Export limit exceeded: 336153 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336153 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-50806 | 1 4homepages | 1 4images | 2026-03-05 | 7.2 High |
| 4images 1.9 contains a remote command execution vulnerability that allows authenticated administrators to inject reverse shell code through template editing functionality. Attackers can save malicious code in the template and execute arbitrary commands by accessing a specific categories.php endpoint with a crafted cat_id parameter. | ||||
| CVE-2022-50805 | 1 Slims | 1 Senayan Library Management System | 2026-03-05 | 8.2 High |
| Senayan Library Management System 9.0.0 contains a SQL injection vulnerability in the 'class' parameter that allows attackers to inject malicious SQL queries. Attackers can exploit the vulnerability by submitting crafted payloads to manipulate database queries and potentially extract sensitive information. | ||||
| CVE-2022-50693 | 1 Splashtop | 1 Splashtop | 2026-03-05 | 8.4 High |
| Splashtop 8.71.12001.0 contains an unquoted service path vulnerability in the Splashtop Software Updater Service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Splashtop\Splashtop Software Updater\ to inject malicious executables and escalate privileges. | ||||
| CVE-2021-47919 | 2 Simple-cms Project, Simplephpscripts | 3 Simple Cms, Simple Cms, Simple Cms Php | 2026-03-05 | 6.4 Medium |
| Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerability in the preview.php file's id parameter. Attackers can inject malicious script code through a GET request to execute arbitrary scripts and potentially hijack user sessions or perform phishing attacks. | ||||
| CVE-2021-47918 | 2 Simple-cms Project, Simplephpscripts | 3 Simple Cms, Simple Cms, Simple Cms Php | 2026-03-05 | 8.1 High |
| Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application. | ||||
| CVE-2021-47917 | 2 Simple-cms Project, Simplephpscripts | 3 Simple Cms, Simple Cms, Simple Cms Php | 2026-03-05 | 6.4 Medium |
| Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading to session hijacking and application manipulation. | ||||
| CVE-2021-47915 | 1 Phpsugar | 1 Php Melody | 2026-03-05 | 8.1 High |
| PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web application and database management system. | ||||
| CVE-2021-47914 | 1 Phpsugar | 1 Php Melody | 2026-03-05 | 6.4 Medium |
| PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.php submitted parameter that allows remote attackers to inject malicious script code. Attackers can exploit this vulnerability to execute arbitrary JavaScript, potentially leading to session hijacking, persistent phishing, and manipulation of application modules. | ||||
| CVE-2021-47913 | 1 Phpsugar | 1 Php Melody | 2026-03-05 | 6.4 Medium |
| PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation. | ||||
| CVE-2021-47912 | 1 Phpsugar | 1 Php Melody | 2026-03-05 | 6.4 Medium |
| PHP Melody version 3.0 contains multiple non-persistent cross-site scripting vulnerabilities in categories, import, and user import files. Attackers can inject malicious scripts through unvalidated parameters to execute client-side attacks and potentially hijack user sessions. | ||||
| CVE-2021-47911 | 2 Jdwebdesigner, Redefiningtheweb | 2 Affiliate Pro, Affiliate Pro | 2026-03-05 | 5.4 Medium |
| Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index module's input fields. Attackers can inject malicious scripts through fullname, username, and email parameters to execute client-side attacks and manipulate browser requests. | ||||
| CVE-2021-47906 | 2 Bloofox, Bloofoxcms | 2 Bloofoxcms, Bloofoxcms | 2026-03-05 | 6.4 Medium |
| BloofoxCMS 0.5.2.1 contains a stored cross-site scripting vulnerability in the articles text parameter that allows authenticated attackers to inject malicious scripts. Attackers can insert malicious javascript payloads in the text field to execute scripts and potentially steal authenticated users' cookies. | ||||
| CVE-2021-47902 | 1 Testa | 1 Online Test Management System | 2026-03-05 | 8.2 High |
| Testa Online Test Management System 3.4.7 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'q' search parameter. Attackers can inject malicious SQL code in the search field to extract database information, potentially accessing sensitive user or system data. | ||||
| CVE-2021-47900 | 1 Gilacms | 1 Gila Cms | 2026-03-05 | 9.8 Critical |
| Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shell_exec() to run system commands by sending crafted requests to the admin endpoint. | ||||
| CVE-2021-47898 | 1 Epson | 1 Usb Display | 2026-03-05 | 7.8 High |
| Epson USB Display 1.6.0.0 contains an unquoted service path vulnerability in the EMP_UDSA service running with LocalSystem privileges. Attackers can exploit the unquoted path by placing malicious executables in intermediate directories to gain elevated system access. | ||||
| CVE-2021-47897 | 1 Peel | 1 Peel Shopping | 2026-03-05 | 7.2 High |
| PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the address parameter of the change_params.php script. Attackers can inject malicious JavaScript payloads that execute when users interact with the address text box, potentially enabling client-side script execution. | ||||
| CVE-2021-47892 | 1 Peel | 1 Peel Shopping | 2026-03-05 | 7.2 High |
| PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the 'Comments / Special Instructions' parameter of the purchase page. Attackers can inject malicious JavaScript payloads that will execute when the page is refreshed, potentially allowing client-side script execution. | ||||
| CVE-2021-47891 | 2 Unified Intents, Unifiedremote | 2 Unified Remote, Unified Remote | 2026-03-05 | 9.8 Critical |
| Unified Remote 3.9.0.2463 contains a remote code execution vulnerability that allows attackers to send crafted network packets to execute arbitrary commands. Attackers can exploit the service by connecting to port 9512 and sending specially crafted packets to open a command prompt and download and execute malicious payloads. | ||||
| CVE-2021-47888 | 1 Textpattern | 1 Textpattern | 2026-03-05 | 8.8 High |
| Textpattern versions prior to 4.8.3 contain an authenticated remote code execution vulnerability that allows logged-in users to upload malicious PHP files. Attackers can upload a PHP file with a shell command execution payload and execute arbitrary commands by accessing the uploaded file through a specific URL parameter. | ||||
| CVE-2021-47884 | 2 Mitsubishielectric, Oki | 2 Iu Configuration Tool, Configuration Tool | 2026-03-05 | 7.8 High |
| OKI Configuration Tool 1.6.53 contains an unquoted service path vulnerability in the OKI Local Port Manager service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Okidata\Common\extend3\portmgrsrv.exe' to inject malicious executables and escalate privileges. | ||||