Search Results (5437 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-64090 1 Zenitel 3 Tcis-3, Tcis-3+, Tcis-3 Firmware 2026-02-12 10 Critical
This vulnerability allows authenticated attackers to execute commands via the hostname of the device.
CVE-2026-20841 1 Microsoft 2 Window Notepad, Windows Notepad 2026-02-12 8.8 High
Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network.
CVE-2026-21256 1 Microsoft 1 Visual Studio 2022 2026-02-12 8.8 High
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.
CVE-2026-21257 1 Microsoft 1 Visual Studio 2022 2026-02-12 8 High
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network.
CVE-2026-21516 1 Microsoft 2 Gihub Copilot Plugin For Jetbrains Ides, Github Copilot 2026-02-12 8.8 High
Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network.
CVE-2026-21522 1 Microsoft 3 Confcom, Confidental Containers, Microsoft Aci Confidential Containers 2026-02-12 6.7 Medium
Improper neutralization of special elements used in a command ('command injection') in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.
CVE-2026-21518 1 Microsoft 1 Visual Studio Code 2026-02-12 6.5 Medium
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-2085 2 D-link, Dlink 3 Dwr-m921, Dwr-m921, Dwr-m921 Firmware 2026-02-12 7.2 High
A security vulnerability has been detected in D-Link DWR-M921 1.1.50. Affected is the function sub_419F20 of the file /boafrm/formUSSDSetup of the component USSD Configuration Endpoint. The manipulation of the argument ussdValue leads to command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
CVE-2026-2260 2 D-link, Dlink 3 Dcs-931l, Dcs-931l, Dcs-931l Firmware 2026-02-12 7.2 High
A vulnerability was found in D-Link DCS-931L up to 1.13.0. This affects an unknown part of the file /goform/setSysAdmin. The manipulation of the argument AdminID results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2026-2000 1 Dcn 1 Dcme-320 2026-02-12 4.7 Medium
A vulnerability was found in DCN DCME-320 up to 20260121. Impacted is the function apply_config of the file /function/system/basic/bridge_cfg.php of the component Web Management Backend. Performing a manipulation of the argument ip_list results in command injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-67221 1 Ijl 1 Orjson 2026-02-12 7.5 High
The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents.
CVE-2025-57708 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 6.5 Medium
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVE-2025-57710 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 4.9 Medium
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVE-2025-57711 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 4.9 Medium
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVE-2025-58471 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 4.9 Medium
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.2.0.1 ( 2025/12/21 ) and later
CVE-2025-54149 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 5.5 Medium
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVE-2025-54150 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 5.5 Medium
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVE-2025-54151 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 5.5 Medium
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVE-2026-21720 1 Grafana 2 Grafana, Grafana Enterprise 2026-02-12 7.5 High
Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel. Sustained traffic with random hashes keeps tripping this timeout, so goroutine count grows linearly, eventually exhausting memory and causing Grafana to crash on some systems.
CVE-2021-26381 1 Amd 17 Radeon Pro V520, Radeon Pro V620, Radeon Pro W5000 Series and 14 more 2026-02-12 N/A
Improper system call parameter validation in the Trusted OS may allow a malicious driver to perform mapping or unmapping operations on a large number of pages, potentially resulting in kernel memory corruption.