Export limit exceeded: 349895 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 80247 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80247 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-50901 | 1 Wondershare | 1 Dr.fone | 2026-03-05 | 8.4 High |
| Wondershare Dr.Fone 11.4.9 contains an unquoted service path vulnerability in the DFWSIDService that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Wondershare\Wondershare Dr.Fone\ to inject malicious executables that would run with LocalSystem privileges. | ||||
| CVE-2022-50900 | 1 Wondershare | 1 Dr.fone | 2026-03-05 | 8.4 High |
| Wondershare Dr.Fone 12.0.18 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path to insert malicious code that will be executed with LocalSystem permissions during service startup. | ||||
| CVE-2021-47918 | 2 Simple-cms Project, Simplephpscripts | 3 Simple Cms, Simple Cms, Simple Cms Php | 2026-03-05 | 8.1 High |
| Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application. | ||||
| CVE-2021-47915 | 1 Phpsugar | 1 Php Melody | 2026-03-05 | 8.1 High |
| PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web application and database management system. | ||||
| CVE-2021-47814 | 2 Nsasoft, Nsauditor | 2 Nbmonitor, Nbmonitor | 2026-03-05 | 7.5 High |
| NBMonitor 1.6.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the registration code input field. Attackers can paste a 256-character buffer into the registration key field to trigger an application crash and potential system instability. | ||||
| CVE-2021-47810 | 1 Wibu | 1 Wibukey | 2026-03-05 | 7.8 High |
| WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\PROGRAM FILES (X86)\WIBUKEY\SERVER\WkSvW32.exe' to inject malicious executables and escalate privileges. | ||||
| CVE-2021-47809 | 2 Disksorter, Flexense | 2 Disk Sorter, Disk Sorter | 2026-03-05 | 7.8 High |
| Disk Sorter Enterprise 13.6.12 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Sorter Enterprise\bin\disksrs.exe' to inject malicious executables and escalate privileges. | ||||
| CVE-2021-47805 | 2 Disksavvy, Flexense | 3 Disk Savvy, Disksavvy Enterprise, Disksavvy | 2026-03-05 | 7.8 High |
| Disk Savvy 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries to inject malicious executables that will be run with elevated LocalSystem privileges. | ||||
| CVE-2021-47794 | 2 Zesle, Zeslecp | 2 Zeslecp, Zeslecp | 2026-03-05 | 8.8 High |
| ZesleCP 3.1.9 contains an authenticated remote code execution vulnerability that allows attackers to create malicious FTP accounts with shell injection payloads. Attackers can exploit the FTP account creation endpoint by injecting a reverse shell command that establishes a network connection to a specified listening host. | ||||
| CVE-2021-47793 | 2 Telegram, Telegram Desktop | 3 Telegram, Telegram Desktop, Telegram Desktop | 2026-03-05 | 7.5 High |
| Telegram Desktop 2.9.2 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized message payload. Attackers can generate a 9 million byte buffer and paste it into the messaging interface to trigger an application crash. | ||||
| CVE-2021-47788 | 1 Websitebaker | 1 Websitebaker | 2026-03-05 | 8.8 High |
| WebsiteBaker 2.13.0 contains an authenticated remote code execution vulnerability that allows users with language editing permissions to execute arbitrary code. Attackers can exploit the language installation endpoint by manipulating language installation parameters to achieve remote code execution on the server. | ||||
| CVE-2021-47780 | 2 Macro-expert, Macroexpert | 2 Macro Expert, Macroexpert | 2026-03-05 | 7.8 High |
| Macro Expert 4.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the improperly configured service path to inject malicious executables that will be run with LocalSystem permissions during service startup. | ||||
| CVE-2021-47758 | 1 Chikitsa | 1 Patient Management System | 2026-03-05 | 8.8 High |
| Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious PHP plugins through the module upload functionality. Authenticated attackers can generate and upload a ZIP plugin with a PHP backdoor that enables arbitrary command execution on the server through a weaponized PHP script. | ||||
| CVE-2021-47757 | 1 Chikitsa | 1 Patient Management System | 2026-03-05 | 8.8 High |
| Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability in the backup restoration functionality. Authenticated attackers can upload a modified backup zip file with a malicious PHP shell to execute arbitrary system commands on the server. | ||||
| CVE-2020-37199 | 2 Nsasoft, Nsauditor | 2 Nbmonitor, Nbmonitor | 2026-03-05 | 7.5 High |
| NBMonitor 1.6.6.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash. | ||||
| CVE-2020-37150 | 1 Edimax | 2 Ew-7438rpn Mini, Ew-7438rpn Mini Firmware | 2026-03-05 | 7.5 High |
| Edimax EW-7438RPn-v3 Mini 1.27 allows unauthenticated attackers to access the /wizard_reboot.asp page in unsetup mode, which discloses the Wi-Fi SSID and security key. Attackers can retrieve the wireless password by sending a GET request to this endpoint, exposing sensitive information without authentication. | ||||
| CVE-2020-37149 | 1 Edimax | 2 Ew-7438rpn Mini, Ew-7438rpn Mini Firmware | 2026-03-05 | 8.1 High |
| Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to cross-site request forgery (CSRF) that can lead to command execution. An attacker can trick an authenticated user into submitting a crafted form to the /goform/mp endpoint, resulting in arbitrary command execution on the device with the user's privileges. | ||||
| CVE-2020-37117 | 1 Jizhicms | 1 Jizhicms | 2026-03-05 | 8.8 High |
| jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated administrators to download arbitrary files. Attackers can exploit the vulnerability by sending crafted POST requests with malicious filepath and download_url parameters to trigger unauthorized file downloads. | ||||
| CVE-2020-37112 | 2 Gunet, Openeclass | 2 Open Eclass Platform, Openeclass | 2026-03-05 | 7.1 High |
| GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information using error-based or time-based injection techniques. | ||||
| CVE-2020-37110 | 3 60cyclecms Project, Davidvg, Opensourcecms | 3 60cyclecms, 60cyclecms, 60cyclecms | 2026-03-05 | 8.2 High |
| 60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows attackers to manipulate database queries through unvalidated user input. Attackers can exploit vulnerable query parameters like 'title' to inject malicious SQL code and potentially extract or modify database contents. This issue does not involve cross-site scripting. | ||||