17012 matches found
CVE-2026-24719
CVE-2026-24719 affects QNAP operating systems QTS and QuTS hero. Description: a command-injection vulnerability that can be exploited by an attacker who has obtained an administrator account to execute arbitrary commands. Affected versions include QTS 5.2.9.3492 build 20260507 and later, and QuTS...
EUVD-2026-35977
A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...
CVE-2026-22893 QTS, QuTS hero
A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...
CVE-2025-66273
CVE-2025-66273 is a command-injection vulnerability affecting several QNAP OS versions. If an attacker gains an administrator account, they can execute arbitrary commands. Fixed in QTS 5.2.9.3410 build 20260214 and later, QuTS hero h5.2.9.3410 build 20260214 and later, QuTS hero h5.3.4.3500 build...
QNAP Systems QTS和QNAP Systems QuTS hero 操作系统命令注入漏洞
QNAP Systems QTS and QNAP Systems QuTS hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. Both products have an operating system command injection vulnerability. This vulnerability stems from command injection, which...
QNAP Systems QTS和QNAP Systems QuTS hero 操作系统命令注入漏洞
QNAP Systems QTS and QNAP Systems QuTS hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. Both products have an operating system command injection vulnerability. This vulnerability stems from command injection, which...
VulnCheck KEV: CVE-2026-10520
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution...
CVE-2026-45599 Windows UPnP Device Host Remote Code Execution Vulnerability
...
CVE-2026-45457 Microsoft Word Remote Code Execution Vulnerability
...
CVE-2026-47654 Remote Desktop Client Remote Code Execution Vulnerability
...
CVE-2026-45583
CVE-2026-45583 involves Microsoft Exchange Server and is described as an improper control of generation of code (code injection) that enables an unauthenticated attacker to execute code over the network. The CVSS 3.1 base score is 7.5 (HIGH) with NETWORK attack vector, HIGH impact on confidential...
Windows UPnP Device Host Remote Code Execution Vulnerability
Use after free in Universal Plug and Play upnp.dll allows an unauthorized attacker to execute code over a network...
EUVD-2026-35250
Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
EUVD-2026-35249
Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
Exploit for Code Injection in Flowiseai Flowise
CVE-2025-59528: Flowise CustomMCP Remote Code Exe...
DEBIAN-CVE-2026-11680
Use after free in Media in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
CVE-2026-11670
Use after free in PDF in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...
Microsoft Nuance PowerScribe 360 反序列化漏洞
Microsoft Nuance PowerScribe is a medical speech recognition and report generation system for radiologists developed by Microsoft. There are code-related vulnerabilities in Microsoft Nuance PowerScribe. Attackers can exploit these vulnerabilities to execute code remotely. The following products a...
Microsoft Exchange Server 代码注入漏洞
Microsoft Exchange Server is a set of email service programs provided by the American company Microsoft. It offers features such as email access, storage, forwarding, voicemail handling, and email filtering. There is a code injection vulnerability in Microsoft Exchange Server. Attackers can explo...
MiracleLinux 8 : samba-4.19.4-16.el8_10.ML.1 (AXSA:2026-767:06)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-767:06 advisory. samba: group policy certificate enrollment uses without validation CVE-2026-3012 samba: Samba: Remote Code Execution in printing subsystem via...