Search Results (21089 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-27377 2 Samsung, Samsung Mobile 11 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 8 more 2025-03-28 6.7 Medium
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_get_security_info_nl(), there is no input validation check on sec_info->key_info.body.pmk_info.pmk_len coming from userspace, which can lead to a heap overwrite.
CVE-2024-25468 1 Totolink 2 X5000r, X5000r Firmware 2025-03-28 7.5 High
An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113 allows a remote attacker to cause a denial of service via the host_time parameter of the NTPSyncWithHost component.
CVE-2024-20020 2 Google, Mediatek 8 Android, Mt2713, Mt2715 and 5 more 2025-03-28 4.4 Medium
In OPTEE, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08522504; Issue ID: ALPS08522504.
CVE-2023-52349 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-03-28 5.6 Medium
In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed
CVE-2025-27105 1 Vyperlang 1 Vyper 2025-03-28 9.1 Critical
vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an access to a DynArray and the rhs modifies the array, the cached target will evaluate first, and the bounds check will not be re-evaluated during the write portion of the statement. This issue has been addressed in version 0.4.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2022-40220 1 Siretta 2 Quartz-gold, Quartz-gold Firmware 2025-03-28 8.8 High
An OS command injection vulnerability exists in the httpd txt/restore.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2024-51456 2 Ibm, Microsoft 2 Robotic Process Automation, Windows 2025-03-28 5.9 Medium
IBM Robotic Process Automation 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 could allow a remote attacker to obtain sensitive data that may be exposed through certain crypto-analytic attacks.
CVE-2024-57687 1 Phpgurukul 1 Land Record System 2025-03-28 9.8 Critical
An OS Command Injection vulnerability was found in /landrecordsys/admin/dashboard.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the "Cookie" GET request parameter.
CVE-2025-25039 1 Arubanetworks 1 Clearpass Policy Manager 2025-03-28 4.7 Medium
A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system.
CVE-2023-24170 1 Tenda 2 Ac18, Ac18 Firmware 2025-03-28 9.8 Critical
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/fromSetWirelessRepeat.
CVE-2023-24169 1 Tenda 2 Ac18, Ac18 Firmware 2025-03-28 9.8 Critical
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_0007343c.
CVE-2023-24167 1 Tenda 2 Ac18, Ac18 Firmware 2025-03-28 9.8 Critical
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/add_white_node.
CVE-2023-24166 1 Tenda 2 Ac18, Ac18 Firmware 2025-03-28 9.8 Critical
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/formWifiBasicSet.
CVE-2023-24165 1 Tenda 2 Ac18, Ac18 Firmware 2025-03-28 9.8 Critical
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/initIpAddrInfo.
CVE-2023-24164 1 Tenda 2 Ac18, Ac18 Firmware 2025-03-28 9.8 Critical
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_000c2318.
CVE-2024-54181 2 Ibm, Linux 2 Websphere Automation, Linux Kernel 2025-03-28 7.2 High
IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. Using specially crafted input, the user could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-48108 1 Dlink 2 Dir 878, Dir 878 Firmware 2025-03-28 9.8 Critical
D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to escalate privileges to root via a crafted payload.
CVE-2022-48107 1 Dlink 2 Dir 878, Dir 878 Firmware 2025-03-28 9.8 Critical
D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /setnetworksettings/IPAddress. This vulnerability allows attackers to escalate privileges to root via a crafted payload.
CVE-2022-48072 1 Phicomm 2 K2, K2 Firmware 2025-03-28 7.8 High
Phicomm K2G v22.6.3.20 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function.
CVE-2022-48070 1 Phicomm 2 K2, K2 Firmware 2025-03-28 7.8 High
Phicomm K2 v22.6.534.263 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function.