Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,844
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 12,201 - 12,220 of 13,433 CVEs
CVE-2020-36959 HIGH - 7.8

IDT PC Audio 1.0.6499.0 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the STacSV service to inject malicious code that would execute with LocalSystem account pe...

Vendor: IDT
Product: IDT PC Audio
Published: Jan 26, 2026
Source: NVD
CVE-2020-36958 HIGH - 7.8

Kite 1.2020.1119.0 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Kite\KiteService.exe' to inject malicious executables and es...

Vendor: Kite
Product: Kite
Published: Jan 26, 2026
Source: NVD
CVE-2020-36957 HIGH - 7.8

PDF Complete 3.5.310.2002 contains an unquoted service path vulnerability in its pdfsvc.exe service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges.

Vendor: Pdf-Complete
Product: PDF Complete
Published: Jan 26, 2026
Source: NVD
CVE-2020-36953 HIGH - 7.8

MiniTool ShadowMaker 3.2 contains an unquoted service path vulnerability in the MTAgentService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\MiniTool ShadowMaker\AgentService.exe' to inject malicious executab...

Vendor: Minitool
Product: MiniTool ShadowMaker
Published: Jan 26, 2026
Source: NVD
CVE-2025-67274 HIGH - 7.5

An issue in continuous.software aangine v.2025.2 allows a remote attacker to obtain sensitive information via the excel-integration-service template download module, integration-persistence-service job listing module, portfolio-item-service data retrieval module endpoints

Published: Jan 26, 2026
Source: NVD
CVE-2020-36952 HIGH - 7.8

IObit Uninstaller 10 Pro contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path in the IObit Uninstaller Service to insert malicious code that would execute with SYSTEM-level...

Vendor: Iobit
Product: IObit Uninstaller
Published: Jan 26, 2026
Source: NVD
CVE-2026-1284 HIGH - 7.8

An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS 2025 through Release SOLIDWORKS 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.

Published: Jan 26, 2026
Source: NVD
CVE-2026-1283 HIGH - 7.8

A Heap-based Buffer Overflow vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS 2025 through Release SOLIDWORKS 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.

Published: Jan 26, 2026
Source: NVD
CVE-2025-59106 HIGH - 8.8

The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands wi...

Vendor: dormakaba
Product: Access Manager 92xx-k7
Published: Jan 26, 2026
Source: NVD
CVE-2025-27821 HIGH - 7.3

Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client. This issue affects Apache Hadoop: from 3.2.0 before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.

Vendor: Apache Software Foundation
Product: HDFS native client
Published: Jan 26, 2026
Source: NVD
CVE-2026-1428 HIGH - 8.8

Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.

Published: Jan 26, 2026
Source: NVD
CVE-2026-1427 HIGH - 8.8

Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.

Published: Jan 26, 2026
Source: NVD
CVE-2026-1422 HIGH - 7.3

A vulnerability was found in code-projects Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login Page. Performing a manipulation of the argument User results in sql injection. The attack is possible to be carried out r...

Vendor: fabian
Product: online_examination_system
Published: Jan 26, 2026
Source: NVD
CVE-2025-14316 HIGH - 7.1

The AhaChat Messenger Marketing WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Vendor: Unknown
Product: AhaChat Messenger Marketing
Published: Jan 26, 2026
Source: NVD
CVE-2026-1420 HIGH - 8.8

A flaw has been found in Tenda AC23 16.03.07.52. This impacts an unknown function of the file /goform/WifiExtraSet. This manipulation of the argument wpapsk_crypto causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.

Vendor: tenda
Product: ac23_firmware
Published: Jan 26, 2026
Source: NVD
CVE-2026-1412 HIGH - 7.3

A vulnerability has been found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. The impacted element is an unknown function of the file /fort/audit/get_clip_img of the component HTTP POST Request Handler. Such manipulation of the argument frame/dirno leads to command inj...

Vendor: sangfor
Product: operation_and_maintenance_security_management_system
Published: Jan 26, 2026
Source: NVD
CVE-2020-36937 HIGH - 7.8

Microvirt MEMU Play 3.7.0 contains an unquoted service path vulnerability in the MEmusvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with elevated LocalSystem privil...

Vendor: Microvirt
Product: MEMU PLAY
Published: Jan 25, 2026
Source: NVD
CVE-2020-36936 HIGH - 7.8

Magic Mouse 2 Utilities 2.20 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path to inject malicious executables and gain elevated system privileges by placing a malicious file in the service path.

Vendor: Magic Utilities
Product: Magic Mouse 2 utilities
Published: Jan 25, 2026
Source: NVD
CVE-2020-36935 HIGH - 7.8

KMSpico 17.1.0.0 contains an unquoted service path vulnerability in the Service KMSELDI configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in C:\Program Files\KMSpico\Service_KMS.exe to inject malicious executables and esca...

Vendor: KMSpico
Product: Service KMSELDI
Published: Jan 25, 2026
Source: NVD
CVE-2020-36934 HIGH - 7.8

Deep Instinct Windows Agent 1.2.24.0 contains an unquoted service path vulnerability in the DeepNetworkService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepNetworkService.exe to inject mali...

Vendor: Deepinstinct
Product: Deep Instinct Windows Agent
Published: Jan 25, 2026
Source: NVD