Export limit exceeded: 19680 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19680 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-21501 | 2 Color, Internationalcolorconsortium | 2 Iccdev, Iccdev | 2026-01-09 | 5.5 Medium |
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to stack overflow in the calculator parser. This issue has been patched in version 2.3.1.2. | ||||
| CVE-2025-63334 | 1 Magdesign | 2 Pocketvj Control Panel, Pocketvj Control Panel Firmware | 2026-01-09 | 9.8 Critical |
| PocketVJ CP PocketVJ-CP-v3 pvj version 3.9.1 contains an unauthenticated remote code execution vulnerability in the submit_opacity.php component. The application fails to sanitize user input in the opacityValue POST parameter before passing it to a shell command, allowing remote attackers to execute arbitrary commands with root privileges on the underlying system. | ||||
| CVE-2025-27807 | 1 Samsung | 42 Exynos, Exynos 1080, Exynos 1080 Firmware and 39 more | 2026-01-09 | 9.1 Critical |
| An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-of-bounds writes via malformed NAS packets. | ||||
| CVE-2025-38685 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-08 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit This issue triggers when a userspace program does an ioctl FBIOPUT_CON2FBMAP by passing console number and frame buffer number. Ideally this maps console to frame buffer and updates the screen if console is visible. As part of mapping it has to do resize of console according to frame buffer info. if this resize fails and returns from vc_do_resize() and continues further. At this point console and new frame buffer are mapped and sets display vars. Despite failure still it continue to proceed updating the screen at later stages where vc_data is related to previous frame buffer and frame buffer info and display vars are mapped to new frame buffer and eventully leading to out-of-bounds write in fast_imageblit(). This bheviour is excepted only when fg_console is equal to requested console which is a visible console and updates screen with invalid struct references in fbcon_putcs(). | ||||
| CVE-2025-38676 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-08 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Avoid stack buffer overflow from kernel cmdline While the kernel command line is considered trusted in most environments, avoid writing 1 byte past the end of "acpiid" if the "str" argument is maximum length. | ||||
| CVE-2017-20216 | 1 Flir | 1 Thermal Camera | 2026-01-08 | 9.8 Critical |
| FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. Attackers can execute arbitrary system commands as root by exploiting unsanitized POST parameters in the execFlirSystem() function through shell_exec() calls. Exploitation evidence was observed by the Shadowserver Foundation on 2026-01-06 (UTC). | ||||
| CVE-2017-20215 | 1 Flir | 1 Thermal Camera | 2026-01-08 | 8.8 High |
| FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command injection vulnerability that allows attackers to execute shell commands with root privileges. Authenticated attackers can inject arbitrary shell commands through unvalidated input parameters to gain complete control of the thermal camera system. | ||||
| CVE-2020-36910 | 2026-01-08 | 8.8 High | ||
| Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard_system.cgi pages. Attackers can exploit the 'NTP_Server_IP' parameter with default credentials to execute arbitrary shell commands as root. | ||||
| CVE-2025-6225 | 2026-01-08 | N/A | ||
| Kieback&Peter Neutrino-GLT product is used for building management. It's web component "SM70 PHWEB" is vulnerable to shell command injection via login form. The injected commands would execute with low privileges. The vulnerability has been fixed in version 9.40.02 | ||||
| CVE-2025-61304 | 1 Dynatrace | 2 Activegate, Activegate Ping Extension | 2026-01-08 | 9.8 Critical |
| OS command injection vulnerability in Dynatrace ActiveGate ping extension up to 1.016 via crafted ip address. | ||||
| CVE-2025-38729 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-08 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 power domain descriptors, too UAC3 power domain descriptors need to be verified with its variable bLength for avoiding the unexpected OOB accesses by malicious firmware, too. | ||||
| CVE-2025-13306 | 2 D-link, Dlink | 12 Dir-822, Dir-825, Dwr-920 and 9 more | 2026-01-08 | 6.3 Medium |
| A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-1125 | 2 Gnu, Redhat | 3 Grub2, Enterprise Linux, Openshift | 2026-01-08 | 7.8 High |
| When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to calculate the internal buffers size, however it misses to properly check for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculation to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result the hfsplus_open_compressed_real() function will write past of the internal buffer length. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution by-passing secure boot protections. | ||||
| CVE-2025-56117 | 1 Ruijie | 5 Rg-est310, Rg-est310 Firmware, X30-pro and 2 more | 2026-01-07 | 8.8 High |
| OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua. | ||||
| CVE-2025-56114 | 1 Ruijie | 5 M18-ew, M18-ew Firmware, M18 Ew and 2 more | 2026-01-07 | 8.8 High |
| OS Command Injection vulnerability in Ruijie M18 EW_3.0(1)B11P226_M18_10223116 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua. | ||||
| CVE-2025-56111 | 1 Ruijie | 2 Rg-bcr860, Rg-bcr860 Firmware | 2026-01-07 | 8.8 High |
| OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the network_set_wan_conf in file /usr/lib/lua/luci/controller/admin/netport.lua. | ||||
| CVE-2025-39718 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-07 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Validate length in packet header before skb_put() When receiving a vsock packet in the guest, only the virtqueue buffer size is validated prior to virtio_vsock_skb_rx_put(). Unfortunately, virtio_vsock_skb_rx_put() uses the length from the packet header as the length argument to skb_put(), potentially resulting in SKB overflow if the host has gone wonky. Validate the length as advertised by the packet header before calling virtio_vsock_skb_rx_put(). | ||||
| CVE-2025-38538 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-07 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: dmaengine: nbpfaxi: Fix memory corruption in probe() The nbpf->chan[] array is allocated earlier in the nbpf_probe() function and it has "num_channels" elements. These three loops iterate one element farther than they should and corrupt memory. The changes to the second loop are more involved. In this case, we're copying data from the irqbuf[] array into the nbpf->chan[] array. If the data in irqbuf[i] is the error IRQ then we skip it, so the iterators are not in sync. I added a check to ensure that we don't go beyond the end of the irqbuf[] array. I'm pretty sure this can't happen, but it seemed harmless to add a check. On the other hand, after the loop has ended there is a check to ensure that the "chan" iterator is where we expect it to be. In the original code we went one element beyond the end of the array so the iterator wasn't in the correct place and it would always return -EINVAL. However, now it will always be in the correct place. I deleted the check since we know the result. | ||||
| CVE-2025-15155 | 1 Floooh | 1 Sokol | 2026-01-06 | 5.3 Medium |
| A vulnerability was detected in floooh sokol up to 16cbcc864012898793cd2bc57f802499a264ea40. The impacted element is the function _sg_pipeline_desc_defaults in the library sokol_gfx.h. The manipulation results in stack-based buffer overflow. The attack requires a local approach. The exploit is now public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is identified as 5d11344150973f15e16d3ec4ee7550a73fb995e0. It is advisable to implement a patch to correct this issue. | ||||
| CVE-2025-66398 | 1 Signalk | 2 Signal K Server, Signalk-server | 2026-01-06 | 9.7 Critical |
| Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.19.0, an unauthenticated attacker can pollute the internal state (`restoreFilePath`) of the server via the `/skServer/validateBackup` endpoint. This allows the attacker to hijack the administrator's "Restore" functionality to overwrite critical server configuration files (e.g., `security.json`, `package.json`), leading to account takeover and Remote Code Execution (RCE). Version 2.19.0 patches this vulnerability. | ||||