Export limit exceeded: 362965 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (6775 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-48747 1 Alist Project 1 Alist 2026-04-15 6.8 Medium
An issue in alist-tvbox v1.7.1 allows a remote attacker to execute arbitrary code via the /atv-cli file.
CVE-2025-6102 2026-04-15 8.8 High
A vulnerability classified as critical was found in Wifi-soft UniBox Controller up to 20250506. Affected by this vulnerability is an unknown functionality of the file /authentication/logout.php. The manipulation of the argument mac_address leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-42509 1 Arubanetworks 2 Arubaos, Instant 2026-04-15 9.8 Critical
Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVE-2024-42506 1 Arubanetworks 1 Arubaos 2026-04-15 9.8 Critical
Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVE-2021-47875 1 Geogebra 1 Cas Calculator 2026-04-15 9.8 Critical
GeoGebra CAS Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a payload with 8000 repeated characters and paste it into the calculator's input field to trigger an application crash.
CVE-2021-47876 1 Geogebra 1 Classic 2026-04-15 7.5 High
GeoGebra Classic 5.0.631.0-d contains a denial of service vulnerability in the input field that allows attackers to crash the application by sending oversized buffer content. Attackers can generate a large buffer of 800,000 repeated characters and paste it into the 'Entrada:' input field to trigger an application crash.
CVE-2021-47893 1 Agatasoft 1 Pingmaster Pro 2026-04-15 7.5 High
AgataSoft PingMaster Pro 2.1 contains a denial of service vulnerability in the Trace Route feature that allows attackers to crash the application by overflowing the host name input field. Attackers can generate a 10,000-character buffer and paste it into the host name field to trigger an application crash and potential system instability.
CVE-2018-25108 2026-04-15 7.5 High
An unauthenticated remote attacker can cause a DoS in the controller due to uncontrolled resource consumption.
CVE-2025-29509 2026-04-15 8.8 High
Jan v0.5.14 and before is vulnerable to remote code execution (RCE) when the user clicks on a rendered link in the conversation, due to opening external website in the app and the exposure of electronAPI, with a lack of filtering of URL when calling shell.openExternal().
CVE-2024-34713 2026-04-15 3.5 Low
sshproxy is used on a gateway to transparently proxy a user SSH connection on the gateway to an internal host via SSH. Prior to version 1.6.3, any user authorized to connect to a ssh server using `sshproxy` can inject options to the `ssh` command executed by `sshproxy`. All versions of `sshproxy` are impacted. The problem is patched starting in version 1.6.3. The only workaround is to use the `force_command` option in `sshproxy.yaml`, but it's rarely relevant.
CVE-2024-33439 1 Kasda 1 Kw5515 Firmware 2026-04-15 9.1 Critical
An issue in Kasda LinkSmart Router KW5515 v1.7 and before allows an authenticated remote attacker to execute arbitrary OS commands via cgi parameters.
CVE-2025-53498 2026-04-15 5.3 Medium
Insufficient Logging vulnerability in Wikimedia Foundation Mediawiki - AbuseFilter Extension allows Data Leakage Attacks.This issue affects Mediawiki - AbuseFilter Extension: from 1.43.X before 1.43.2.
CVE-2024-27763 2026-04-15 5.3 Medium
XPixelGroup BasicSR through 1.4.2 might locally allow code execution in contrived situations where "scontrol show hostname" is executed in the presence of a crafted SLURM_NODELIST environment variable.
CVE-2025-65947 1 Thread-amount Project 1 Thread-amount 2026-04-15 N/A
thread-amount is a tool that gets the amount of threads in the current process. Prior to version 0.2.2, there are resource leaks when querying thread counts on Windows and Apple platforms. In Windows platforms, the thread_amount function calls CreateToolhelp32Snapshot but fails to close the returned HANDLE using CloseHandle. Repeated calls to this function will cause the handle count of the process to grow indefinitely, eventually leading to system instability or process termination when the handle limit is reached. In Apple platforms, the thread_amount function calls task_threads (via Mach kernel APIs) which allocates memory for the thread list. The function fails to deallocate this memory using vm_deallocate. Repeated calls will result in a steady memory leak, eventually causing the process to be killed by the OOM (Out of Memory) killer. This issue has been patched in version 0.2.2.
CVE-2025-30409 2026-04-15 N/A
Denial of service due to allocation of resources without limits. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904, Acronis Cyber Protect 17 (Windows) before build 41186.
CVE-2024-5023 1 Netflix 1 Consoleme 2026-04-15 N/A
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Netflix ConsoleMe allows Command Injection.This issue affects ConsoleMe: before 1.4.0.
CVE-2024-48441 1 Whtyglobal 1 Tianyu Cpe Router Firmware 2026-04-15 8.8 High
Wuhan Tianyu Information Industry Co., Ltd Tianyu CPE Router CommonCPExCPETS_v3.2.468.11.04_P4 was discovered to contain a command injection vulnerability via the component at_command.asp.
CVE-2024-48214 1 Keruistore 1 Kerui Hd 3mp 1080p Tuya Camera Firmware 2026-04-15 8.4 High
KERUI HD 3MP 1080P Tuya Camera 1.0.4 has a command injection vulnerability in the module that connects to the local network via a QR code. This vulnerability allows an attacker to create a custom, unauthenticated QR code and abuse one of the parameters, either SSID or PASSWORD, in the JSON data contained within the QR code. By that, the attacker can execute arbitrary code on the camera.
CVE-2025-8697 2026-04-15 6.3 Medium
A vulnerability was found in agentUniverse up to 0.0.18 and classified as critical. This issue affects the function StdioServerParameters of the component MCPSessionManager/MCPTool/MCPToolkit. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-8667 1 Skyworkai 1 Deepresearchagent 2026-04-15 6.3 Medium
A vulnerability, which was classified as critical, was found in SkyworkAI DeepResearchAgent up to 08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2. Affected is the function from_code/from_dict/from_mcp of the file src/tools/tools.py. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.