Search Results (14133 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-61932 1 Motex 1 Lanscope Endpoint Manager 2026-02-26 N/A
Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets.
CVE-2024-48829 1 Dell 1 Smartfabric Os10 2026-02-26 6.7 Medium
Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Control of Generation of Code ('Code Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
CVE-2025-59503 1 Microsoft 2 Azure, Azure Compute Resource Provider 2026-02-26 10 Critical
Server-side request forgery (ssrf) in Azure Compute Gallery allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-12762 1 Pgadmin 1 Pgadmin 4 2026-02-26 9.1 Critical
pgAdmin versions up to 9.9 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical risk to the integrity and security of the database management system and underlying data.
CVE-2025-13659 1 Ivanti 1 Endpoint Manager 2026-02-26 8.8 High
Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required.
CVE-2025-48984 1 Veeam 2 Backup And Replication, Veeam Backup \& Replication 2026-02-26 8.8 High
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.
CVE-2025-13081 1 Drupal 2 Drupal, Drupal Core 2026-02-26 5.9 Medium
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
CVE-2025-37157 1 Hpe 1 Arubaos-cx 2026-02-26 6.7 Medium
A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system.
CVE-2025-13780 1 Pgadmin 1 Pgadmin 4 2026-02-26 9.1 Critical
pgAdmin versions up to 9.10 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical risk to the integrity and security of the database management system and underlying data.
CVE-2025-62207 1 Microsoft 2 Azure Monitor, Azure Monitor Control Service 2026-02-26 8.6 High
Azure Monitor Elevation of Privilege Vulnerability
CVE-2025-37164 1 Hpe 1 Oneview 2026-02-26 10 Critical
A remote code execution issue exists in HPE OneView.
CVE-2025-46295 2 Apache, Claris 2 Commons Text, Filemaker Server 2026-02-26 9.8 Critical
Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could potentially achieve remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4.
CVE-2025-33204 1 Nvidia 1 Nemo 2026-02-26 7.8 High
NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
CVE-2025-59302 1 Apache 1 Cloudstack 2026-02-26 4.7 Medium
In Apache CloudStack improper control of generation of code ('Code Injection') vulnerability is found in the following APIs which are accessible only to admins. * quotaTariffCreate * quotaTariffUpdate * createSecondaryStorageSelector * updateSecondaryStorageSelector * updateHost * updateStorage This issue affects Apache CloudStack: from 4.18.0 before 4.20.2, from 4.21.0 before 4.22.0. Users are recommended to upgrade to versions 4.20.2 or 4.22.0, which contain the fix. The fix introduces a new global configuration flag, js.interpretation.enabled, allowing administrators to control the interpretation of JavaScript expressions in these APIs, thereby mitigating the code injection risk.
CVE-2025-68645 2 Synacor, Zimbra 2 Zimbra Collaboration Suite, Zimbra 2026-02-26 8.8 High
A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.
CVE-2025-69262 1 Pnpm 1 Pnpm 2026-02-26 7.6 High
pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Code Execution (RCE) in build environments. This issue is fixed in version 10.27.0.
CVE-2024-4040 1 Crushftp 1 Crushftp 2026-02-26 9.8 Critical
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
CVE-2025-33236 1 Nvidia 2 Nemo, Nemo Framework 2026-02-26 7.8 High
NVIDIA NeMo Framework contains a vulnerability where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
CVE-2025-33250 1 Nvidia 2 Nemo, Nemo Framework 2026-02-26 7.8 High
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
CVE-2025-33251 1 Nvidia 2 Nemo, Nemo Framework 2026-02-26 7.8 High
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.