Vulnerabilities (CVE)

Filtered by CWE-94
Total 4714 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-28811 1 Nokia 2 Hit 7300, Hit 7300 Firmware 2025-05-30 N/A 3.3 LOW
An issue was discovered in Infinera hiT 7300 5.60.50. A web application allows a remote privileged attacker to execute applications contained in a specific OS directory via HTTP invocations.
CVE-2025-44881 1 Wavlink 2 Wl-wn579a3, Wl-wn579a3 Firmware 2025-05-30 N/A 9.8 CRITICAL
A command injection vulnerability in the component /cgi-bin/qos.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input.
CVE-2021-29505 5 Debian, Fedoraproject, Netapp and 2 more 17 Debian Linux, Fedora, Snapmanager and 14 more 2025-05-30 6.5 MEDIUM 7.5 HIGH
XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types is affected. The vulnerability is patched in version 1.4.17.
CVE-2022-34715 1 Microsoft 1 Windows Server 2022 2025-05-29 N/A 9.8 CRITICAL
Windows Network File System Remote Code Execution Vulnerability
CVE-2022-34714 1 Microsoft 10 Windows 10, Windows 11, Windows 7 and 7 more 2025-05-29 N/A 8.1 HIGH
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
CVE-2022-35772 1 Microsoft 1 Azure Site Recovery Vmware To Azure 2025-05-29 N/A 7.2 HIGH
Azure Site Recovery Remote Code Execution Vulnerability
CVE-2022-35767 1 Microsoft 10 Windows 10, Windows 11, Windows 7 and 7 more 2025-05-29 N/A 8.1 HIGH
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
CVE-2022-35766 1 Microsoft 5 Windows 10, Windows 11, Windows Server 2016 and 2 more 2025-05-29 N/A 8.1 HIGH
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
CVE-2022-35779 1 Microsoft 1 Azure Real Time Operating System Guix Studio 2025-05-29 N/A 7.8 HIGH
Azure RTOS GUIX Studio Remote Code Execution Vulnerability
CVE-2022-35777 1 Microsoft 4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more 2025-05-29 N/A 8.8 HIGH
Visual Studio Remote Code Execution Vulnerability
CVE-2024-51360 1 Phpgurukul 1 Hospital Management System 2025-05-29 N/A 9.8 CRITICAL
An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php file
CVE-2023-37518 1 Hcltech 1 Bigfix Servicenow Data Flow 2025-05-29 N/A 6.4 MEDIUM
HCL BigFix ServiceNow is vulnerable to arbitrary code injection. A malicious authorized attacker could inject arbitrary code and execute within the context of the running user.
CVE-2025-32801 2025-05-29 N/A 7.8 HIGH
Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.
CVE-2022-41138 1 Zutty Project 1 Zutty 2025-05-29 N/A 9.8 CRITICAL
In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution.
CVE-2024-48061 1 Langflow 1 Langflow 2025-05-28 N/A 9.8 CRITICAL
langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code functionality and the components run on the local machine rather than in a sandbox.
CVE-2025-28146 1 Edimax 2 Br-6478ac V3, Br-6478ac V3 Firmware 2025-05-28 N/A 9.8 CRITICAL
Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via fota_url in /boafrm/formLtefotaUpgradeQuectel
CVE-2024-50704 1 Uniguest 1 Tripleplay 2025-05-28 N/A 10.0 CRITICAL
Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request.
CVE-2024-50707 1 Uniguest 1 Tripleplay 2025-05-28 N/A 10.0 CRITICAL
Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-For header in an HTTP GET request.
CVE-2025-2061 1 Fabianros 1 Online Ticket Reservation System 2025-05-28 5.0 MEDIUM 4.3 MEDIUM
A vulnerability was found in code-projects Online Ticket Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /passenger.php. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-0961 1 Anisha 1 Job Recruitment 2025-05-28 4.0 MEDIUM 3.5 LOW
A vulnerability, which was classified as problematic, has been found in code-projects Job Recruitment 1.0. Affected by this issue is some unknown functionality of the file /_parse/load_job-details.php. The manipulation of the argument business_stream_name/company_website_url leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.