Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20396 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-6898 | 2 D-link, Dlink | 3 Di-7300g+, Di-7300g\+, Di-7300g\+ Firmware | 2025-07-14 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in D-Link DI-7300G+ 19.12.25A1. Affected by this issue is some unknown functionality of the file in proxy_client.asp. The manipulation of the argument proxy_srv/proxy_lanport/proxy_lanip/proxy_srvport leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6896 | 2 D-link, Dlink | 3 Di-7300g+, Di-7300g\+, Di-7300g\+ Firmware | 2025-07-14 | 6.3 Medium |
| A vulnerability classified as critical has been found in D-Link DI-7300G+ 19.12.25A1. Affected is an unknown function of the file wget_test.asp. The manipulation of the argument url leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-20695 | 3 Google, Mediatek, Openwrt | 14 Android, Mt6639, Mt6653 and 11 more | 2025-07-14 | 6.5 Medium |
| In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09741871; Issue ID: MSV-3317. | ||||
| CVE-2023-52725 | 2 Linuxfoundation, Open Networking Foundation | 2 Onos-kpimon, Sd-ran Onos | 2025-07-14 | 6.5 Medium |
| Open Networking Foundation SD-RAN ONOS onos-kpimon 0.4.7 allows blocking of the errCh channel within the Start function of the monitoring package. | ||||
| CVE-2023-52727 | 1 Linuxfoundation | 1 Onos-lib-go | 2025-07-14 | 8.1 High |
| Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an index out-of-range condition in parseAlignBits. | ||||
| CVE-2023-52724 | 1 Linuxfoundation | 1 Onos-kpimon | 2025-07-14 | 8.1 High |
| Open Networking Foundation SD-RAN onos-kpimon 0.4.7 allows out-of-bounds array access in the processIndicationFormat1 function. | ||||
| CVE-2025-6770 | 1 Ivanti | 1 Endpoint Manager Mobile | 2025-07-13 | 7.2 High |
| OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2 allows a remote authenticated attacker with high privileges to achieve remote code execution | ||||
| CVE-2025-20682 | 2 Mediatek, Openwrt | 10 Mt6890, Mt7615, Mt7622 and 7 more | 2025-07-13 | 9.8 Critical |
| In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00416937; Issue ID: MSV-3445. | ||||
| CVE-2025-30312 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2025-07-13 | 7.8 High |
| Dimension versions 4.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-6771 | 1 Ivanti | 1 Endpoint Manager Mobile | 2025-07-13 | 7.2 High |
| OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges to achieve remote code execution | ||||
| CVE-2025-20684 | 1 Mediatek | 4 Mt7615, Mt7622, Mt7663 and 1 more | 2025-07-13 | 9.8 Critical |
| In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00416939; Issue ID: MSV-3422. | ||||
| CVE-2024-13170 | 1 Ivanti | 1 Endpoint Manager | 2025-07-13 | 7.5 High |
| An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | ||||
| CVE-2024-23608 | 1 Ni | 1 Labview | 2025-07-12 | 7.8 High |
| An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions. | ||||
| CVE-2024-25578 | 1 Microdicom | 1 Dicom Viewer | 2025-07-12 | 7.8 High |
| MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior contain a lack of proper validation of user-supplied data, which could result in memory corruption within the application. | ||||
| CVE-2025-1339 | 1 Totolink | 1 X18 | 2025-07-12 | 6.3 Medium |
| A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been rated as critical. This issue affects the function setL2tpdConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-23240 | 1 Openharmony | 1 Openharmony | 2025-07-12 | 3.8 Low |
| in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios. | ||||
| CVE-2019-20208 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2025-07-11 | 5.5 Medium |
| dimC_Read in isomedia/box_code_3gpp.c in GPAC from 0.5.2 to 0.8.0 has a stack-based buffer overflow. | ||||
| CVE-2025-6376 | 1 Rockwellautomation | 1 Arena | 2025-07-11 | 7.8 High |
| A remote code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the software. If exploited, a threat actor could execute arbitrary code on the target system. The software must run under the context of the administrator in order to cause worse case impact. This is reflected in the Rockwell CVSS score, as AT:P. | ||||
| CVE-2025-6377 | 1 Rockwellautomation | 1 Arena | 2025-07-11 | 7.8 High |
| A remote code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the software. If exploited, a threat actor could execute arbitrary code on the target system. The software must run under the context of the administrator in order to cause worse case impact. This is reflected in the Rockwell CVSS score, as AT:P. | ||||
| CVE-2024-12835 | 1 Deltaww | 1 Drasimucad | 2025-07-11 | N/A |
| Delta Electronics DRASimuCAD ICS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22415. | ||||