Export limit exceeded: 336619 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336619 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-54343 | 1 Qwe Labs | 1 Qwe Dl | 2026-02-03 | 6.4 Medium |
| QWE DL 2.0.1 mobile web application contains a persistent input validation vulnerability allowing remote attackers to inject malicious script code through path parameter manipulation. Attackers can exploit the vulnerability to execute persistent cross-site scripting attacks, potentially leading to session hijacking and application module manipulation. | ||||
| CVE-2026-1760 | 1 Redhat | 1 Enterprise Linux | 2026-02-03 | 5.3 Medium |
| A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially crafted requests, causing SoupServer to fail to close the connection as required by RFC 9112. This allows the attacker to smuggle additional requests over the persistent connection, leading to unintended request processing and potential denial-of-service (DoS) conditions. | ||||
| CVE-2025-13348 | 1 Asus | 1 Asus Business Manager | 2026-02-03 | N/A |
| An improper access control vulnerability exists in ASUS Secure Delete Driver of ASUS Business Manager. This vulnerability can be triggered by a local user sending a specially crafted request, potentially leading to the creation of arbitrary files in a specified path. Refer to the "Security Update for ASUS Business Manager" section on the ASUS Security Advisory for more information. | ||||
| CVE-2022-50951 | 1 Smarterdroid | 1 Wifi File Transfer | 2026-02-03 | 6.4 Medium |
| WiFi File Transfer 1.0.8 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through file and folder names. Attackers can exploit the web server's input validation weakness to execute arbitrary JavaScript when users preview infected file paths, potentially compromising user browser sessions. | ||||
| CVE-2021-47920 | 1 Webmo | 1 Job Manager | 2026-02-03 | 5.4 Medium |
| WebMO Job Manager 20.0 contains a cross-site scripting vulnerability in search parameters that allows remote attackers to inject malicious script code. Attackers can exploit the filterSearch and filterSearchType parameters to perform non-persistent attacks including session hijacking and external redirects. | ||||
| CVE-2021-47908 | 1 Thewebfosters | 1 Ultimate Pos | 2026-02-03 | 6.4 Medium |
| Ultimate POS 4.4 contains a persistent cross-site scripting vulnerability in the product name parameter that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability through product add or edit functions to execute arbitrary JavaScript and potentially hijack user sessions. | ||||
| CVE-2021-47856 | 1 Netart Media | 1 Easy Cart Shopping Cart | 2026-02-03 | 6.4 Medium |
| Easy Cart Shopping Cart 2021 contains a non-persistent cross-site scripting vulnerability in the search module's keyword parameter. Remote attackers can inject malicious script code through the search input to compromise user sessions and manipulate application content. | ||||
| CVE-2022-50952 | 1 Banco De Guayaquil | 1 Banco Guayaquil | 2026-02-03 | 6.4 Medium |
| Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cross-site scripting vulnerability in the TextBox Name Profile input. Attackers can inject malicious script code through a POST request that executes on application review without user interaction. | ||||
| CVE-2022-50950 | 1 Webile | 1 Webile | 2026-02-03 | 6.5 Medium |
| Webile 1.0.1 contains a directory traversal vulnerability that allows remote attackers to manipulate file system paths without authentication. Attackers can exploit path manipulation to access sensitive system directories and potentially compromise the mobile device's local file system. | ||||
| CVE-2022-50797 | 2 Halfdata, Wordpress | 2 Stripe Green Downloads, Wordpress | 2026-02-03 | 6.4 Medium |
| Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerability allowing remote attackers to inject malicious scripts in button label fields. Attackers can exploit input parameters to execute arbitrary scripts, potentially leading to session hijacking and application module manipulation. | ||||
| CVE-2021-47885 | 2 Authorize.net, Criticalgears | 3 Payment Terminal, Paypal Pro Payment Terminal, Stripe Payment Terminal | 2026-02-03 | 6.4 Medium |
| Multiple payment terminal versions contain non-persistent cross-site scripting vulnerabilities in billing and payment information input fields. Attackers can inject malicious script code through vulnerable parameters to manipulate client-side requests and potentially execute session hijacking or phishing attacks. | ||||
| CVE-2020-37061 | 1 Weird Solutions | 1 Bootpturbo | 2026-02-03 | 7.8 High |
| BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted executable path to inject malicious code that will be executed when the service starts with LocalSystem permissions. | ||||
| CVE-2020-37055 | 1 Enigmasoftware | 1 Spyhunter | 2026-02-03 | 7.8 High |
| SpyHunter 4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file system locations to gain elevated access during service startup. | ||||
| CVE-2020-37064 | 1 Epson | 1 Easymp | 2026-02-03 | 7.8 High |
| EPSON EasyMP Network Projection 2.81 contains an unquoted service path vulnerability in the EMP_NSWLSV service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\EPSON Projector\EasyMP Network Projection V2\ to inject malicious code that would execute with LocalSystem privileges. | ||||
| CVE-2020-37063 | 1 Weird Solutions | 1 Tftp Turbo | 2026-02-03 | 7.8 High |
| TFTP Turbo 4.6.1273 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions. | ||||
| CVE-2020-37062 | 1 Weird Solutions | 1 Dhcp Turbo | 2026-02-03 | 7.8 High |
| DHCP Turbo 4.61298 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can place malicious executables in the service path to gain elevated privileges when the service starts. | ||||
| CVE-2020-37034 | 1 Helloweb | 1 Helloweb | 2026-02-03 | 7.5 High |
| HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET requests to download.asp with directory traversal to access sensitive configuration and system files. | ||||
| CVE-2020-37033 | 1 Insite Software | 1 Infor Storefront B2b | 2026-02-03 | 8.2 High |
| Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usr_name' parameter in login requests. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'usr_name' parameter to potentially extract or modify database information. | ||||
| CVE-2020-37036 | 1 Mini-stream | 2 Mini-stream Rm Downloader, Rm Downloader | 2026-02-03 | 8.4 High |
| RM Downloader 2.50.60 contains a local buffer overflow vulnerability in the 'Load' parameter that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload with an egg hunter technique to bypass memory protections and execute commands like launching calc.exe. | ||||
| CVE-2020-37038 | 1 Codeblocks | 1 Code::blocks | 2026-02-03 | 7.5 High |
| Code Blocks 20.03 contains a denial of service vulnerability that allows attackers to crash the application by manipulating input in the FSymbols search field. Attackers can paste a large payload of 5000 repeated characters into the search field to trigger an application crash. | ||||