Total CVEs

141,272

Critical Severity

3,795

High Severity

13,729

Last 7 Days

1,898
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 11,961 - 11,980 of 13,424 CVEs
CVE-2025-14554 HIGH - 7.2

The Sell BTC - Cryptocurrency Selling Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'orderform_data' AJAX action in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthent...

Vendor: hayyatapps
Product: Sell BTC – Cryptocurrency Selling Calculator
Published: Jan 31, 2026
Source: NVD
CVE-2026-25156 HIGH - 7.3

HotCRP is conference review software. HotCRP versions from October 2025 through January 2026 delivered documents of all types with inline Content-Disposition, causing them to be rendered in the user’s browser rather than downloaded. (The intended behavior was for only `text/plain`, `application/pdf`...

Vendor: kohler
Product: hotcrp
Published: Jan 30, 2026
Source: NVD
CVE-2020-37057 HIGH - 8.2

Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract, modify, or delete datab...

Vendor: sunnygkp10
Product: Online-Exam-System
Published: Jan 30, 2026
Source: NVD
CVE-2020-37053 HIGH - 7.1

Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the vulnerability to extract user activation keys by using time-based blind SQL injection tech...

Vendor: Naviwebs S.C.
Product: Navigate CMS
Published: Jan 30, 2026
Source: NVD
CVE-2020-37051 HIGH - 8.2

Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes. Attackers can exploit the 'feed.php' endpoint by crafting malicious payload requests that use time delays to systematically enumer...

Vendor: sunnygkp10
Product: Online-Exam-System
Published: Jan 30, 2026
Source: NVD
CVE-2020-37049 HIGH - 8.4

Frigate 3.36.0.9 contains a local buffer overflow vulnerability in the Command Line input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload to overflow the buffer, bypass DEP, and execute commands like launching calc.exe through a specially crafted input ...

Vendor: WinFrigate
Product: Frigate 3 Professional
Published: Jan 30, 2026
Source: NVD
CVE-2020-37042 HIGH - 8.4

Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the 'Find Computer' feature that allows attackers to execute arbitrary code by overflowing the computer name input field. Attackers can craft a malicious payload that triggers a buffer overflow, enabling code e...

Vendor: WinFrigate
Product: Frigate 3 Professional
Published: Jan 30, 2026
Source: NVD
CVE-2020-37041 HIGH - 7.5

OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences (e.g., '../') in the URL. For example, requesting /static/css//../...

Vendor: Filigran
Product: OpenCTI
Published: Jan 30, 2026
Source: NVD
CVE-2020-37040 HIGH - 8.4

Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious file name with Unicode characters. Attackers can trigger the vulnerability by pasting a specially crafted payload into the file name field during project creation,...

Vendor: Code::Blocks
Product: Code::Blocks
Published: Jan 30, 2026
Source: NVD
CVE-2020-37039 HIGH - 7.5

Frigate 2.02 contains a denial of service vulnerability that allows attackers to crash the application by sending oversized input to the command line interface. Attackers can generate a payload of 8000 repeated characters and paste it into the application's command line field to trigger an appl...

Vendor: WinFrigate
Product: Frigate 2
Published: Jan 30, 2026
Source: NVD
CVE-2020-37038 HIGH - 7.5

Code Blocks 20.03 contains a denial of service vulnerability that allows attackers to crash the application by manipulating input in the FSymbols search field. Attackers can paste a large payload of 5000 repeated characters into the search field to trigger an application crash.

Vendor: Code::Blocks
Product: Code::Blocks
Published: Jan 30, 2026
Source: NVD
CVE-2020-37036 HIGH - 8.4

RM Downloader 2.50.60 contains a local buffer overflow vulnerability in the 'Load' parameter that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload with an egg hunter technique to bypass memory protections and execute commands like la...

Vendor: Mini-stream Software
Product: RM Downloader
Published: Jan 30, 2026
Source: NVD
CVE-2020-37035 HIGH - 8.2

e-Learning PHP Script 0.1.0 contains a SQL injection vulnerability in the search functionality that allows attackers to manipulate database queries through unvalidated user input. Attackers can inject malicious SQL code in the 'search' parameter to potentially extract, modify, or access se...

Vendor: amitkolloldey
Product: e-learning PHP Script
Published: Jan 30, 2026
Source: NVD
CVE-2020-37034 HIGH - 7.5

HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET requests to download.asp with directory traversal to access sensitive configuration and system files.

Vendor: HELLOWEB
Product: HelloWeb
Published: Jan 30, 2026
Source: NVD
CVE-2020-37033 HIGH - 8.2

Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usr_name' parameter in login requests. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'usr_name' parameter to potent...

Vendor: Insite Software
Product: Infor Storefront B2B
Published: Jan 30, 2026
Source: NVD
CVE-2020-37032 HIGH - 8.8

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the os.execut...

Vendor: Wing FTP Server
Product: Wing FTP Server
Published: Jan 30, 2026
Source: NVD
CVE-2020-37031 HIGH - 8.4

Simple Startup Manager 1.17 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory through the 'File' input parameter. Attackers can craft a malicious payload with 268 bytes to trigger code execution, bypassing DEP and overwriti...

Vendor: Ashkon Software
Product: Simple Startup Manager
Published: Jan 30, 2026
Source: NVD
CVE-2020-37029 HIGH - 8.4

FTPDummy 4.80 contains a local buffer overflow vulnerability in its preference file handling that allows attackers to execute arbitrary code. Attackers can craft a malicious preference file with carefully constructed shellcode to trigger a structured exception handler overwrite and execute system co...

Vendor: K.soft
Product: FTPDummy
Published: Jan 30, 2026
Source: NVD
CVE-2020-37028 HIGH - 8.4

Socusoft Photo to Video Converter Professional 8.07 contains a local buffer overflow vulnerability in the 'Output Folder' input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the output folder field to trigger a stack-based ...

Vendor: SOCUSOFT
Product: Photo to Video Converter Professional
Published: Jan 30, 2026
Source: NVD
CVE-2020-37025 HIGH - 8.4

Port Forwarding Wizard 4.8.0 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code through a long request in the Register feature. Attackers can craft a malicious payload with an egg tag and overwrite SEH handlers to potentially execute shellcode on vulnerabl...

Vendor: iForwarder and upRedSun Technologies, LLC.
Product: Port Forwarding Wizard
Published: Jan 30, 2026
Source: NVD