Export limit exceeded: 80263 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80263 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-37084 | 1 Arox | 1 School Erp Pro | 2026-03-05 | 7.2 High |
| School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the server. | ||||
| CVE-2020-37053 | 1 Naviwebs | 1 Navigate Cms | 2026-03-05 | 7.1 High |
| Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the vulnerability to extract user activation keys by using time-based blind SQL injection techniques, potentially enabling password reset for administrative accounts. | ||||
| CVE-2020-37041 | 2 Citeum, Opencti-platform | 2 Opencti, Opencti | 2026-03-05 | 7.5 High |
| OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences (e.g., '../') in the URL. For example, requesting /static/css//../../../../../../../../etc/passwd returns the contents of /etc/passwd. This vulnerability was discovered by Raif Berkay Dincel and confirmed on Linux Mint and Windows 10. | ||||
| CVE-2020-37032 | 1 Wftpserver | 1 Wing Ftp Server | 2026-03-05 | 8.8 High |
| Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the os.execute() function. | ||||
| CVE-2020-36972 | 1 Smartdatasoft | 1 Smartblog | 2026-03-05 | 8.2 High |
| SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'id_post' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare character-by-character of database information. | ||||
| CVE-2020-36969 | 1 Tildeslash | 2 M\/monit, Monit | 2026-03-05 | 8.8 High |
| M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standard user account. | ||||
| CVE-2020-36947 | 1 Librenms | 1 Librenms | 2026-03-05 | 7.1 High |
| LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL injection techniques to retrieve sensitive database contents through time-based blind SQL injection. | ||||
| CVE-2020-36930 | 1 Flexense | 1 Sysgauge | 2026-03-05 | 7.8 High |
| SysGauge Server 7.9.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\SysGauge Server\bin\sysgaus.exe' to inject malicious executables and escalate privileges. | ||||
| CVE-2020-36927 | 1 Flexense | 1 Diskpulse | 2026-03-05 | 7.8 High |
| DiskPulse Enterprise 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Pulse Enterprise\bin\diskpls.exe' to inject malicious executables and escalate privileges. | ||||
| CVE-2019-25395 | 1 Smoothwall | 2 Smoothwall, Smoothwall Express | 2026-03-05 | 7.2 High |
| Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple stored cross-site scripting vulnerabilities in the preferences.cgi script that allow attackers to inject malicious scripts through the HOSTNAME, KEYMAP, and OPENNESS parameters. Attackers can submit POST requests with script payloads to preferences.cgi to store malicious code that executes in the browsers of users accessing the preferences page. | ||||
| CVE-2019-25394 | 1 Smoothwall | 2 Smoothwall, Smoothwall Express | 2026-03-05 | 7.2 High |
| Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple stored cross-site scripting vulnerabilities in the modem.cgi script that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted payloads in parameters like INIT, HANGUP, SPEAKER_ON, SPEAKER_OFF, TONE_DIAL, and PULSE_DIAL to execute arbitrary JavaScript in users' browsers when the stored data is retrieved. | ||||
| CVE-2019-25379 | 1 Smoothwall | 2 Smoothwall, Smoothwall Express | 2026-03-05 | 7.2 High |
| Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains stored and reflected cross-site scripting vulnerabilities in the urlfilter.cgi endpoint that allow attackers to inject malicious scripts. Attackers can submit POST requests with script payloads in the REDIRECT_PAGE or CHILDREN parameters to execute arbitrary JavaScript in user browsers. | ||||
| CVE-2019-25355 | 1 Genivia | 1 Gsoap | 2026-03-05 | 7.5 High |
| gSOAP 2.8 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP path traversal techniques. Attackers can retrieve sensitive files like /etc/passwd by sending crafted GET requests with multiple '../' directory traversal sequences. | ||||
| CVE-2019-25344 | 1 Wondershare | 2 Mobilego, Mobiletrans | 2026-03-05 | 7.8 High |
| Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executable files in the application directory. Attackers can replace the original MobileGo.exe with a malicious executable to create a new user account and add it to the Administrators group with full system access. | ||||
| CVE-2019-25340 | 1 Nsasoft | 2 Nsauditor Spotauditor, Spotauditor | 2026-03-05 | 7.5 High |
| SpotAuditor 5.3.2 contains a denial of service vulnerability in its Base64 decryption feature that allows attackers to crash the application by supplying an oversized buffer. Attackers can generate a malformed input file with 2000 repeated characters to trigger an application crash when pasted into the Base64 Encrypted Password field. | ||||
| CVE-2019-25336 | 1 Nsasoft | 2 Nsauditor Spotauditor, Spotauditor | 2026-03-05 | 8.4 High |
| SpotAuditor 5.3.2 contains a local buffer overflow vulnerability in the Base64 Encrypted Password tool that allows attackers to execute arbitrary code by crafting a malicious payload. Attackers can generate a specially crafted Base64 encoded payload to trigger a Structured Exception Handler (SEH) overwrite and execute shellcode on the vulnerable system. | ||||
| CVE-2019-25308 | 2 Litemanager Team, Mikogo | 2 Mikogo, Mikogo | 2026-03-05 | 7.8 High |
| Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific path locations. | ||||
| CVE-2019-25267 | 1 Wftpserver | 1 Wing Ftp Server | 2026-03-05 | 7.8 High |
| Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions. | ||||
| CVE-2019-25261 | 1 Anydesk | 1 Anydesk | 2026-03-05 | 7.8 High |
| AnyDesk 5.4.0 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially inject malicious executables. Attackers can exploit the unquoted binary path to place malicious files in service executable locations, potentially gaining elevated system privileges. | ||||
| CVE-2025-63909 | 1 Cohesity | 2 Tranzman, Tranzman Migration Appliance | 2026-03-05 | 7.2 High |
| Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers to escalate privileges to root and read and write arbitrary files. | ||||