Export limit exceeded: 78872 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (78872 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-10313 | 1 Spidercontrol | 1 Scada Pc Hmi Editor | 2026-04-15 | 8 High |
| iniNet Solutions SpiderControl SCADA PC HMI Editor has a path traversal vulnerability. When the software loads a malicious ‘ems' project template file constructed by an attacker, it can write files to arbitrary directories. This can lead to overwriting system files, causing system paralysis, or writing to startup items, resulting in remote control. | ||||
| CVE-2020-37098 | 1 Disksorter | 1 Disk Sorter | 2026-04-15 | 7.8 High |
| Disk Sorter Enterprise 12.4.16 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions. | ||||
| CVE-2020-37146 | 1 Ace Security | 1 Aptina Ar0130 960p 1.3mp Camera | 2026-04-15 | 7.5 High |
| ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration files. Attackers can access the camera's configuration backup by sending a GET request to the /config_backup.bin endpoint, exposing credentials and system settings. | ||||
| CVE-2020-37092 | 1 Netis-systems | 1 Netis E1+ | 2026-04-15 | 7.5 High |
| Netis E1+ version 1.2.32533 contains a hardcoded root account vulnerability that allows unauthenticated attackers to access the device with predefined credentials. Attackers can leverage the embedded root account with a crackable password to gain full administrative access to the network device. | ||||
| CVE-2020-37085 | 1 Sunnysidesoft | 1 Virtualtablet Server | 2026-04-15 | 7.5 High |
| VirtualTablet Server 3.0.2 contains a denial of service vulnerability that allows attackers to crash the service by sending oversized string payloads through the Thrift protocol. Attackers can exploit the vulnerability by sending a long string to the send_say() method, causing the server to become unresponsive. | ||||
| CVE-2020-37163 | 1 Quickdate | 1 Quickdate | 2026-04-15 | 8.2 High |
| QuickDate 1.3.2 contains a SQL injection vulnerability that allows remote attackers to manipulate database queries through the '_located' parameter in the find_matches endpoint. Attackers can inject UNION-based SQL statements to extract database information including user credentials, database name, and system version. | ||||
| CVE-2020-37177 | 1 Weird Solutions | 1 Bootpturbo | 2026-04-15 | 7.5 High |
| BOOTP Turbo 2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Structured Exception Handler (SEH). Attackers can generate a malicious payload of 2196 bytes with specific byte patterns to trigger an application crash and corrupt the SEH chain. | ||||
| CVE-2020-37179 | 1 Nsasoft | 1 Nsauditor Apkf Product Key Finder | 2026-04-15 | 7.5 High |
| APKF Product Key Finder 2.5.8.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an application crash. | ||||
| CVE-2024-10238 | 2026-04-15 | 7.2 High | ||
| A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6. An attacker can upload a specially crafted image that will cause a stack overflow is caused by not checking fld->used_bytes. | ||||
| CVE-2020-37060 | 1 Drive-software | 1 Atomic Alarm Clock X86 | 2026-04-15 | 7.8 High |
| Atomic Alarm Clock 6.3 contains a local privilege escalation vulnerability in its service configuration that allows attackers to execute arbitrary code with SYSTEM privileges. Attackers can exploit the unquoted service path by placing a malicious executable named 'Program.exe' to gain persistent system-level access. | ||||
| CVE-2020-37058 | 1 Andrea Electronics | 1 Andrea St Filters Service | 2026-04-15 | 7.8 High |
| Andrea ST Filters Service 1.0.64.7 contains an unquoted service path vulnerability in its Windows service configuration. Local attackers can exploit the unquoted path to inject malicious code that will execute with elevated LocalSystem privileges during service startup. | ||||
| CVE-2020-37045 | 1 Veritas | 2 Netbackup, Netbackup Firmware | 2026-04-15 | 7.8 High |
| Veritas NetBackup 7.0 contains an unquoted service path vulnerability in the NetBackup INET Daemon service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Veritas\NetBackup\bin\bpinetd.exe to inject malicious code that would execute with elevated LocalSystem privileges. | ||||
| CVE-2020-37189 | 1 Digitalvolcano Software | 1 Taskcanvas | 2026-04-15 | 7.5 High |
| TaskCanvas 1.4.0 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration field to trigger an application crash. | ||||
| CVE-2020-37194 | 1 Nsasoft | 1 Nsauditor Backup Key Recovery Recover Keys Crashed Hard Disk Drive | 2026-04-15 | 7.5 High |
| Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by supplying an overly long registration key. Attackers can generate a 1000-character payload file and paste it into the registration key field to trigger an application crash. | ||||
| CVE-2020-37042 | 3 Frigate, Frigate3, Winfrigate | 3 Frigate, Frigate Professional, Frigate 3 | 2026-04-15 | 8.4 High |
| Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the 'Find Computer' feature that allows attackers to execute arbitrary code by overflowing the computer name input field. Attackers can craft a malicious payload that triggers a buffer overflow, enabling code execution and launching calculator as a proof of concept. | ||||
| CVE-2020-36839 | 2026-04-15 | 8.3 High | ||
| The WP Lead Plus X plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.99. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform administrative actions, such as adding pages to the site and/or replacing site content with malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2019-25285 | 1 Alps | 1 Pointing-device Controller | 2026-04-15 | 7.8 High |
| Alps Pointing-device Controller 8.1202.1711.04 contains an unquoted service path vulnerability in the ApHidMonitorService that allows local attackers to execute code with elevated privileges. Attackers can place a malicious executable in the service path and gain system-level access when the service restarts or the system reboots. | ||||
| CVE-2019-25283 | 1 Shrew | 1 Vpn Client | 2026-04-15 | 7.8 High |
| Shrew Soft VPN Client 2.2.2 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can place malicious executables in the unquoted service path to gain elevated access during service startup or system reboot. | ||||
| CVE-2024-35780 | 2026-04-15 | 8.5 High | ||
| Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer.This issue affects Page Builder: Live Composer: from n/a through 1.5.42. | ||||
| CVE-2019-25281 | 1 Ncp-e | 1 Ncp Secure Entry Client | 2026-04-15 | 7.8 High |
| NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted paths in services like ncprwsnt, rwsrsu, ncpclcfg, and NcpSec to inject malicious code that would execute with LocalSystem privileges during service startup. | ||||