Export limit exceeded: 15832 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10478 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-56518 | 1 Hazelcast | 1 Management Center | 2025-07-07 | 9.8 Critical |
| Hazelcast Management Center through 6.0 allows remote code execution via a JndiLoginModule user.provider.url in a hazelcast-client XML document (aka a client configuration file), which can be uploaded at the /cluster-connections URI. | ||||
| CVE-2019-0887 | 1 Microsoft | 10 Remote Desktop Client, Windows 10, Windows 11 21h2 and 7 more | 2025-07-07 | 8.0 High |
| A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. | ||||
| CVE-2022-22017 | 1 Microsoft | 5 Remote Desktop, Remote Desktop Client, Windows 11 and 2 more | 2025-07-07 | 8.8 High |
| Remote Desktop Client Remote Code Execution Vulnerability | ||||
| CVE-2021-34535 | 1 Microsoft | 17 Remote Desktop Client, Windows 10, Windows 10 1507 and 14 more | 2025-07-07 | 8.8 High |
| Remote Desktop Client Remote Code Execution Vulnerability | ||||
| CVE-2025-6659 | 1 Pdf-xchange | 3 Pdf-tools, Pdf-xchange Editor, Pdf-xchange Pro | 2025-07-07 | N/A |
| PDF-XChange Editor PRC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PRC files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26734. | ||||
| CVE-2025-6660 | 1 Pdf-xchange | 3 Pdf-tools, Pdf-xchange Editor, Pdf-xchange Pro | 2025-07-07 | N/A |
| PDF-XChange Editor GIF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26763. | ||||
| CVE-2024-51568 | 2 Cyber Panel, Cyberpanel | 2 Cyber Panel, Cyberpanel | 2025-07-07 | 10 Critical |
| CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka File Manager upload) unauthenticated remote code execution via shell metacharacters. | ||||
| CVE-2025-6642 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-07-06 | N/A |
| PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26530. | ||||
| CVE-2025-6661 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-07-06 | N/A |
| PDF-XChange Editor App Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of App objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26823. | ||||
| CVE-2025-6640 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-07-06 | N/A |
| PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26527. | ||||
| CVE-2025-6647 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-07-06 | N/A |
| PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26644. | ||||
| CVE-2025-6644 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-07-06 | N/A |
| PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26536. | ||||
| CVE-2025-6654 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-07-06 | N/A |
| PDF-XChange Editor PRC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PRC files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26729. | ||||
| CVE-2025-6651 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-07-06 | N/A |
| PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26713. | ||||
| CVE-2025-6645 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-07-06 | N/A |
| PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26642. | ||||
| CVE-2025-29783 | 1 Vllm | 1 Vllm | 2025-07-01 | 9.1 Critical |
| vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. When vLLM is configured to use Mooncake, unsafe deserialization exposed directly over ZMQ/TCP on all network interfaces will allow attackers to execute remote code on distributed hosts. This is a remote code execution vulnerability impacting any deployments using Mooncake to distribute KV across distributed hosts. This vulnerability is fixed in 0.8.0. | ||||
| CVE-2024-44849 | 1 Qualitor | 2 Qalitor, Qualitor | 2025-07-01 | 9.8 Critical |
| Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php. | ||||
| CVE-2024-48359 | 1 Qualitor | 1 Qualitor | 2025-07-01 | 9.8 Critical |
| Qualitor v8.24 was discovered to contain a remote code execution (RCE) vulnerability via the gridValoresPopHidden parameter. | ||||
| CVE-2024-57376 | 1 Dlink | 12 Dsr-1000n, Dsr-1000n Firmware, Dsr-150 and 9 more | 2025-07-01 | 8.8 High |
| Buffer Overflow vulnerability in D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, DSR-1000N from 3.13 to 3.17B901C allows unauthenticated users to execute remote code execution. | ||||
| CVE-2024-29212 | 1 Veeam | 1 Veeam Service Provider Console | 2025-06-30 | N/A |
| Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine. | ||||