Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,881
Quick preset (or use dates below)
Clear Filters
Showing 12,221 - 12,240 of 14,217 CVEs
CVE-2025-13192 HIGH - 8.2

The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to generic SQL Injection via the multiple REST API endpoints in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied paramet...

Vendor: roxnor
Product: Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers
Published: Feb 05, 2026
Source: NVD
CVE-2019-25288 HIGH - 7.8

Wacom WTabletService 6.6.7-3 contains an unquoted service path vulnerability that allows local attackers to execute malicious code with elevated privileges. Attackers can insert an executable file in the service path to run unauthorized code when the service restarts or the system reboots.

Vendor: Wacom
Product: Wacom WTabletService
Published: Feb 05, 2026
Source: NVD
CVE-2019-25287 HIGH - 7.8

Adaware Web Companion version 4.8.2078.3950 contains an unquoted service path vulnerability in the WCAssistantService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Lavasoft\Web Companion\Application\ to...

Vendor: Webcompanion
Product: Adaware Web Companion version
Published: Feb 05, 2026
Source: NVD
CVE-2019-25286 HIGH - 7.8

GCafé 3.0 contains an unquoted service path vulnerability in the gbClientService that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be run with Loca...

Vendor: Gcafe
Product: _GCafé
Published: Feb 05, 2026
Source: NVD
CVE-2019-25285 HIGH - 7.8

Alps Pointing-device Controller 8.1202.1711.04 contains an unquoted service path vulnerability in the ApHidMonitorService that allows local attackers to execute code with elevated privileges. Attackers can place a malicious executable in the service path and gain system-level access when the service...

Vendor: Alps
Product: device Controller
Published: Feb 05, 2026
Source: NVD
CVE-2019-25283 HIGH - 7.8

Shrew Soft VPN Client 2.2.2 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can place malicious executables in the unquoted service path to gain elevated access during service startup or system reboot.

Vendor: shrew
Product: Shrew Soft VPN Client
Published: Feb 05, 2026
Source: NVD
CVE-2019-25281 HIGH - 7.8

NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted paths in services like ncprwsnt, rwsrsu, ncpclcfg, and NcpSec to inject malicious code that would...

Vendor: ncp-e
Product: NCP_Secure_Entry_Client
Published: Feb 05, 2026
Source: NVD
CVE-2019-25276 HIGH - 7.8

Studio 5000 Logix Designer 30.01.00 contains an unquoted service path vulnerability in the FactoryTalk Activation Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Rockwell Software\FactoryTalk Acti...

Vendor: Rockwellautomation
Product: Studio
Published: Feb 05, 2026
Source: NVD
CVE-2019-25275 HIGH - 7.8

BartVPN 1.2.2 contains an unquoted service path vulnerability in the BartVPNService that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations to ...

Vendor: FileHorse
Product: BartVPN
Published: Feb 05, 2026
Source: NVD
CVE-2019-25274 HIGH - 7.8

ProShow Producer 9.0.3797 contains an unquoted service path vulnerability in the ScsiAccess service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during se...

Vendor: Photodex
Product: ProShow Producer
Published: Feb 05, 2026
Source: NVD
CVE-2019-25273 HIGH - 7.8

Easy-Hide-IP 5.0.0.3 contains an unquoted service path vulnerability in the EasyRedirect service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe' to inject malicious executable...

Vendor: Easy-Hide-Ip
Product: IP
Published: Feb 05, 2026
Source: NVD
CVE-2019-25272 HIGH - 7.8

TexasSoft CyberPlanet 6.4.131 contains an unquoted service path vulnerability in the CCSrvProxy service that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\TenaxSoft\CyberPlanet\SrvProxy.exe' to inject malicious executab...

Vendor: Tenaxsoft
Product: TexasSoft CyberPlanet
Published: Feb 05, 2026
Source: NVD
CVE-2019-25271 HIGH - 7.8

NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific directory locations.

Vendor: NETGATE
Product: Data Backup
Published: Feb 05, 2026
Source: NVD
CVE-2019-25269 HIGH - 7.8

Amiti Antivirus 25.0.640 contains an unquoted service path vulnerability in its Windows service configurations. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges by placing executable files in specific directory locations.

Vendor: Netgate
Product: Amiti Antivirus
Published: Feb 05, 2026
Source: NVD
CVE-2019-25267 HIGH - 7.8

Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that will be launched w...

Vendor: Wftpserver
Product: Wing FTP Server
Published: Feb 05, 2026
Source: NVD
CVE-2026-25585 HIGH - 7.8

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a vulnerability IccCmm.cpp:5793 when reading through index during ICC profile processing. The malformed ICC profile triggers...

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Feb 04, 2026
Source: NVD
CVE-2026-22038 HIGH - 8.1

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.46, the AutoGPT platform's Stagehand integration blocks log API keys and authentication secrets in plaintext using...

Vendor: Significant-Gravitas
Product: AutoGPT
Published: Feb 04, 2026
Source: NVD
CVE-2026-25584 HIGH - 7.8

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a stack-buffer-overflow vulnerability in CIccTagFloatNum<>::GetValues(). This is triggered when processing a malformed...

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Feb 04, 2026
Source: NVD
CVE-2026-25583 HIGH - 7.8

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow vulnerability in CIccFileIO::Read8() when processing malformed ICC profile files via unchecked fread ...

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Feb 04, 2026
Source: NVD
CVE-2026-25582 HIGH - 7.8

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow (read) vulnerability in CIccIO::WriteUInt16Float() when converting malformed XML to ICC profiles via ...

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Feb 04, 2026
Source: NVD