Search Results (21195 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-20634 1 Mediatek 32 Mt2737, Mt6813, Mt6835 and 29 more 2026-02-17 8.8 High
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01289384; Issue ID: MSV-2436.
CVE-2024-20154 1 Mediatek 56 Lr12a, Lr13, Mt2735 and 53 more 2026-02-17 8.8 High
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00720348; Issue ID: MSV-2392.
CVE-2025-55211 2 Freepbx, Sangoma 2 Freepbx, Freepbx 2026-02-13 8.8 High
FreePBX is an open-source web-based graphical user interface. From 17.0.19.11 to before 17.0.21, authenticated users of the Administrator Control Panel (ACP) can run arbitrary shell commands by maliciously changing languages of the framework module. This vulnerability is fixed in 17.0.21.
CVE-2022-45188 3 Debian, Fedoraproject, Netatalk 3 Debian Linux, Fedora, Netatalk 2026-02-13 7.8 High
Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).
CVE-2018-1160 3 Debian, Netatalk, Synology 7 Debian Linux, Netatalk, Diskstation Manager and 4 more 2026-02-13 9.8 Critical
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.
CVE-2025-27487 1 Microsoft 27 Remote Desktop, Remote Desktop Client, Windows 10 1507 and 24 more 2026-02-13 8 High
Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network.
CVE-2025-27477 1 Microsoft 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more 2026-02-13 8.8 High
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
CVE-2025-24063 1 Microsoft 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more 2026-02-13 7.8 High
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-30376 1 Microsoft 11 365 Apps, Excel, Excel 2016 and 8 more 2026-02-13 7.8 High
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-29979 1 Microsoft 11 365 Apps, Excel, Office and 8 more 2026-02-13 7.8 High
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-29967 1 Microsoft 25 Remote Desktop, Windows 10 1507, Windows 10 1607 and 22 more 2026-02-13 8.8 High
Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
CVE-2025-29966 1 Microsoft 26 Remote Desktop, Windows 10 1507, Windows 10 1607 and 23 more 2026-02-13 8.8 High
Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network.
CVE-2025-51958 1 Aelsantex 1 Runcommand 2026-02-13 9.8 Critical
aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/plugins/runcommand/postaction.php.
CVE-2024-56808 1 Qnap 1 Media Streaming Add-on 2026-02-12 7.8 High
A command injection vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later
CVE-2025-64091 1 Zenitel 3 Tcis-3, Tcis-3+, Tcis-3 Firmware 2026-02-12 8.6 High
This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device.
CVE-2025-56590 1 Apryse 2 Html2pdf, Html2pdf Sdk 2026-02-12 9.8 Critical
An issue was discovered in the InsertFromURL() function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary operating system commands on the local server.
CVE-2025-57709 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 8.1 High
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVE-2025-54149 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 5.5 Medium
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVE-2025-54150 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 5.5 Medium
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVE-2025-54151 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 5.5 Medium
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later