Export limit exceeded: 21030 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (21030 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-41272 | 2 Waterfall, Waterfall-security | 3 Wf-500, Wf-500, Wf-500 Firmware | 2026-06-18 | 9.8 Critical |
| Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device. | ||||
| CVE-2025-41274 | 2 Waterfall, Waterfall-security | 3 Wf-500, Wf-500, Wf-500 Firmware | 2026-06-18 | 9.8 Critical |
| Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device. | ||||
| CVE-2026-11410 | 2026-06-18 | N/A | ||
| An authenticated OS command injection vulnerability exists in the BigPond Cable (BPA) WAN configuration module in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges. | ||||
| CVE-2026-11409 | 2026-06-18 | N/A | ||
| An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges. | ||||
| CVE-2026-44932 | 2026-06-18 | 8.8 High | ||
| Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine. | ||||
| CVE-2026-6893 | 1 Redhat | 6 Dracut, Enterprise Linux, Hardened Images and 3 more | 2026-06-18 | 7.5 High |
| A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP (Dynamic Host Configuration Protocol) options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and written into temporary shell scripts without proper escaping, leading to command injection. This allows the attacker to achieve root code execution within the initramfs, potentially compromising the system's boot and network behavior. | ||||
| CVE-2026-8358 | 1 The Document Foundation | 1 Libreoffice | 2026-06-18 | 6.6 Medium |
| LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its allocation. In fixed versions records with a duplicate identifier are rejected. | ||||
| CVE-2025-24118 | 1 Apple | 2 Ipados, Macos | 2026-06-18 | 9.8 Critical |
| The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to cause unexpected system termination or write kernel memory. | ||||
| CVE-2026-6040 | 1 The Document Foundation | 1 Libreoffice | 2026-06-18 | 7.3 High |
| A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed versions the position is bounds-checked before use. | ||||
| CVE-2026-8357 | 1 The Document Foundation | 1 Libreoffice | 2026-06-18 | 7.8 High |
| LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element past its end. In fixed versions the array is sized to hold the largest possible nesting. | ||||
| CVE-2026-12318 | 1 Mozilla | 1 Firefox | 2026-06-17 | 7.3 High |
| Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152 and Thunderbird 152. | ||||
| CVE-2026-12161 | 1 Devolutions | 1 Remote Desktop Manager | 2026-06-17 | 8.8 High |
| Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials via a crafted alternate username and user interaction with the Elevate Shell action. | ||||
| CVE-2026-22313 | 1 Radiflow | 1 Isap Smart Collector | 2026-06-17 | 9.1 Critical |
| The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by the underlying operating system. | ||||
| CVE-2026-0147 | 1 Google | 1 Android | 2026-06-17 | 8.8 High |
| In __mfc_core_nal_q_get_dec_metadata_sei_nal of mfc_core_nal_q.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-47294 | 1 Microsoft | 5 Sharepoint Enterprise Server 2016, Sharepoint Server, Sharepoint Server 2016 and 2 more | 2026-06-17 | 8 High |
| Improper neutralization of special elements used in an os command ('os command injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-0149 | 1 Google | 1 Android | 2026-06-17 | 8.8 High |
| In RtpSession::rtpSendRtcpPacket, there is a possible OOB write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-0151 | 1 Google | 1 Android | 2026-06-17 | 8.8 High |
| In IntfGraphCreate of intfgraph.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-0138 | 1 Google | 1 Android | 2026-06-17 | 7.8 High |
| In lwis_io_buffer_write of lwis_io_buffer.c, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-0146 | 1 Google | 1 Android | 2026-06-17 | 8.8 High |
| In mfc_core_get_dec_metadata_sei_nal of mfc_core_reg_api.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-0150 | 1 Google | 1 Android | 2026-06-17 | 7.8 High |
| In ExecuteGraph command handler of EdgeTPU firmware, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with root privileges needed. User interaction is not needed for exploitation. | ||||