Export limit exceeded: 10441 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 20396 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20396 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21044 | 1 Samsung | 1 Android | 2026-02-26 | 5.7 Medium |
| Out-of-bounds write in fingerprint trustlet prior to SMR Oct-2025 Release 1 allows local privileged attackers to write out-of-bounds memory. | ||||
| CVE-2025-36245 | 1 Ibm | 1 Infosphere Information Server | 2026-02-26 | 8.8 High |
| IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input. | ||||
| CVE-2025-30264 | 1 Qnap | 2 Qts, Quts Hero | 2026-02-26 | 8.8 High |
| A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later | ||||
| CVE-2025-9377 | 1 Tp-link | 6 Archer C7, Archer C7 Firmware, Tl-wr841n and 3 more | 2026-02-26 | 7.2 High |
| The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9. This issue affects Archer C7(EU) V2: before 241108 and TL-WR841N/ND(MS) V9: before 241108. Both products have reached the status of EOL (end-of-life). It's recommending to purchase the new product to ensure better performance and security. If replacement is not an option in the short term, please use the second reference link to download and install the patch(es). | ||||
| CVE-2025-6033 | 1 Ni | 1 Circuit Design Suite | 2026-02-26 | 7.8 High |
| There is a memory corruption vulnerability due to an out of bounds write in XML_Serialize() when using SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.1 and prior versions. | ||||
| CVE-2025-20711 | 2 Mediatek, Openwrt | 6 Mt6890, Mt7916, Mt7981 and 3 more | 2026-02-26 | 8.8 High |
| In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00422399; Issue ID: MSV-3748. | ||||
| CVE-2025-20718 | 2 Mediatek, Openwrt | 10 Mt6890, Mt7615, Mt7622 and 7 more | 2026-02-26 | 7.8 High |
| In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00419945; Issue ID: MSV-3581. | ||||
| CVE-2025-20719 | 2 Mediatek, Openwrt | 10 Mt6890, Mt7603, Mt7615 and 7 more | 2026-02-26 | 8.8 High |
| In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418955; Issue ID: MSV-3570. | ||||
| CVE-2025-20720 | 2 Mediatek, Openwrt | 10 Mt6890, Mt7603, Mt7615 and 7 more | 2026-02-26 | 8.8 High |
| In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418954; Issue ID: MSV-3569. | ||||
| CVE-2025-20721 | 2 Google, Mediatek | 25 Android, Iot Yocto, Mt6873 and 22 more | 2026-02-26 | 7.8 High |
| In imgsensor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10089545; Issue ID: MSV-4279. | ||||
| CVE-2025-20713 | 2 Mediatek, Openwrt | 10 Mt6890, Mt7615, Mt7622 and 7 more | 2026-02-26 | 7.8 High |
| In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00432661; Issue ID: MSV-3904. | ||||
| CVE-2025-20714 | 2 Mediatek, Openwrt | 18 Mt6890, Mt6890 Firmware, Mt7615 and 15 more | 2026-02-26 | 7.8 High |
| In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00432659; Issue ID: MSV-3902. | ||||
| CVE-2025-20723 | 2 Google, Mediatek | 15 Android, Mt6835, Mt6878 and 12 more | 2026-02-26 | 7.8 High |
| In gnss driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09920033; Issue ID: MSV-3797. | ||||
| CVE-2025-20715 | 2 Mediatek, Openwrt | 10 Mt6890, Mt7615, Mt7622 and 7 more | 2026-02-26 | 7.8 High |
| In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00421152; Issue ID: MSV-3731. | ||||
| CVE-2025-20716 | 2 Mediatek, Openwrt | 10 Mt6890, Mt7615, Mt7622 and 7 more | 2026-02-26 | 7.8 High |
| In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00421149; Issue ID: MSV-3728. | ||||
| CVE-2025-20717 | 2 Mediatek, Openwrt | 10 Mt6890, Mt7615, Mt7622 and 7 more | 2026-02-26 | 7.8 High |
| In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00419946; Issue ID: MSV-3582. | ||||
| CVE-2025-11953 | 2 Microsoft, React-native-community | 3 Windows, Cli, React Native Community Cli | 2026-02-26 | 9.8 Critical |
| The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary executables. On Windows, the attackers can also execute arbitrary shell commands with fully controlled arguments. | ||||
| CVE-2025-10242 | 1 Ivanti | 1 Endpoint Manager Mobile | 2026-02-26 | 7.2 High |
| OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2025-10243 | 1 Ivanti | 1 Endpoint Manager Mobile | 2026-02-26 | 7.2 High |
| OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2025-10985 | 1 Ivanti | 1 Endpoint Manager Mobile | 2026-02-26 | 7.2 High |
| OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||