Export limit exceeded: 18017 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9870 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-3482 | 1 Meddream | 1 Pacs Server | 2025-07-11 | 7.8 High |
| MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of DICOM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-25826. | ||||
| CVE-2025-3481 | 1 Meddream | 1 Pacs Server | 2025-07-11 | 7.8 High |
| MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of DICOM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-25827. | ||||
| CVE-2025-25270 | 1 Phoenixcontact | 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more | 2025-07-11 | 9.8 Critical |
| An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations. | ||||
| CVE-2024-39710 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-11 | N/A |
| Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-39711 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-11 | N/A |
| Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-39712 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-11 | N/A |
| Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2025-4102 | 1 Fastlinemedia | 1 Beaver Builder | 2025-07-11 | 7.2 High |
| The Beaver Builder Plugin (Starter Version) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_enabled_icons' function in all versions up to, and including, 2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability was partially patched in version 2.9.1. | ||||
| CVE-2024-6983 | 1 Mudler | 1 Localai | 2025-07-10 | N/A |
| mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises because the localai backend receives inputs not only from the configuration file but also from other inputs, allowing an attacker to upload a binary file and execute malicious code. This can lead to the attacker gaining full control over the system. | ||||
| CVE-2024-39332 | 1 Webswing | 1 Webswing | 2025-07-10 | 9.8 Critical |
| Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path traversal, likely leading to remote code execution via modification of shell scripts on the server. | ||||
| CVE-2023-26785 | 1 Mariadb | 1 Mariadb | 2025-07-10 | 9.8 Critical |
| MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed. | ||||
| CVE-2024-36522 | 1 Apache | 1 Wicket | 2025-07-10 | 9.8 Critical |
| The default configuration of XSLTResourceStream.java is vulnerable to remote code execution via XSLT injection when processing input from an untrusted source without validation. Users are recommended to upgrade to versions 10.1.0, 9.18.0 or 8.16.0, which fix this issue. | ||||
| CVE-2024-35236 | 2 Advplyr, Audiobookshelf | 2 Audiobookshelf, Audiobookshelf | 2025-07-10 | 4.8 Medium |
| Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.10.0, opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Attacking a user with high privileges (upload, creation of libraries) can lead to remote code execution (RCE) in the worst case. This was tested on version 2.9.0 on Windows, but an arbitrary file write is powerful enough as is and should easily lead to RCE on Linux, too. Version 2.10.0 contains a patch for the vulnerability. | ||||
| CVE-2023-29344 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-07-10 | 7.8 High |
| Microsoft Office Remote Code Execution Vulnerability | ||||
| CVE-2023-29325 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-07-10 | 8.1 High |
| Windows OLE Remote Code Execution Vulnerability | ||||
| CVE-2023-29341 | 1 Microsoft | 1 Av1 Video Extension | 2025-07-10 | 7.8 High |
| AV1 Video Extension Remote Code Execution Vulnerability | ||||
| CVE-2023-29340 | 1 Microsoft | 1 Av1 Video Extension | 2025-07-10 | 7.8 High |
| AV1 Video Extension Remote Code Execution Vulnerability | ||||
| CVE-2023-24953 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-07-10 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2023-24947 | 1 Microsoft | 7 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 4 more | 2025-07-10 | 8.8 High |
| Windows Bluetooth Driver Remote Code Execution Vulnerability | ||||
| CVE-2023-24905 | 1 Microsoft | 5 Windows 10 20h2, Windows 10 21h2, Windows 10 22h2 and 2 more | 2025-07-10 | 7.8 High |
| Remote Desktop Client Remote Code Execution Vulnerability | ||||
| CVE-2023-24943 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-10 | 9.8 Critical |
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | ||||