Export limit exceeded: 18832 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (18832 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-64124 2 Nuvation Energy, Nuvationenergy 6 Multi-stack Controller, Nplatform, Nuvmsc3-04s-c and 3 more 2026-02-26 8.8 High
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows OS Command Injection.This issue affects Multi-Stack Controller (MSC): before 2.5.1.
CVE-2025-64120 2 Nuvation Energy, Nuvationenergy 6 Multi-stack Controller, Nplatform, Nuvmsc3-04s-c and 3 more 2026-02-26 8.8 High
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows OS Command Injection.This issue affects Multi-Stack Controller (MSC): from 2.3.8 before 2.5.1.
CVE-2026-26046 1 Moodle 1 Moodle 2026-02-26 7.2 High
A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is enabled and ImageMagick is installed, a maliciously crafted setting value entered by an administrator could result in unintended system command execution. While exploitation requires administrative privileges, successful compromise could affect the entire Moodle server.
CVE-2025-20734 3 Mediatek, Mediatk, Openwrt 18 Mt6890, Mt7615, Mt7622 and 15 more 2026-02-26 4.2 Medium
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00441507; Issue ID: MSV-4112.
CVE-2025-20732 3 Mediatek, Mediatk, Openwrt 18 Mt6890, Mt7615, Mt7622 and 15 more 2026-02-26 5.3 Medium
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege (when OceReducedNeighborReport is disabled). User interaction is not needed for exploitation. Patch ID: WCNCR00441510; Issue ID: MSV-4139.
CVE-2025-20731 2 Mediatek, Openwrt 10 Mt6890, Mt7615, Mt7622 and 7 more 2026-02-26 5.3 Medium
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege (when OceReducedNeighborReport is disabled). User interaction is not needed for exploitation. Patch ID: WCNCR00441511; Issue ID: MSV-4140.
CVE-2025-20645 2 Google, Mediatek 15 Android, Mt6765, Mt6768 and 12 more 2026-02-26 7.8 High
In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09475476; Issue ID: MSV-2599.
CVE-2025-20646 1 Mediatek 6 Mt6890, Mt7915, Mt7916 and 3 more 2026-02-26 9.8 Critical
In wlan AP FW, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389074; Issue ID: MSV-1803.
CVE-2025-20650 5 Google, Linuxfoundation, Mediatek and 2 more 25 Android, Yocto, Mt2737 and 22 more 2026-02-26 6.8 Medium
In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ID: MSV-2061.
CVE-2024-53022 1 Qualcomm 46 Qam8255p, Qam8255p Firmware, Qam8295p and 43 more 2026-02-26 7.8 High
Memory corruption may occur during communication between primary and guest VM.
CVE-2024-53030 1 Qualcomm 88 Msm8996au, Msm8996au Firmware, Qam8255p and 85 more 2026-02-26 7.8 High
Memory corruption while processing input message passed from FE driver.
CVE-2024-53031 1 Qualcomm 52 Qam8255p, Qam8255p Firmware, Qam8295p and 49 more 2026-02-26 7.8 High
Memory corruption while reading a type value from a buffer controlled by the Guest Virtual Machine.
CVE-2025-22225 1 Vmware 4 Cloud Foundation, Esxi, Telco Cloud Infrastructure and 1 more 2026-02-26 8.2 High
VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.
CVE-2025-1938 2 Mozilla, Redhat 8 Firefox, Thunderbird, Enterprise Linux and 5 more 2026-02-26 6.5 Medium
Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
CVE-2025-20929 2 Samsung, Samsung Mobile 2 Notes, Samsung Notes 2026-02-26 7.3 High
Out-of-bounds write in parsing jpeg image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code.
CVE-2025-20931 2 Samsung, Samsung Mobile 2 Notes, Samsung Notes 2026-02-26 7.3 High
Out-of-bounds write in parsing bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code.
CVE-2024-11253 1 Zyxel 12 Dm4200-b0, Dm4200-b0 Firmware, Emg5723-t50k and 9 more 2026-02-26 7.2 High
A post-authentication command injection vulnerability in the "DNSServer” parameter of the diagnostic function in the Zyxel VMG8825-T50K firmware version V5.50(ABOM.8.5)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.
CVE-2024-12009 1 Zyxel 76 Ax7501-b0, Ax7501-b0 Firmware, Ax7501-b1 and 73 more 2026-02-26 7.2 High
A post-authentication command injection vulnerability in the "ZyEE" function of the Zyxel EX5601-T1 firmware version V5.70(ACDZ.3.6)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.
CVE-2024-12010 1 Zyxel 82 Ax7501-b0, Ax7501-b0 Firmware, Ax7501-b1 and 79 more 2026-02-26 7.2 High
A post-authentication command injection vulnerability in the ”zyUtilMailSend” function of the Zyxel AX7501-B1 firmware version V5.17(ABPC.5.3)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.
CVE-2025-27363 3 Debian, Freetype, Redhat 9 Debian Linux, Freetype, Enterprise Linux and 6 more 2026-02-26 8.1 High
An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.