Export limit exceeded: 20960 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20960 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-8663 | 1 Rapid7 | 1 Insightconnect Rpm Plugin | 2026-06-26 | 6 Medium |
| OS Command Injection vulnerability in Rapid7 InsightConnect RPM Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the repo, key, or name parameters due to insufficient input sanitization in shell command construction. | ||||
| CVE-2026-8659 | 1 Rapid7 | 1 Insightconnect Sqlmap Plugin | 2026-06-26 | 6 Medium |
| OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the api_host or api_port parameters during connection configuration due to insufficient input validation. | ||||
| CVE-2026-9155 | 1 Rapid7 | 1 Insightconnect Sed Plugin | 2026-06-26 | 8.8 High |
| OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to insufficient input validation. | ||||
| CVE-2026-8660 | 1 Rapid7 | 1 Insightconnect Ping Plugin | 2026-06-26 | 7.7 High |
| OS Command Injection vulnerability in the ping action of Rapid7 InsightConnect Ping Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host parameter due to insufficient input validation when constructing shell commands. | ||||
| CVE-2026-8665 | 1 Rapid7 | 1 Insightconnect Tr Plugin | 2026-06-26 | 7.7 High |
| OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction. | ||||
| CVE-2026-8664 | 1 Rapid7 | 1 Insightconnect Finger Plugin | 2026-06-26 | 6 Medium |
| OS Command Injection vulnerability in Rapid7 InsightConnect Finger Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the user or host parameters due to insufficient input validation in shell command construction. | ||||
| CVE-2026-8592 | 1 Rapid7 | 1 Insightconnect Awk Plugin | 2026-06-26 | 7.7 High |
| OS Command Injection vulnerability in the process_string action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to unsafe shell command construction in the processing pipeline. | ||||
| CVE-2026-8666 | 1 Rapid7 | 1 Insightconnect Traceroute Plugin | 2026-06-26 | 7.7 High |
| OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, max_ttl, count, or time_out request parameters due to insufficient input validation when constructing shell commands. | ||||
| CVE-2026-8658 | 1 Rapid7 | 1 Insightconnect Tcpdump Plugin | 2026-06-26 | 6 Medium |
| OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the options or filter parameters due to insufficient input sanitization in shell command construction. | ||||
| CVE-2026-56129 | 2 Dynabook, Toshiba Corporation | 2 Generic Io & Memory Access Driver, Generic Io & Memory Access Driver | 2026-06-26 | 5.5 Medium |
| Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access control. A logged-in user with no administrative privilege may access physical memory. | ||||
| CVE-2026-47150 | 1 Silicon Labs | 1 Emberznet | 2026-06-26 | N/A |
| In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited. These messages must come from a device that has already joined the network. Only devices supporting the IAS Zone cluster may be impacted. | ||||
| CVE-2026-47151 | 1 Silicon Labs | 1 Emberznet | 2026-06-26 | N/A |
| In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. The size and location of this data is limited. These messages must come from a device that has already joined the network. Only devices supporting the Door Lock cluster may be impacted. | ||||
| CVE-2026-12844 | 1 Drolsky | 1 List::someutils::xs | 2026-06-26 | 7.5 High |
| List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function. pairwise() collects the values returned by the block into a heap buffer sized to the longer input array, then grows the buffer before each copy with a single quadrupling (alloc <<= 2) instead of a loop. A block call that returns more than four times the current allocation in one invocation outgrows that one quadrupling, and the copy writes past the end of the buffer. Any caller of pairwise() whose block returns, for a single pair, more than four times the longer input array's length writes past the buffer and corrupts the heap. | ||||
| CVE-2026-56786 | 1 Tomojitakasu | 1 Rtklib | 2026-06-26 | 9.8 Critical |
| RTKLIB through 2.4.3 contains an out-of-bounds write vulnerability in decode_type1033 function that fails to clamp length counters to destination buffer size, allowing up to 191-byte overflow into fixed 64-byte descriptor fields. An attacker controlling an NTRIP or serial RTCM3 correction stream can craft a valid CRC-bearing type-1033 message to corrupt adjacent rtcm_t object members, potentially achieving arbitrary code execution or denial of service. | ||||
| CVE-2026-11527 | 1 Shlomi Fish | 1 Config-inifiles | 2026-06-26 | 8.6 High |
| Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open() of the -file argument in _make_filehandle. Config::IniFiles::_make_filehandle opens a filename argument with Perl's 2-arg open(), so a filename that begins or ends with a pipe ("| cmd", "cmd |") or begins with a redirect ("> path", ">> path") is run as a command or redirect rather than opened as a file. The helper is the open path behind the documented -file argument: new(-file => $thing) reaches it through ReadConfig. An in-memory scalar reference (-file => \$text) does not open a path and is unaffected. Any caller that forwards untrusted input to the -file argument can run an arbitrary command or truncate a file under the process UID. | ||||
| CVE-2026-11410 | 1 Tp-link | 1 Tl-wr940n V6 | 2026-06-26 | N/A |
| An authenticated OS command injection vulnerability exists in the BigPond Cable (BPA) WAN configuration module in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges. | ||||
| CVE-2026-39199 | 1 Snes9x.com | 1 Snes9x | 2026-06-26 | 2.9 Low |
| snes9x 1.63 allows an out-of-bounds write and denial of service via a crafted .ups file. | ||||
| CVE-2025-15641 | 1 Netskope | 1 Netskope | 2026-06-26 | N/A |
| Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sending crafted IOCTL requests to the driver. A successful exploit can result in the bypassing of all anti-tampering protections for the NSClient.Affected Product(s) and Version(s) * Product Name: Netskope Client * Affected Platform: Windows * Affected Version: All version below R138 | ||||
| CVE-2026-53148 | 1 Linux | 1 Linux Kernel | 2026-06-26 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Clamp XDomain response data copy to allocation size tb_xdp_properties_request() derives the per-packet copy length from the response header without checking that it fits in the previously allocated data buffer. A malicious peer can set its length field larger than the declared data_length, causing memcpy to write past the kcalloc allocation. Clamp the per-packet copy length so that the cumulative offset never exceeds data_len. | ||||
| CVE-2026-55895 | 1 Vim | 1 Vim | 2026-06-26 | N/A |
| Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile() in the netrw plugin (runtime/pack/dist/opt/netrw/autoload/netrw.vim) when deleting a local file from the browser. A filename derived from the buffer's directory listing is interpolated into an Ex command line passed to :execute with only the backslash character escaped, allowing a crafted filename containing a bar (|) to terminate the intended command and execute arbitrary Vimscript, including shell commands via :call system() and :!. This vulnerability is fixed in 9.2.0663. | ||||