Export limit exceeded: 334948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-37040 | 1 Codeblocks | 1 Code::blocks | 2026-02-03 | 8.4 High |
| Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious file name with Unicode characters. Attackers can trigger the vulnerability by pasting a specially crafted payload into the file name field during project creation, potentially executing system commands like calc.exe. | ||||
| CVE-2020-37042 | 2 Frigate3, Winfrigate | 2 Frigate Professional, Frigate 3 | 2026-02-03 | 8.4 High |
| Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the 'Find Computer' feature that allows attackers to execute arbitrary code by overflowing the computer name input field. Attackers can craft a malicious payload that triggers a buffer overflow, enabling code execution and launching calculator as a proof of concept. | ||||
| CVE-2020-37043 | 1 10-strike | 1 Bandwidth Monitor | 2026-02-03 | 9.8 Critical |
| 10-Strike Bandwidth Monitor 3.9 contains a buffer overflow vulnerability that allows attackers to bypass SafeSEH, ASLR, and DEP protections through carefully crafted input. Attackers can exploit the vulnerability by sending a malicious payload to the application's registration key input, enabling remote code execution and launching arbitrary system commands. | ||||
| CVE-2020-37045 | 1 Veritas | 1 Netbackup | 2026-02-03 | 7.8 High |
| Veritas NetBackup 7.0 contains an unquoted service path vulnerability in the NetBackup INET Daemon service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Veritas\NetBackup\bin\bpinetd.exe to inject malicious code that would execute with elevated LocalSystem privileges. | ||||
| CVE-2020-37046 | 1 Adikiss | 1 Sistem Informasi Pengumuman Kelulusan Online | 2026-02-03 | 5.3 Medium |
| Sistem Informasi Pengumuman Kelulusan Online 1.0 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized admin users through the tambahuser.php endpoint. Attackers can craft a malicious HTML form to submit admin credentials and create new administrative accounts without the victim's consent. | ||||
| CVE-2020-37047 | 1 Deepinstinct | 1 Windows Agent | 2026-02-03 | 7.8 High |
| Deep Instinct Windows Agent 1.2.29.0 contains an unquoted service path vulnerability in the DeepMgmtService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepMgmtService.exe to inject malicious code that would execute with LocalSystem permissions during service startup. | ||||
| CVE-2020-37048 | 1 Iskysoft | 1 Application Framework Service | 2026-02-03 | 7.8 High |
| Iskysoft Application Framework Service 2.4.3.241 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that would be run with the service's high-level system permissions. | ||||
| CVE-2020-37049 | 2 Frigate3, Winfrigate | 2 Frigate Professional, Frigate 3 | 2026-02-03 | 8.4 High |
| Frigate 3.36.0.9 contains a local buffer overflow vulnerability in the Command Line input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload to overflow the buffer, bypass DEP, and execute commands like launching calc.exe through a specially crafted input sequence. | ||||
| CVE-2020-37050 | 1 M.j.m | 1 Quick Player | 2026-02-03 | 9.8 Critical |
| Quick Player 1.3 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious .m3l file with carefully constructed payload. Attackers can trigger the vulnerability by loading a specially crafted file through the application's file loading mechanism, potentially enabling remote code execution. | ||||
| CVE-2020-37051 | 1 Sunnygkp10 | 1 Online-exam-system | 2026-02-03 | 8.2 High |
| Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes. Attackers can exploit the 'feed.php' endpoint by crafting malicious payload requests that use time delays to systematically enumerate user password characters. | ||||
| CVE-2020-37055 | 1 Enigmasoftware | 1 Spyhunter | 2026-02-03 | 7.8 High |
| SpyHunter 4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file system locations to gain elevated access during service startup. | ||||
| CVE-2020-37056 | 1 Crystal Shard | 1 Http-protection | 2026-02-03 | 9.8 Critical |
| Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to bypass protection middleware by manipulating request headers. Attackers can hardcode consistent IP values across X-Forwarded-For, X-Client-IP, and X-Real-IP headers to circumvent security checks and gain unauthorized access. | ||||
| CVE-2020-37057 | 1 Sunnygkp10 | 1 Online-exam-system | 2026-02-03 | 8.2 High |
| Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract, modify, or delete database information. | ||||
| CVE-2020-37061 | 1 Weird Solutions | 1 Bootpturbo | 2026-02-03 | 7.8 High |
| BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted executable path to inject malicious code that will be executed when the service starts with LocalSystem permissions. | ||||
| CVE-2020-37062 | 1 Weird Solutions | 1 Dhcp Turbo | 2026-02-03 | 7.8 High |
| DHCP Turbo 4.61298 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can place malicious executables in the service path to gain elevated privileges when the service starts. | ||||
| CVE-2020-37063 | 1 Weird Solutions | 1 Tftp Turbo | 2026-02-03 | 7.8 High |
| TFTP Turbo 4.6.1273 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions. | ||||
| CVE-2020-37064 | 1 Epson | 1 Easymp | 2026-02-03 | 7.8 High |
| EPSON EasyMP Network Projection 2.81 contains an unquoted service path vulnerability in the EMP_NSWLSV service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\EPSON Projector\EasyMP Network Projection V2\ to inject malicious code that would execute with LocalSystem privileges. | ||||
| CVE-2021-47856 | 1 Netart Media | 1 Easy Cart Shopping Cart | 2026-02-03 | 6.4 Medium |
| Easy Cart Shopping Cart 2021 contains a non-persistent cross-site scripting vulnerability in the search module's keyword parameter. Remote attackers can inject malicious script code through the search input to compromise user sessions and manipulate application content. | ||||
| CVE-2021-47885 | 2 Authorize.net, Criticalgears | 3 Payment Terminal, Paypal Pro Payment Terminal, Stripe Payment Terminal | 2026-02-03 | 6.4 Medium |
| Multiple payment terminal versions contain non-persistent cross-site scripting vulnerabilities in billing and payment information input fields. Attackers can inject malicious script code through vulnerable parameters to manipulate client-side requests and potentially execute session hijacking or phishing attacks. | ||||
| CVE-2021-47908 | 1 Thewebfosters | 1 Ultimate Pos | 2026-02-03 | 6.4 Medium |
| Ultimate POS 4.4 contains a persistent cross-site scripting vulnerability in the product name parameter that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability through product add or edit functions to execute arbitrary JavaScript and potentially hijack user sessions. | ||||