Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
31,416 matching · page 163/629Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-46369(opens NVD record) | High | 7.8 | Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contains an Insecure Temporary File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Privilege Escalation. | Nov 13, 2025 |
| CVE-2025-46368(opens NVD record) | Medium | 6.6 | Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contains an Insecure Temporary File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering. | Nov 13, 2025 |
| CVE-2025-46367(opens NVD record) | High | 7.8 | Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Detection of Error Condition Without Action vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary Code Execution. | Nov 13, 2025 |
| CVE-2025-46362(opens NVD record) | Medium | 6.6 | Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Tampering. | Nov 13, 2025 |
| CVE-2025-60676(opens NVD record) | Medium | 6.5 | An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetNetworkSettings' functionality of prog.cgi, where the 'IPAddress' and 'SubnetMask' parameters are directly concatenated into shell commands executed via system(). An attacker can exploit this vulnerability remotely without authentication by sending a specially crafted HTTP request, leading to arbitrary command execution on the device. | Nov 13, 2025 |
| CVE-2025-60675(opens NVD record) | Medium | 5.4 | A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /tmp/new_qos.rule configuration file. The vulnerability occurs because parsed fields from the configuration file are concatenated into command strings and executed via system() without any sanitization. An attacker with write access to /tmp/new_qos.rule can execute arbitrary commands on the device. | Nov 13, 2025 |
| CVE-2025-60674(opens NVD record) | Medium | 6.8 | A stack buffer overflow vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin in the rc binary's USB storage handling module. The vulnerability occurs when the "Serial Number" field from a USB device is read via sscanf into a 64-byte stack buffer, while fgets reads up to 127 bytes, causing a stack overflow. An attacker with physical access or control over a USB device can exploit this vulnerability to potentially execute arbitrary code on the device. | Nov 13, 2025 |
| CVE-2025-60673(opens NVD record) | Medium | 6.5 | An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDMZSettings' functionality, where the 'IPAddress' parameter in prog.cgi is stored in NVRAM and later used by librcm.so to construct iptables commands executed via twsystem(). An attacker can exploit this vulnerability remotely without authentication by sending a specially crafted HTTP request, leading to arbitrary command execution on the device. | Nov 13, 2025 |
| CVE-2025-60672(opens NVD record) | Medium | 6.5 | An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDynamicDNSSettings' functionality, where the 'ServerAddress' and 'Hostname' parameters in prog.cgi are stored in NVRAM and later used by rc to construct system commands executed via twsystem(). An attacker can exploit this vulnerability remotely without authentication by sending a specially crafted HTTP request, leading to arbitrary command execution on the device. | Nov 13, 2025 |
| CVE-2025-60693(opens NVD record) | Medium | 6.5 | A stack-based buffer overflow exists in the get_merge_mac function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function concatenates up to six user-supplied CGI parameters matching <parameter>_0~5 into a fixed-size buffer (a2) without proper bounds checking, appending colon delimiters during concatenation. Remote attackers can exploit this vulnerability via specially crafted HTTP requests to execute arbitrary code or cause denial of service without authentication. | Nov 13, 2025 |
| CVE-2025-60671(opens NVD record) | Medium | 5.4 | A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /var/system/linux_vlan_reinit file. The vulnerability occurs because content read from this file is only partially validated for a prefix and then formatted using vsnprintf() before being executed with system(), allowing an attacker with write access to /var/system/linux_vlan_reinit to execute arbitrary commands on the device. | Nov 13, 2025 |
| CVE-2025-12785(opens NVD record) | High | 7.5 | Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server. | Nov 13, 2025 |
| CVE-2025-12784(opens NVD record) | Medium | 4.9 | Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server. | Nov 13, 2025 |
| CVE-2025-60696(opens NVD record) | High | 8.4 | A stack-based buffer overflow vulnerability exists in the makeRequest.cgi binary of Linksys RE7000 routers (Firmware FW_v2.0.15_211230_1012). The arplookup function parses lines from /proc/net/arp using sscanf("%16s ... %18s ..."), storing results into buffers v6 (12 bytes) and v7 (20 bytes). Since the format specifiers allow up to 16 and 18 bytes respectively, oversized input can overflow the buffers, resulting in stack corruption. Local attackers controlling /proc/net/arp contents can exploit this issue to cause denial of service or potentially execute arbitrary code. | Nov 13, 2025 |
| CVE-2025-60695(opens NVD record) | Medium | 5.9 | A stack-based buffer overflow vulnerability exists in the mtk_dut binary of Linksys E7350 routers (Firmware 1.1.00.032). The function sub_4045A8 reads up to 256 bytes from /sys/class/net/%s/address into a local buffer and then copies it into caller-provided buffer a1 using strcpy without boundary checks. Since a1 is often allocated with significantly smaller sizes (20-32 bytes), local attackers controlling the contents of /sys/class/net/%s/address can trigger buffer overflows, leading to memory corruption, denial of service, or potential arbitrary code execution. | Nov 13, 2025 |
| CVE-2025-60694(opens NVD record) | High | 7.5 | A stack-based buffer overflow exists in the validate_static_route function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function improperly concatenates user-supplied CGI parameters (route_ipaddr_0~3, route_netmask_0~3, route_gateway_0~3) into fixed-size buffers (v6, v10, v14) without proper bounds checking. Remote attackers can exploit this vulnerability via specially crafted HTTP requests to execute arbitrary code or cause denial of service without authentication. | Nov 13, 2025 |
| CVE-2025-60692(opens NVD record) | High | 8.4 | A stack-based buffer overflow vulnerability exists in the libshared.so library of Cisco Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The functions get_mac_from_ip and get_ip_from_mac use sscanf with overly permissive "%100s" format specifiers to parse entries from /proc/net/arp into fixed-size buffers (v6: 50 bytes, v7 sub-arrays: 50 bytes). This allows local attackers controlling the contents of /proc/net/arp to overflow stack buffers, leading to memory corruption, denial of service, or potential arbitrary code execution. | Nov 13, 2025 |
| CVE-2025-60691(opens NVD record) | High | 8.8 | A stack-based buffer overflow exists in the httpd binary of Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The apply_cgi and block_cgi functions copy user-supplied input from the "url" CGI parameter into stack buffers (v36, v29) using sprintf without bounds checking. Because these buffers are allocated as single-byte variables, any non-empty input will trigger a buffer overflow. Remote attackers can exploit this vulnerability via crafted HTTP requests to execute arbitrary code or cause denial of service without authentication. | Nov 13, 2025 |
| CVE-2025-60690(opens NVD record) | High | 8.8 | A stack-based buffer overflow exists in the get_merge_ipaddr function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function concatenates up to four user-supplied CGI parameters matching <parameter>_0~3 into a fixed-size buffer (a2) without bounds checking. Remote attackers can exploit this vulnerability via specially crafted HTTP requests to execute arbitrary code or cause denial of service without authentication. | Nov 13, 2025 |
| CVE-2025-20353(opens NVD record) | Medium | 6.1 | A vulnerability in the web-based management interface of Cisco Catalyst Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | Nov 13, 2025 |
| CVE-2025-20349(opens NVD record) | Medium | 6.3 | A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user. This vulnerability is due to insufficient validation of user-supplied input in REST API request parameters. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to inject arbitrary commands that would then be executed in a restricted container with root privileges. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Observer. | Nov 13, 2025 |
| CVE-2025-20346(opens NVD record) | Medium | 4.3 | A vulnerability in Cisco Catalyst Center could allow an authenticated, remote attacker to execute operations that should require Administrator privileges. The attacker would need valid read-only user credentials. This vulnerability is due to improper role-based access control (RBAC). An attacker could exploit this vulnerability by logging in to an affected system and modifying certain policy configurations. A successful exploit could allow the attacker to modify policy configurations that are reserved for the Administrator role. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Observer. | Nov 13, 2025 |
| CVE-2025-60689(opens NVD record) | Medium | 5.4 | An unauthenticated command injection vulnerability exists in the Start_EPI function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The vulnerability occurs because user-supplied CGI parameters (wl_ant, wl_ssid, wl_rate, ttcp_num, ttcp_ip, ttcp_size) are concatenated into system command strings without proper sanitization and executed via wl_exec_cmd. Successful exploitation allows remote attackers to execute arbitrary commands on the device without authentication. | Nov 13, 2025 |
| CVE-2025-60688(opens NVD record) | Medium | 6.5 | A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (setDefResponse function). The binary reads the "IpAddress" parameter from a web request and copies it into a fixed-size stack buffer using strcpy() without any length validation. Maliciously crafted input can overflow the buffer, leading to potential arbitrary code execution or memory corruption, without requiring authentication. | Nov 13, 2025 |
| CVE-2025-60687(opens NVD record) | Medium | 6.5 | An unauthenticated command injection vulnerability exists in the ToToLink LR1200GB Router firmware V9.1.0u.6619_B20230130 within the cstecgi.cgi binary (sub_41EC68 function). The binary reads the "imei" parameter from a web request and verifies only that it is 15 characters long. The parameter is then directly inserted into a system command using sprintf() and executed with system(). Maliciously crafted IMEI input can execute arbitrary commands on the router without authentication. | Nov 13, 2025 |
| CVE-2025-60686(opens NVD record) | Medium | 5.1 | A local stack-based buffer overflow vulnerability exists in the infostat.cgi and cstecgi.cgi binaries of ToToLink routers (A720R V4.1.5cu.614_B20230630, LR1200GB V9.1.0u.6619_B20230130, and NR1800X V9.1.0u.6681_B20230703). Both programs parse the contents of /proc/net/arp using sscanf() with "%s" format specifiers into fixed-size stack buffers without length validation. Specifically, one function writes user-controlled data into a single-byte buffer, and the other into adjacent small arrays without bounds checking. An attacker who controls the contents of /proc/net/arp can trigger memory corruption, leading to denial of service or potential arbitrary code execution. | Nov 13, 2025 |
| CVE-2025-60685(opens NVD record) | Medium | 5.1 | A stack buffer overflow exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary (sub_401EE0 function). The binary reads the /proc/stat file using fgets() into a local buffer and subsequently parses the line using sscanf() into a single-byte variable with the %s format specifier. Maliciously crafted /proc/stat content can overwrite adjacent stack memory, potentially allowing an attacker with filesystem write privileges to execute arbitrary code on the device. | Nov 13, 2025 |
| CVE-2025-60684(opens NVD record) | Medium | 6.5 | A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (sub_42F32C function). The web interface reads the "lang" parameter and constructs Help URL strings using sprintf() into fixed-size stack buffers without proper length validation. Maliciously crafted input can overflow these buffers, potentially leading to arbitrary code execution or memory corruption, without requiring authentication. | Nov 13, 2025 |
| CVE-2025-60683(opens NVD record) | Medium | 6.5 | A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary, specifically in the sub_40BFA4 function that handles network interface reinitialization from '/var/system/linux_vlan_reinit'. Input is only partially validated by checking the prefix of interface names, and is concatenated into shell commands executed via system() without escaping. An attacker with write access to this file can execute arbitrary commands on the device. | Nov 13, 2025 |
| CVE-2025-60682(opens NVD record) | Medium | 6.5 | A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the cloudupdate_check binary, specifically in the sub_402414 function that handles cloud update parameters. User-supplied 'magicid' and 'url' values are directly concatenated into shell commands and executed via system() without any sanitization or escaping. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary commands on the device. | Nov 13, 2025 |
| CVE-2025-12763(opens NVD record) | Medium | 6.8 | pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input. | Nov 13, 2025 |
| CVE-2025-33119(opens NVD record) | Medium | 6.5 | IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an authenticated user. | Nov 12, 2025 |
| CVE-2025-63396(opens NVD record) | Low | 3.3 | An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or hang during finalization, leading to a Denial of Service (DoS). | Nov 12, 2025 |
| CVE-2025-46608(opens NVD record) | Critical | 9.1 | Dell Data Lakehouse, versions prior to 1.6.0.0, contain(s) an Improper Access Control vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges. This vulnerability is considered Critical, as it may result in unauthorized access with elevated privileges, compromising system integrity and customer data. Dell recommends customers upgrade to the latest version at the earliest opportunity. | Nov 12, 2025 |
| CVE-2025-36223(opens NVD record) | Medium | 5.4 | IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. | Nov 12, 2025 |
| CVE-2025-46428(opens NVD record) | High | 8.8 | Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. | Nov 12, 2025 |
| CVE-2025-46427(opens NVD record) | High | 8.8 | Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. | Nov 12, 2025 |
| CVE-2025-27368(opens NVD record) | Medium | 4.3 | IBM OpenPages 9.0 and 9.1 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used by the user interface of OpenPages. An authenticated user is able to obtain certain information about system metadata for areas beyond what the user is intended to view. | Nov 12, 2025 |
| CVE-2024-48829(opens NVD record) | Medium | 6.7 | Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Control of Generation of Code ('Code Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | Nov 12, 2025 |
| CVE-2025-56385(opens NVD record) | Critical | 9.8 | A SQL injection vulnerability exists in the login functionality of WellSky Harmony version 4.1.0.2.83 within the 'xmHarmony.asp' endpoint. User-supplied input to the 'TXTUSERID' parameter is not properly sanitized before being incorporated into a SQL query. Successful authentication may lead to authentication bypass, data leakage, or full system compromise of backend database contents. | Nov 12, 2025 |
| CVE-2024-47866(opens NVD record) | High | 7.5 | Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist. | Nov 12, 2025 |
| CVE-2025-13042(opens NVD record) | High | 8.8 | Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Nov 12, 2025 |
| CVE-2025-64531(opens NVD record) | High | 7.8 | Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Nov 11, 2025 |
| CVE-2025-61835(opens NVD record) | High | 7.8 | Substance3D - Stager versions 3.1.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Nov 11, 2025 |
| CVE-2025-61834(opens NVD record) | High | 7.8 | Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Nov 11, 2025 |
| CVE-2025-61833(opens NVD record) | High | 7.8 | Substance3D - Stager versions 3.1.5 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Nov 11, 2025 |
| CVE-2025-62453(opens NVD record) | Medium | 5.0 | Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally. | Nov 11, 2025 |
| CVE-2025-62452(opens NVD record) | High | 8.0 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. | Nov 11, 2025 |
| CVE-2025-62449(opens NVD record) | Medium | 6.8 | Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally. | Nov 11, 2025 |
| CVE-2025-62222(opens NVD record) | High | 8.8 | Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network. | Nov 11, 2025 |