Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,850
Quick preset (or use dates below)
Clear Filters
Showing 12,441 - 12,460 of 14,217 CVEs
CVE-2020-37048 HIGH - 7.8

Iskysoft Application Framework Service 2.4.3.241 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that would be ...

Vendor: Iskysoft
Product: Iskysoft Application Framework Service
Published: Feb 01, 2026
Source: NVD
CVE-2020-37047 HIGH - 7.8

Deep Instinct Windows Agent 1.2.29.0 contains an unquoted service path vulnerability in the DeepMgmtService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepMgmtService.exe to inject malicious ...

Vendor: Deepinstinct
Product: Deep Instinct Windows Agent
Published: Feb 01, 2026
Source: NVD
CVE-2020-37045 HIGH - 7.8

Veritas NetBackup 7.0 contains an unquoted service path vulnerability in the NetBackup INET Daemon service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Veritas\NetBackup\bin\bpinetd.exe to inject malicious code that would ...

Vendor: Veritas
Product: NetBackup
Published: Feb 01, 2026
Source: NVD
CVE-2020-37037 HIGH - 7.8

Avast SecureLine 5.5.522.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem account pe...

Vendor: Avast
Product: AVAST SecureLine
Published: Feb 01, 2026
Source: NVD
CVE-2021-47918 HIGH - 8.1

Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application.

Vendor: Simplephpscripts
Product: Simple CMS
Published: Feb 01, 2026
Source: NVD
CVE-2021-47916 HIGH - 8.1

Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application.

Vendor: Simplephpscripts
Product: Simple CMS
Published: Feb 01, 2026
Source: NVD
CVE-2021-47915 HIGH - 8.1

PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web...

Vendor: PHPSUGAR
Product: PHP Melody
Published: Feb 01, 2026
Source: NVD
CVE-2021-47909 HIGH - 8.1

Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer, vendor, and order modules. Remote attackers with privileged vendor or admin roles can exploit the 'id' parameter to execute malicious SQL commands and compromise the database management system.

Vendor: Techraft
Product: Digital Multivendor Marketplace Online Store
Published: Feb 01, 2026
Source: NVD
CVE-2025-14554 HIGH - 7.2

The Sell BTC - Cryptocurrency Selling Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'orderform_data' AJAX action in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthent...

Vendor: hayyatapps
Product: Sell BTC – Cryptocurrency Selling Calculator
Published: Jan 31, 2026
Source: NVD
CVE-2026-25156 HIGH - 7.3

HotCRP is conference review software. HotCRP versions from October 2025 through January 2026 delivered documents of all types with inline Content-Disposition, causing them to be rendered in the user’s browser rather than downloaded. (The intended behavior was for only `text/plain`, `application/pdf`...

Vendor: kohler
Product: hotcrp
Published: Jan 30, 2026
Source: NVD
CVE-2020-37057 HIGH - 8.2

Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract, modify, or delete datab...

Vendor: sunnygkp10
Product: Online-Exam-System
Published: Jan 30, 2026
Source: NVD
CVE-2020-37053 HIGH - 7.1

Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the vulnerability to extract user activation keys by using time-based blind SQL injection tech...

Vendor: Naviwebs S.C.
Product: Navigate CMS
Published: Jan 30, 2026
Source: NVD
CVE-2020-37051 HIGH - 8.2

Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes. Attackers can exploit the 'feed.php' endpoint by crafting malicious payload requests that use time delays to systematically enumer...

Vendor: sunnygkp10
Product: Online-Exam-System
Published: Jan 30, 2026
Source: NVD
CVE-2020-37049 HIGH - 8.4

Frigate 3.36.0.9 contains a local buffer overflow vulnerability in the Command Line input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload to overflow the buffer, bypass DEP, and execute commands like launching calc.exe through a specially crafted input ...

Vendor: WinFrigate
Product: Frigate 3 Professional
Published: Jan 30, 2026
Source: NVD
CVE-2020-37042 HIGH - 8.4

Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the 'Find Computer' feature that allows attackers to execute arbitrary code by overflowing the computer name input field. Attackers can craft a malicious payload that triggers a buffer overflow, enabling code e...

Vendor: WinFrigate
Product: Frigate 3 Professional
Published: Jan 30, 2026
Source: NVD
CVE-2020-37041 HIGH - 7.5

OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences (e.g., '../') in the URL. For example, requesting /static/css//../...

Vendor: Filigran
Product: OpenCTI
Published: Jan 30, 2026
Source: NVD
CVE-2020-37040 HIGH - 8.4

Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious file name with Unicode characters. Attackers can trigger the vulnerability by pasting a specially crafted payload into the file name field during project creation,...

Vendor: Code::Blocks
Product: Code::Blocks
Published: Jan 30, 2026
Source: NVD
CVE-2020-37039 HIGH - 7.5

Frigate 2.02 contains a denial of service vulnerability that allows attackers to crash the application by sending oversized input to the command line interface. Attackers can generate a payload of 8000 repeated characters and paste it into the application's command line field to trigger an appl...

Vendor: WinFrigate
Product: Frigate 2
Published: Jan 30, 2026
Source: NVD
CVE-2020-37038 HIGH - 7.5

Code Blocks 20.03 contains a denial of service vulnerability that allows attackers to crash the application by manipulating input in the FSymbols search field. Attackers can paste a large payload of 5000 repeated characters into the search field to trigger an application crash.

Vendor: Code::Blocks
Product: Code::Blocks
Published: Jan 30, 2026
Source: NVD
CVE-2020-37036 HIGH - 8.4

RM Downloader 2.50.60 contains a local buffer overflow vulnerability in the 'Load' parameter that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload with an egg hunter technique to bypass memory protections and execute commands like la...

Vendor: Mini-stream Software
Product: RM Downloader
Published: Jan 30, 2026
Source: NVD