Export limit exceeded: 20749 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20749 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-4974 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2026-03-31 | 8.8 High |
| A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used. | ||||
| CVE-2025-47901 | 1 Microchip | 2 Timeprovider 4100, Timeprovider 4100 Firmware | 2026-03-31 | 8.8 High |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5. | ||||
| CVE-2025-47900 | 1 Microchip | 2 Timeprovider 4100, Timeprovider 4100 Firmware | 2026-03-31 | 8.8 High |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5. | ||||
| CVE-2026-26831 | 1 Dbashford | 1 Textract | 2026-03-30 | 9.8 Critical |
| textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to child_process.exec() in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequate sanitization | ||||
| CVE-2026-26833 | 1 Mmahrous | 1 Thumbler | 2026-03-30 | 9.8 Critical |
| thumbler through 1.1.2 allows OS command injection via the input, output, time, or size parameter in the thumbnail() function because user input is concatenated into a shell command string passed to child_process.exec() without proper sanitization or escaping. | ||||
| CVE-2026-5021 | 1 Tenda | 2 F453, F453 Firmware | 2026-03-30 | 8.8 High |
| A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. This manipulation of the argument delno causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used. | ||||
| CVE-2026-5042 | 1 Belkin | 2 F9k1122, F9k1122 Firmware | 2026-03-30 | 8.8 High |
| A security flaw has been discovered in Belkin F9K1122 1.00.33. The affected element is the function formCrossBandSwitch of the file /goform/formCrossBandSwitch of the component Parameter Handler. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-5044 | 1 Belkin | 2 F9k1122, F9k1122 Firmware | 2026-03-30 | 8.8 High |
| A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affects the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. Such manipulation of the argument webpage leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-5101 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-03-30 | 6.3 Medium |
| A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument lanIp leads to command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. | ||||
| CVE-2016-20039 | 1 Mamedev | 1 Mess Emulator | 2026-03-30 | 8.4 High |
| Multi Emulator Super System 0.154-3.1 contains a buffer overflow vulnerability in the gamma parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized gamma parameter value to overflow the stack buffer and overwrite the instruction pointer with a controlled address to achieve code execution. | ||||
| CVE-2016-20047 | 1 Ekg | 1 Ekg Gadu | 2026-03-30 | 8.4 High |
| EKG Gadu 1.9~pre+r2855-3+b1 contains a local buffer overflow vulnerability in the username handling that allows local attackers to execute arbitrary code by supplying an oversized username string. Attackers can trigger the overflow in the strlcpy function by passing a crafted buffer exceeding 258 bytes to overwrite the instruction pointer and execute shellcode with user privileges. | ||||
| CVE-2016-20038 | 1 Werner | 1 Ytree | 2026-03-30 | 8.4 High |
| yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an excessively long argument to the application. Attackers can craft a malicious command-line argument containing shellcode and a return address to overwrite the stack and execute code in the application context. | ||||
| CVE-2017-20226 | 1 Msk | 1 Mapscrn | 2026-03-30 | 8.4 High |
| Mapscrn 2.0.3 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized input buffer. Attackers can craft a malicious buffer with junk data, return address, NOP instructions, and shellcode to overflow the stack and achieve code execution or denial of service. | ||||
| CVE-2026-4946 | 1 Nsa | 1 Ghidra | 2026-03-30 | 8.8 High |
| Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically extracted binary data, resulting in arbitrary command execution when an analyst interacts with the UI. Specifically, the @execute annotation (which is intended for trusted, user-authored comments) is also parsed in comments generated during auto-analysis (such as CFStrings in Mach-O binaries). This allows a crafted binary to present seemingly benign clickable text which, when clicked, executes attacker-controlled commands on the analyst’s machine. | ||||
| CVE-2020-19513 | 1 Aida64 | 1 Aida64 | 2026-03-30 | 7.8 High |
| Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows attackers to execute arbitrary code by creating a crafted input that will overwrite the SEH handler. | ||||
| CVE-2016-20037 | 1 Identicalsoftware | 1 Xwpe | 2026-03-30 | 8.4 High |
| xwpe 1.5.30a-2.1 and prior contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying overly long input strings that exceed buffer boundaries. Attackers can craft malicious command-line arguments with 262 bytes of junk data followed by shellcode to overwrite the instruction pointer and achieve code execution or denial of service. | ||||
| CVE-2018-25222 | 1 Sc | 1 Sc | 2026-03-30 | 8.4 High |
| SC v7.16 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Attackers can craft malicious input strings exceeding 1052 bytes to overwrite the instruction pointer and execute shellcode in the application context. | ||||
| CVE-2016-20042 | 1 Trn | 1 Threaded Usenet News Reader | 2026-03-30 | 8.4 High |
| TRN 3.6-23 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the application. Attackers can craft a malicious command-line argument with 156 bytes of padding followed by a return address to overwrite the instruction pointer and execute shellcode with user privileges. | ||||
| CVE-2026-34005 | 1 Xiongmai | 1 Dvr/nvr Devices | 2026-03-30 | 8.8 High |
| In Sofia on Xiongmai DVR/NVR (AHB7008T-MH-V2 and NBD7024H-P) 4.03.R11 devices, root OS command injection can occur via shell metacharacters in the HostName value via an authenticated DVRIP protocol (TCP port 34567) request to the NetWork.NetCommon configuration handler, because system() is used. | ||||
| CVE-2023-7338 | 1 Ruckusnetworks | 30 Ruckus C110, Ruckus E510, Ruckus H320 and 27 more | 2026-03-30 | 7.5 High |
| Ruckus Unleashed contains a remote code execution vulnerability in the web-based management interface that allows authenticated remote attackers to execute arbitrary code on the system when gateway mode is enabled. Attackers can exploit this vulnerability by sending specially crafted requests through the management interface to achieve arbitrary code execution on affected systems. | ||||