Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19553 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-43208 | 1 Nextgen | 1 Mirth Connect | 2025-10-31 | 9.8 Critical |
| NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679. | ||||
| CVE-2021-34770 | 1 Cisco | 11 Catalyst 9800, Catalyst 9800-40, Catalyst 9800-40 Wireless Controller and 8 more | 2025-10-30 | 10 Critical |
| A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a logic error that occurs during the validation of CAPWAP packets. An attacker could exploit this vulnerability by sending a crafted CAPWAP packet to an affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the affected device to crash and reload, resulting in a DoS condition. | ||||
| CVE-2024-11120 | 1 Geovision | 11 Gv-dsp Lpr, Gv-dsp Lpr Firmware, Gv-dsp Lpr V3 Firmware and 8 more | 2025-10-30 | 9.8 Critical |
| Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports. | ||||
| CVE-2018-6961 | 1 Vmware | 1 Nsx Sd-wan By Velocloud | 2025-10-30 | 8.1 High |
| VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the product in future releases. Successful exploitation of this issue could result in remote code execution. | ||||
| CVE-2020-4006 | 3 Linux, Microsoft, Vmware | 7 Linux Kernel, Windows, Cloud Foundation and 4 more | 2025-10-30 | 9.1 Critical |
| VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. | ||||
| CVE-2021-1732 | 1 Microsoft | 11 Windows 10 1803, Windows 10 1809, Windows 10 1909 and 8 more | 2025-10-30 | 7.8 High |
| Windows Win32k Elevation of Privilege Vulnerability | ||||
| CVE-2021-28310 | 1 Microsoft | 11 Windows 10 1803, Windows 10 1809, Windows 10 1909 and 8 more | 2025-10-30 | 7.8 High |
| Win32k Elevation of Privilege Vulnerability | ||||
| CVE-2024-12987 | 1 Draytek | 4 Vigor2960, Vigor2960 Firmware, Vigor300b and 1 more | 2025-10-30 | 7.3 High |
| A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component Web Management Interface. The manipulation of the argument session leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.1.5 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2023-34048 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2025-10-30 | 9.8 Critical |
| vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution. | ||||
| CVE-2019-5544 | 4 Fedoraproject, Openslp, Redhat and 1 more | 17 Fedora, Openslp, Enterprise Linux and 14 more | 2025-10-30 | 9.8 Critical |
| OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. | ||||
| CVE-2022-41125 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2025-10-30 | 7.8 High |
| Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | ||||
| CVE-2022-41073 | 1 Microsoft | 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more | 2025-10-30 | 7.8 High |
| Windows Print Spooler Elevation of Privilege Vulnerability | ||||
| CVE-2022-24521 | 1 Microsoft | 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more | 2025-10-30 | 7.8 High |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | ||||
| CVE-2024-6047 | 1 Geovision | 46 Gv-bx130, Gv-bx130 Firmware, Gv-bx1500 and 43 more | 2025-10-30 | 9.8 Critical |
| Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. | ||||
| CVE-2022-21882 | 1 Microsoft | 14 Windows 10 1809, Windows 10 1909, Windows 10 20h2 and 11 more | 2025-10-30 | 7 High |
| Win32k Elevation of Privilege Vulnerability | ||||
| CVE-2025-21985 | 1 Linux | 1 Linux Kernel | 2025-10-30 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bound accesses [WHAT & HOW] hpo_stream_to_link_encoder_mapping has size MAX_HPO_DP2_ENCODERS(=4), but location can have size up to 6. As a result, it is necessary to check location against MAX_HPO_DP2_ENCODERS. Similiarly, disp_cfg_stream_location can be used as an array index which should be 0..5, so the ASSERT's conditions should be less without equal. | ||||
| CVE-2023-36792 | 1 Microsoft | 16 .net, .net Framework, Visual Studio 2017 and 13 more | 2025-10-30 | 7.8 High |
| Visual Studio Remote Code Execution Vulnerability | ||||
| CVE-2023-36793 | 1 Microsoft | 16 .net, .net Framework, Visual Studio 2017 and 13 more | 2025-10-30 | 7.8 High |
| Visual Studio Remote Code Execution Vulnerability | ||||
| CVE-2023-36796 | 1 Microsoft | 16 .net, .net Framework, Visual Studio 2017 and 13 more | 2025-10-30 | 7.8 High |
| Visual Studio Remote Code Execution Vulnerability | ||||
| CVE-2025-62525 | 2 Linux, Openwrt | 2 Linux, Openwrt | 2025-10-30 | 7.9 High |
| OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, local users could read and write arbitrary kernel memory using the ioctls of the ltq-ptm driver which is used to drive the datapath of the DSL line. This only effects the lantiq target supporting xrx200, danube and amazon SoCs from Lantiq/Intel/MaxLinear with the DSL in PTM mode. The DSL driver for the VRX518 is not affected. ATM mode is also not affected. Most VDSL lines use PTM mode and most ADSL lines use ATM mode. OpenWrt is normally running as a single user system, but some services are sandboxed. This vulnerability could allow attackers to escape a ujail sandbox or other contains. This is fixed in OpenWrt 24.10.4. There are no workarounds. | ||||