Export limit exceeded: 363020 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 85425 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (85425 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-12530 1 Aws 1 Bedrock-agentcore 2026-06-18 7.3 High
Improper neutralization of argument delimiters in the install_packages() method in AWS Bedrock AgentCore Python SDK versions >= 1.1.3 and < 1.6.1 might allow a remote authenticated user to execute arbitrary commands within the Code Interpreter sandbox via crafted package name arguments. To mitigate this issue, users should upgrade to version 1.6.1.
CVE-2026-12438 1 Google 1 Chrome 2026-06-18 8.3 High
Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-12441 1 Google 1 Chrome 2026-06-18 8.8 High
Use after free in File Input in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-12442 1 Google 1 Chrome 2026-06-18 8.8 High
Use after free in Passwords in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-12445 1 Google 1 Chrome 2026-06-18 7.5 High
Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
CVE-2026-12447 1 Google 1 Chrome 2026-06-18 8.8 High
Heap buffer overflow in WebRTC in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-12448 1 Google 1 Chrome 2026-06-18 8.8 High
Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)
CVE-2026-12449 1 Google 1 Chrome 2026-06-18 7.8 High
Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)
CVE-2026-12451 1 Google 1 Chrome 2026-06-18 8.3 High
Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-12454 1 Google 1 Chrome 2026-06-18 8.3 High
Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-12455 1 Google 1 Chrome 2026-06-18 7.5 High
Use after free in Tab Strip in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2026-0628 1 Google 1 Chrome 2026-06-18 8.8 High
Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)
CVE-2026-25108 2 Soliton, Soliton Systems K.k. 2 Filezen, Filezen 2026-06-18 8.8 High
FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.
CVE-2026-49975 3 Apache, Debian, F5 3 Http Server, Debian Linux, Nginx 2026-06-18 7.5 High
Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.
CVE-2026-25667 1 Microsoft 2 .net, Aspnetcore 2026-06-18 7.5 High
ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing.
CVE-2026-29955 1 Cloudark 1 Kubeplus 2026-06-18 8.8 High
The `/registercrd` endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses `subprocess.Popen()` with `shell=True` parameter to execute shell commands, and the user-supplied `chartName` parameter is directly concatenated into the command string without any sanitization or validation. An attacker can inject arbitrary shell commands by crafting a malicious `chartName` parameter value.
CVE-2026-23774 1 Dell 3 Data Domain Operating System, Powerprotect Data Domain, Powerprotect Dp Series Appliance 2026-06-18 7.2 High
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.
CVE-2026-24506 1 Dell 3 Data Domain Operating System, Powerprotect Data Domain, Powerprotect Dp Series Appliance 2026-06-18 7.2 High
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution as root.
CVE-2026-38834 1 Tenda 2 W30e, W30e Firmware 2026-06-18 7.3 High
Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the do_ping_action function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2026-1460 1 Zyxel 2 Dx3301-t0 Firmware, Ex3301-t0 Firmware 2026-06-18 7.2 High
A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected device.