Total
10887 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25489 | 1 Samsung | 1 Android | 2025-10-22 | 4.9 MEDIUM | 3.3 LOW |
| Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic. | |||||
| CVE-2021-21985 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2025-10-22 | 10.0 HIGH | 9.8 CRITICAL |
| The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. | |||||
| CVE-2020-8195 | 1 Citrix | 12 4000-wo, 4100-wo, 5000-wo and 9 more | 2025-10-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users. | |||||
| CVE-2020-3161 | 1 Cisco | 26 8831, 8831 Firmware, Ip Phone 7811 and 23 more | 2025-10-22 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition. | |||||
| CVE-2020-1350 | 1 Microsoft | 4 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 1 more | 2025-10-22 | 10.0 HIGH | 10.0 CRITICAL |
| A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'. | |||||
| CVE-2020-1040 | 1 Microsoft | 3 Windows Server 2008, Windows Server 2012, Windows Server 2016 | 2025-10-22 | 7.7 HIGH | 9.0 CRITICAL |
| A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043. | |||||
| CVE-2020-11261 | 1 Qualcomm | 798 Apq8009, Apq8009 Firmware, Apq8009w and 795 more | 2025-10-22 | 7.2 HIGH | 7.8 HIGH |
| Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2020-0938 | 1 Microsoft | 17 Windows 10 1507, Windows 10 1607, Windows 10 1709 and 14 more | 2025-10-22 | 6.8 MEDIUM | 7.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1020. | |||||
| CVE-2019-16759 | 1 Vbulletin | 1 Vbulletin | 2025-10-22 | 7.5 HIGH | 9.8 CRITICAL |
| vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. | |||||
| CVE-2019-0604 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2025-10-22 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594. | |||||
| CVE-2018-8414 | 1 Microsoft | 5 Windows 10 1703, Windows 10 1709, Windows 10 1803 and 2 more | 2025-10-22 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10. | |||||
| CVE-2018-7600 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2025-10-22 | 7.5 HIGH | 9.8 CRITICAL |
| Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations. | |||||
| CVE-2018-0174 | 2 Cisco, Rockwellautomation | 11 7600 Series Route Switch Processor 720, 7600 Series Supervisor Engine 32, 7600 Series Supervisor Engine 720 and 8 more | 2025-10-22 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of option 82 information that it receives in DHCP Version 4 (DHCPv4) packets from DHCP relay agents. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuh91645. | |||||
| CVE-2018-0173 | 2 Cisco, Rockwellautomation | 20 4321 Integrated Services Router, 4331 Integrated Services Router, 4351 Integrated Services Router and 17 more | 2025-10-22 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a Relay Reply denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of encapsulated option 82 information that it receives in DHCPOFFER messages from DHCPv4 servers. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device, which the device would then forward to a DHCPv4 server. When the affected software processes the option 82 information that is encapsulated in the response from the server, an error could occur. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvg62754. | |||||
| CVE-2018-0159 | 1 Cisco | 14 Asr 901-12c-f-d, Asr 901-12c-ft-d, Asr 901-4c-f-d and 11 more | 2025-10-22 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of specific IKEv1 packets. An attacker could exploit this vulnerability by sending crafted IKEv1 packets to an affected device during an IKE negotiation. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuj73916. | |||||
| CVE-2018-0156 | 1 Cisco | 149 Catalyst 2960-plus 24lc-l, Catalyst 2960-plus 24lc-s, Catalyst 2960-plus 24pc-l and 146 more | 2025-10-22 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted packet to an affected device on TCP port 4786. Only Smart Install client switches are affected. Cisco devices that are configured as a Smart Install director are not affected by this vulnerability. Cisco Bug IDs: CSCvd40673. | |||||
| CVE-2018-0125 | 1 Cisco | 4 Rv132w, Rv132w Firmware, Rv134w and 1 more | 2025-10-22 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to an incomplete input validation on user-controlled input in an HTTP request to the targeted device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user and gain full control of the affected system or cause it to reload, resulting in a DoS condition. This vulnerability is fixed in firmware version 1.0.1.11 for the following Cisco products: RV132W ADSL2+ Wireless-N VPN Router and RV134W VDSL2 Wireless-AC VPN Router. Cisco Bug IDs: CSCvg92737, CSCvh60170. | |||||
| CVE-2017-9791 | 1 Apache | 1 Struts | 2025-10-22 | 7.5 HIGH | 9.8 CRITICAL |
| The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage. | |||||
| CVE-2017-3881 | 1 Cisco | 323 Catalyst 2350-48td-s, Catalyst 2350-48td-sd, Catalyst 2360-48td-s and 320 more | 2025-10-22 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: (1) the failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device; and (2) the incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. This affects Catalyst switches, Embedded Service 2020 switches, Enhanced Layer 2 EtherSwitch Service Module, Enhanced Layer 2/3 EtherSwitch Service Module, Gigabit Ethernet Switch Module (CGESM) for HP, IE Industrial Ethernet switches, ME 4924-10GE switch, RF Gateway 10, and SM-X Layer 2/3 EtherSwitch Service Module. Cisco Bug IDs: CSCvd48893. | |||||
| CVE-2017-15944 | 1 Paloaltonetworks | 1 Pan-os | 2025-10-22 | 7.5 HIGH | 9.8 CRITICAL |
| Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface. | |||||