Export limit exceeded: 12130 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 12130 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 11708 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 21115 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (21115 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-0234 2026-04-15 5.3 Medium
Out-of-bounds vulnerability in curve segmentation processing of Generic PCL6 V4 Printer Driver / Generic UFR II V4 Printer Driver / Generic LIPSLX V4 Printer Driver.
CVE-2024-6333 1 Xerox 4 Altalink Firmware, Versalink Firmware, Workcentre Firmware and 1 more 2026-04-15 7.2 High
Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products.
CVE-2025-7451 1 Hgiga 1 Isherlock 2026-04-15 9.8 Critical
The iSherlock developed by Hgiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. This vulnerability has already been exploited. Please update immediately.
CVE-2025-10767 1 Cosmodiumcs 1 Onlyrat 2026-04-15 4.5 Medium
A vulnerability was detected in CosmodiumCS OnlyRAT up to 3.2. The affected element is the function connect/remote_upload/remote_download of the file main.py of the component Configuration File Handler. The manipulation of the argument configuration["PASSWORD"] results in os command injection. The attack requires a local approach. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-57595 1 Dlink 1 Dir-825 2026-04-15 9.8 Critical
DLINK DIR-825 REVB 2.03 devices have an OS command injection vulnerability in the CGl interface apc_client_pin.cgi, which allows remote attackers to execute arbitrary commands via the parameter "wps_pin" passed to the apc_client_pin.cgi binary through a POST request.
CVE-2025-3499 1 Radiflow 1 Isap Smart Collector 2026-04-15 10 Critical
The device has two web servers that expose unauthenticated REST APIs on the management network (TCP ports 8084 and 8086). Exploiting OS command injection through these APIs, an attacker can send arbitrary commands that are executed with administrative permissions by the underlying operating system.
CVE-2024-29222 2026-04-15 6.1 Medium
Out-of-bounds write for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-45320 2026-04-15 N/A
Out-of-bounds write vulnerability exists in DocuPrint CP225w 01.22.01 and earlier, DocuPrint CP228w 01.22.01 and earlier, DocuPrint CM225fw 01.10.01 and earlier, and DocuPrint CM228fw 01.10.01 and earlier. If an affected MFP processes a specially crafted printer job file, a denial-of-service (DoS) condition may occur.
CVE-2024-13129 1 Roxy-wi 1 Roxy-wi 2026-04-15 8.8 High
A vulnerability was found in Roxy-WI up to 8.1.3. It has been declared as critical. Affected by this vulnerability is the function action_service of the file app/modules/roxywi/roxy.py. The manipulation of the argument action/service leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 8.1.4 is able to address this issue. The identifier of the patch is 32313928eb9ce906887b8a30bf7b9a3d5c0de1be. It is recommended to upgrade the affected component.
CVE-2025-34105 1 Flexense 1 Diskboss 2026-04-15 N/A
A stack-based buffer overflow vulnerability exists in the built-in web interface of DiskBoss Enterprise versions 7.4.28, 7.5.12, and 8.2.14. The vulnerability arises from improper bounds checking on the path component of HTTP GET requests. By sending a specially crafted long URI, a remote unauthenticated attacker can trigger a buffer overflow, potentially leading to arbitrary code execution with SYSTEM privileges on vulnerable Windows hosts.
CVE-2024-30804 1 Asus 1 Fan Xpert 2026-04-15 9.8 Critical
An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert before v.10013 allows an attacker to execute arbitrary code via crafted IOCTL requests.
CVE-2024-39607 1 Elecom 3 Wrc-x1500gs-b Firmware, Wrc-x1500gsa-b Firmware, Wrc-x6000xs-g Firmware 2026-04-15 6.8 Medium
OS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted request may be sent to the affected product by a logged-in user with an administrative privilege to execute an arbitrary OS command.
CVE-2025-1546 2026-04-15 7.3 High
A vulnerability has been found in BDCOM Behavior Management and Auditing System up to 20250210 and classified as critical. Affected by this vulnerability is the function log_operate_clear of the file /webui/modules/log/operate.mds. The manipulation of the argument start_code leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-3363 1 Hgiga 1 Isherlock 2026-04-15 9.8 Critical
The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.
CVE-2025-58116 1 Iodata 1 Wn-7d36qr 2026-04-15 7.2 High
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in WN-7D36QR and WN-7D36QR/UE. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote authenticated attacker.
CVE-2024-54008 2026-04-15 7.2 High
An authenticated Remote Code Execution (RCE) vulnerability exists in the AirWave CLI. Successful exploitation of this vulnerability could allow a remote authenticated threat actor to run arbitrary commands as a privileged user on the underlying host.
CVE-2021-46772 2026-04-15 3.9 Low
Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in memory corruption or denial of service.
CVE-2025-64129 1 Zenitel 1 Tciv-3+ 2026-04-15 7.6 High
Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote attacker to crash the device.
CVE-2025-34041 2026-04-15 N/A
An OS command injection vulnerability exists in the Chinese versions of Sangfor Endpoint Detection and Response (EDR) management platform versions 3.2.16, 3.2.17, and 3.2.19. The vulnerability allows unauthenticated attackers to construct and send malicious HTTP requests to the EDR Manager interface, leading to arbitrary command execution with elevated privileges. This flaw only affects the Chinese-language EDR builds. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC.
CVE-2025-53524 1 Fujielectric 1 Monitouch V-sft 2026-04-15 7.8 High
Fuji Electric Monitouch V-SFT-6 is vulnerable to an out-of-bounds write while processing a specially crafted project file, which may allow an attacker to execute arbitrary code.