Export limit exceeded: 359880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (6681 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-46760 | 1 Amd | 14 Ryzen 3945wx, Ryzen 3945wx Firmware, Ryzen 3955wx and 11 more | 2025-01-27 | 9.8 Critical |
| A malicious or compromised UApp or ABL can send a malformed system call to the bootloader, which may result in an out-of-bounds memory access that may potentially lead to an attacker leaking sensitive information or achieving code execution. | ||||
| CVE-2023-31531 | 1 Motorola | 2 Cx2l, Cx2l Firmware | 2025-01-27 | 8.8 High |
| Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter. | ||||
| CVE-2023-31530 | 1 Motorola | 2 Cx2l, Cx2l Firmware | 2025-01-27 | 8.8 High |
| Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the smartqos_priority_devices parameter. | ||||
| CVE-2023-31529 | 1 Motorola | 2 Cx2l, Cx2l Firmware | 2025-01-27 | 8.8 High |
| Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the system_time_timezone parameter. | ||||
| CVE-2023-31528 | 1 Motorola | 2 Cx2l, Cx2l Firmware | 2025-01-27 | 8.8 High |
| Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the staticroute_list parameter. | ||||
| CVE-2023-28356 | 1 Rocket.chat | 1 Rocket.chat | 2025-01-27 | 7.5 High |
| A vulnerability has been identified where a maliciously crafted message containing a specific chain of characters can cause the chat to enter a hot loop on one of the processes, consuming ~120% CPU and rendering the service unresponsive. | ||||
| CVE-2022-29842 | 1 Westerndigital | 11 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 8 more | 2025-01-24 | 9.8 Critical |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: before 5.26.119. | ||||
| CVE-2023-31914 | 1 Jerryscript | 1 Jerryscript | 2025-01-24 | 5.5 Medium |
| Jerryscript 3.0 (commit 05dbbd1) was discovered to contain out-of-memory issue in malloc. | ||||
| CVE-2023-21110 | 1 Google | 1 Android | 2025-01-24 | 7.8 High |
| In several functions of SnoozeHelper.java, there is a possible way to grant notifications access due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-258422365 | ||||
| CVE-2023-20930 | 1 Google | 1 Android | 2025-01-24 | 5.5 Medium |
| In pushDynamicShortcut of ShortcutPackage.java, there is a possible way to get the device into a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-250576066 | ||||
| CVE-2023-24540 | 2 Golang, Redhat | 20 Go, Acm, Advanced Cluster Security and 17 more | 2025-01-24 | 9.8 Critical |
| Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution. | ||||
| CVE-2023-31985 | 1 Edimax | 2 Br-6428ns, Br-6428ns Firmware | 2025-01-24 | 9.8 Critical |
| A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the formAccept function in /bin/webs without any limitations. | ||||
| CVE-2023-31983 | 1 Edimax | 2 Br-6428ns, Br-6428ns Firmware | 2025-01-24 | 9.8 Critical |
| A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the mp function in /bin/webs without any limitations. | ||||
| CVE-2023-2682 | 1 Catontechnology | 1 Caton Live | 2025-01-24 | 6.3 Medium |
| A vulnerability was found in Caton Live up to 2023-04-26 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/ping.cgi of the component Mini_HTTPD. The manipulation of the argument address with the input ;id;uname${IFS}-a leads to command injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-228911. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-2666 | 1 Froxlor | 1 Froxlor | 2025-01-24 | 7.5 High |
| Allocation of Resources Without Limits or Throttling in GitHub repository froxlor/froxlor prior to 2.0.16. | ||||
| CVE-2024-28136 | 1 Phoenixcontact | 12 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 9 more | 2025-01-24 | 7.8 High |
| A local attacker with low privileges can use a command injection vulnerability to gain root privileges due to improper input validation using the OCPP Remote service. | ||||
| CVE-2024-28135 | 1 Phoenixcontact | 12 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 9 more | 2025-01-24 | 5 Medium |
| A low privileged remote attacker can use a command injection vulnerability in the API which performs remote code execution as the user-app user due to improper input validation. The confidentiality is partly affected. | ||||
| CVE-2024-25998 | 1 Phoenixcontact | 12 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 9 more | 2025-01-24 | 7.3 High |
| An unauthenticated remote attacker can perform a command injection in the OCPP Service with limited privileges due to improper input validation. | ||||
| CVE-2023-32073 | 1 Wwbn | 1 Avideo | 2025-01-23 | 8.8 High |
| WWBN AVideo is an open source video platform. In versions 12.4 and prior, a command injection vulnerability exists at `plugin/CloneSite/cloneClient.json.php` which allows Remote Code Execution if you CloneSite Plugin. This is a bypass to the fix for CVE-2023-30854, which affects WWBN AVideo up to version 12.3. This issue is patched in commit 1df4af01f80d56ff2c4c43b89d0bac151e7fb6e3. | ||||
| CVE-2023-31986 | 1 Edimax | 2 Br-6428ns, Br-6428ns Firmware | 2025-01-23 | 9.8 Critical |
| A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the setWAN function in /bin/webs without any limitations. | ||||