Lucene search
K

170 matches found

Vulnrichment
Vulnrichment
added 2026/03/18 7:34 a.m.4 views

CVE-2026-22320 Stack-Based Buffer Overflow in TFTP File-Transfer Command Handling over CLI

A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI a...

6.5CVSS6.2AI score0.00317EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/18 7:34 a.m.26 views

CVE-2026-22320 Stack-Based Buffer Overflow in TFTP File-Transfer Command Handling over CLI

A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI a...

6.5CVSS0.00317EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.6 views

HMS Ewon Flexy和HMS Networks HMS Cosy+ 安全漏洞

HMS Cosy+ and HMS Ewon Flexy are both products from the Swedish company HMS Networks. HMS Cosy+ is an application used for industrial remote access. HMS Ewon Flexy is a remote access gateway device. There are security vulnerabilities in HMS Ewon Flexy and HMS Cosy+, which stem from improper...

8.8CVSS6.2AI score0.00792EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.8 views

qinglong 安全漏洞

Qinglong is a scheduled task management platform developed by whyour, which supports Python3, JavaScript, Shell, and Typescript. Versions of Qinglong 2.20.1 and earlier have security vulnerabilities. These vulnerabilities stem from the handling of the command parameter in the file...

6.5CVSS6.8AI score0.00441EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/03/12 12:0 a.m.5 views

CVE-2026-25817

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have improper neutralization of special elements used in an OS command allowing remote code execution by attackers with low privilege access on the gateway,...

6.5AI score0.00792EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/12 12:0 a.m.5 views

CVE-2026-25817

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have improper neutralization of special elements used in an OS command allowing remote code execution by attackers with low privilege access on the gateway,...

6.4AI score0.00792EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/02/10 4:0 p.m.6 views

Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability

Improper neutralization of special elements used in a command 'command injection' in Azure Compute Gallery allows an authorized attacker to elevate privileges locally...

6.7CVSS5.6AI score0.00415EPSS
Exploits0
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.6 views

Ergosis Security ZEUS PDKS SQL注入漏洞

Ergosis Security ZEUS PDKS is an attendance and access control management system developed by the Turkish company Ergosis Security. Versions of Ergosis Security ZEUS PDKS from 1.0.5.10 up to version 10022026 have a SQL injection vulnerability. This vulnerability arises due to improper handling of...

8.8CVSS5.8AI score0.00258EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.7 views

Xpoda Studio SQL注入漏洞

Xpoda Studio is a visualization development environment provided by the Turkish company Xpoda. Versions of Xpoda Studio dated back to February 2026 and earlier contained an SQL injection vulnerability. This vulnerability stemmed from improper handling of special elements within SQL commands, whic...

9.8CVSS5.9AI score0.00415EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/30 12:0 a.m.7 views

Johnson Controls Metasys’ various products have security vulnerabilities

Johnson Controls Metasys is a building automation platform developed by Johnson Controls, a company based in the United States. Several products of Johnson Controls Metasys have security vulnerabilities, which stem from improper handling of special elements in commands, potentially leading to...

9.5CVSS7.6AI score0.0144EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.9 views

Apache Continuum 安全漏洞

Apache Continuum is a continuous integration server from the Apache Foundation. Apache Continuum suffers from a command injection vulnerability that stems from improper neutralization of special elements in commands, which can be exploited by an attacker to invoke arbitrary commands on the server...

9.9CVSS5.9AI score0.03732EPSS
Exploits0References3
OSV
OSV
added 2026/01/25 2:36 p.m.8 views

CVE-2026-22998 nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix NULL pointer dereferences in nvmettcpbuildpduiovec Commit efa56305908b "nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length" added ttag bounds checking and dataoffset validation in...

7.5CVSS5.3AI score0.0071EPSS
Exploits0References10
OSV
OSV
added 2026/01/23 11:26 a.m.4 views

SUSE-SU-2026:0273-1 Security update for azure-cli-core

This update for azure-cli-core fixes the following issues: - CVE-2025-24049: Fix improper neutralization of special elements used in a command which allows an unauthorized attacker to elevate privileges locally. bsc1239460...

8.4CVSS5.8AI score0.00403EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 10:12 a.m.8 views

CVE-2019-2312

When handling the vendor command there exists a potential buffer overflow due to lack of input validation of data buffer received in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in...

7.8CVSS9.7AI score0.00197EPSS
Exploits0References1
NVD
NVD
added 2026/01/05 7:15 p.m.4 views

CVE-2025-53966

An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, and 1580. Incorrect Handling of the NL80211 vendor command leads to a buffer overflow during handling of an IOCTL message...

8.4CVSS0.00138EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.7 views

PT-2026-1324

Name of the Vulnerable Software and Affected Versions Samsung Mobile Processor Exynos 1380 Samsung Mobile Processor Exynos 1480 Samsung Mobile Processor Exynos 2400 Samsung Mobile Processor Exynos 1580 Description An improper handling of the NL80211 vendor command results in a buffer overflow whe...

8.4CVSS7.5AI score0.00138EPSS
Exploits0References7
EUVD
EUVD
added 2026/01/05 12:0 a.m.5 views

EUVD-2026-0809

An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, and 1580. Incorrect Handling of the NL80211 vendor command leads to a buffer overflow during handling of an IOCTL message...

8.4CVSS6.9AI score0.00138EPSS
Exploits0References4
NVD
NVD
added 2025/11/26 4:15 p.m.5 views

CVE-2025-62354

Improper neutralization of special elements used in an OS command 'command injection' in Cursor allows an unauthorized attacker to execute commands that are outside of those specified in the allowlist, resulting in arbitrary code execution...

9.8CVSS0.01248EPSS
Exploits0References1
CVE
CVE
added 2025/11/26 3:40 p.m.28 views

CVE-2025-62354

CVE-2025-62354 affects Cursor and is characterized as improper neutralization of OS command elements (command injection) that allows an unauthorized, remote attacker to execute arbitrary code outside of an allowlist. Public sources in the connected set (Red Hat, NVD, EUVD, CVE list mirrors) descr...

9.8CVSS7.9AI score0.01248EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/13 6:26 a.m.26 views

CVE-2025-0636 Arbitrary Code Execution vulnerability in Ericsson RAN Compute and Site Controller

EMCLI contains a high severity vulnerability where improper neutralization of special elements used in an OS command could be exploited leading to Arbitrary Code Execution...

8.4CVSS0.00272EPSS
Exploits0References1
Rows per page
Query Builder