Export limit exceeded: 19996 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19996 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45640 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-04-24 | 7.5 High |
| Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Causes a denial of service (local). | ||||
| CVE-2022-45337 | 1 Tenda | 2 Tx9 Pro, Tx9 Pro Firmware | 2025-04-24 | 7.5 High |
| Tenda TX9 Pro v22.03.02.10 was discovered to contain a stack overflow via the list parameter at /goform/SetIpMacBind. | ||||
| CVE-2022-45332 | 1 Gnu | 1 Libredwg | 2025-04-24 | 7.8 High |
| LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow via the function decode_preR13_section_hdr at decode_r11.c. | ||||
| CVE-2022-45045 | 1 Xiongmaitech | 144 Mbd6304t, Mbd6304t Firmware, Nbd6808t-pl and 141 more | 2025-04-24 | 8.8 High |
| Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated attacker, possibly using the default admin:tlJwpbo6 credentials, can connect to port 34567 and execute arbitrary operating system commands via a crafted JSON file during an upgrade request. Since at least 2021, Xiongmai has applied patches to prevent attackers from using this mechanism to execute telnetd. | ||||
| CVE-2022-44367 | 1 Tenda | 2 I21, I21 Firmware | 2025-04-24 | 9.8 Critical |
| Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setUplinkInfo. | ||||
| CVE-2022-44362 | 1 Tenda | 2 I21, I21 Firmware | 2025-04-24 | 9.8 Critical |
| Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/AddSysLogRule. | ||||
| CVE-2022-43325 | 1 Telosalliance | 2 Omnia Mpx Node, Omnia Mpx Node Firmware | 2025-04-24 | 9.8 Critical |
| An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3.* - 1.4.* allows attackers to execute arbitrary commands via a crafted payload injected into the license input. | ||||
| CVE-2022-3226 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2025-04-24 | 7.2 High |
| An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA. | ||||
| CVE-2022-37924 | 1 Arubanetworks | 1 Edgeconnect Enterprise | 2025-04-24 | 7.2 High |
| Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. | ||||
| CVE-2022-24441 | 1 Snyk | 3 Snyk Cli, Snyk Language Server, Snyk Security | 2025-04-24 | 5.8 Medium |
| The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the application. This vulnerability may be triggered when running the the CLI tool directly, or when running a scan with one of the IDE plugins that invoke the Snyk CLI. Successful exploitation of this issue would likely require some level of social engineering - to coerce an untrusted project to be downloaded and analyzed via the Snyk CLI or opened in an IDE where a Snyk IDE plugin is installed and enabled. Additionally, if the IDE has a Trust feature then the target folder must be marked as ‘trusted’ in order to be vulnerable. **NOTE:** This issue is independent of the one reported in [CVE-2022-40764](https://security.snyk.io/vuln/SNYK-JS-SNYK-3037342), and upgrading to a fixed version for this addresses that issue as well. The affected IDE plugins and versions are: - VS Code - Affected: <=1.8.0, Fixed: 1.9.0 - IntelliJ - Affected: <=2.4.47, Fixed: 2.4.48 - Visual Studio - Affected: <=1.1.30, Fixed: 1.1.31 - Eclipse - Affected: <=v20221115.132308, Fixed: All subsequent versions - Language Server - Affected: <=v20221109.114426, Fixed: All subsequent versions | ||||
| CVE-2024-24091 | 1 Yealink | 2 Meeting Server, Yealink Meeting Server | 2025-04-24 | 9.8 Critical |
| Yealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection vulnerability via the file upload interface. | ||||
| CVE-2024-22132 | 1 Sap | 1 Ides Ecc | 2025-04-24 | 7.4 High |
| SAP IDES ECC-systems contain code that permits the execution of arbitrary program code of user's choice.An attacker can therefore control the behaviour of the system by executing malicious code which can potentially escalate privileges with low impact on confidentiality, integrity and availability of the system. | ||||
| CVE-2022-44930 | 1 Dlink | 2 Dhp-w310av, Dhp-w310av Firmware | 2025-04-24 | 9.8 Critical |
| D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function. | ||||
| CVE-2022-44928 | 1 D-link | 2 Dvg-g5402sp, Dvg-g5402sp Firmware | 2025-04-24 | 9.8 Critical |
| D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maintenance function. | ||||
| CVE-2022-44366 | 1 Tenda | 2 I21, I21 Firmware | 2025-04-24 | 9.8 Critical |
| Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setDiagnoseInfo. | ||||
| CVE-2022-44365 | 1 Tenda | 2 I21, I21 Firmware | 2025-04-24 | 9.8 Critical |
| Tenda i21 V1.0.0.14(4656) has a stack overflow vulnerability via /goform/setSysPwd. | ||||
| CVE-2022-44363 | 1 Tenda | 2 I21, I21 Firmware | 2025-04-24 | 9.8 Critical |
| Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setSnmpInfo. | ||||
| CVE-2022-42496 | 1 Kujirahand | 1 Nadesiko3 | 2025-04-24 | 9.8 Critical |
| OS command injection vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to obtain appkey of the product and execute an arbitrary OS command on the product. | ||||
| CVE-2022-41642 | 1 Kujirahand | 1 Nadesiko3 | 2025-04-24 | 9.8 Critical |
| OS command injection vulnerability in Nadesiko3 (PC Version) v3.3.61 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product. | ||||
| CVE-2022-40918 | 1 Force1rc | 2 Discovery Wifi U818a Hd\+ Fpv, Discovery Wifi U818a Hd\+ Fpv Firmware | 2025-04-24 | 9.8 Critical |
| Buffer overflow in firmware lewei_cam binary version 2.0.10 in Force 1 Discovery Wifi U818A HD+ FPV Drone allows attacker to gain remote code execution as root user via a specially crafted UDP packet. Please update the Reference section to these links > http://thiscomputer.com/ > https://www.bostoncyber.org/ > https://medium.com/@meekworth/exploiting-the-lw9621-drone-camera-module-773f00081368 | ||||