Dlink 7 Di-7003g Firmware, Di-7003gv2 Firmware, Di-7100g\+v2 Firmware and 4 more 2026-04-15 8.8 High
D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution due to insufficient parameter filtering in the CGI handling function of upgrade_filter.asp.
CVE-2024-41135 1 Arubanetworks 1 Edgeconnect Sd-wan Orchestrator 2026-04-15 7.2 High
A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise
CVE-2024-41134 2026-04-15 7.2 High
A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise