Export limit exceeded: 336750 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9878 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-21353 | 1 Pugjs | 2 Pug, Pug-code-gen | 2025-05-27 | 6.8 Medium |
| Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the `pretty` option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was possible for them to achieve remote code execution on the node.js backend. This is fixed in version 3.0.1. This advisory applies to multiple pug packages including "pug", "pug-code-gen". pug-code-gen has a backported fix at version 2.0.3. This advisory is not exploitable if there is no way for un-trusted input to be passed to pug as the `pretty` option, e.g. if you compile templates in advance before applying user input to them, you do not need to upgrade. | ||||
| CVE-2024-6330 | 2 Geo My Wp, Geomywp | 2 Geo My Wp, Geo My Wordpress | 2025-05-27 | 9.8 Critical |
| The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from including arbitrary files in PHP's execution context, which leads to Remote Code Execution. | ||||
| CVE-2024-42835 | 1 Langflow | 1 Langflow | 2025-05-27 | 9.8 Critical |
| langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component. | ||||
| CVE-2022-28721 | 1 Hp | 600 1g5m0a, 1g5m0a Firmware, 1k7k6a and 597 more | 2025-05-27 | 9.8 Critical |
| Certain HP Print Products are potentially vulnerable to Remote Code Execution. | ||||
| CVE-2022-45092 | 1 Siemens | 1 Sinec Ins | 2025-05-27 | 9.9 Critical |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product, could potentially read and write arbitrary files from and to the device's file system. An attacker might leverage this to trigger remote code execution on the affected component. | ||||
| CVE-2023-40491 | 2 Maxon, Nemetschek | 2 Cinema 4d, Cinema 4d | 2025-05-27 | 7.8 High |
| Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21439. | ||||
| CVE-2023-40486 | 1 Nemetschek | 1 Cinema 4d | 2025-05-27 | 7.8 High |
| Maxon Cinema 4D SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21434. | ||||
| CVE-2023-40482 | 1 Nemetschek | 1 Cinema 4d | 2025-05-27 | 7.8 High |
| Maxon Cinema 4D SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21430. | ||||
| CVE-2023-40483 | 2 Maxon, Nemetschek | 2 Cinema 4d, Cinema 4d | 2025-05-27 | 7.8 High |
| Maxon Cinema 4D SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21431. | ||||
| CVE-2023-40484 | 2 Maxon, Nemetschek | 2 Cinema 4d, Cinema 4d | 2025-05-27 | 7.8 High |
| Maxon Cinema 4D SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21432. | ||||
| CVE-2023-40485 | 1 Nemetschek | 1 Cinema 4d | 2025-05-27 | 7.8 High |
| Maxon Cinema 4D SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21433. | ||||
| CVE-2023-40487 | 2 Maxon, Nemetschek | 2 Cinema 4d, Cinema 4d | 2025-05-27 | 7.8 High |
| Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21435. | ||||
| CVE-2023-40488 | 1 Nemetschek | 1 Cinema 4d | 2025-05-27 | 7.8 High |
| Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21436. | ||||
| CVE-2023-40489 | 2 Maxon, Nemetschek | 2 Cinema 4d, Cinema 4d | 2025-05-27 | 7.8 High |
| Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21437. | ||||
| CVE-2023-31493 | 1 Zoneminder | 1 Zoneminder | 2025-05-27 | 6.6 Medium |
| RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system. | ||||
| CVE-2023-44466 | 2 Linux, Redhat | 7 Linux Kernel, Enterprise Linux, Rhel Aus and 4 more | 2025-05-23 | 8.8 High |
| An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32. | ||||
| CVE-2025-44176 | 1 Tenda | 2 Fh451, Fh451 Firmware | 2025-05-23 | 6.5 Medium |
| Tenda FH451 V1.0.0.9 is vulnerable to Remote Code Execution in the formSafeEmailFilter function. | ||||
| CVE-2020-26217 | 6 Apache, Debian, Netapp and 3 more | 23 Activemq, Debian Linux, Snapmanager and 20 more | 2025-05-23 | 8 High |
| XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14. | ||||
| CVE-2022-40855 | 1 Tenda | 2 W20e, W20e Firmware | 2025-05-22 | 9.8 Critical |
| Tenda W20E router V15.11.0.6 contains a stack overflow in the function formSetPortMapping with post request 'goform/setPortMapping/'. This vulnerability allows attackers to cause a Denial of Service (DoS) or Remote Code Execution (RCE) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters. | ||||
| CVE-2022-27492 | 1 Whatsapp | 1 Whatsapp | 2025-05-22 | 7.8 High |
| An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file. | ||||