Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,850
Quick preset (or use dates below)
Clear Filters
Showing 12,461 - 12,480 of 14,217 CVEs
CVE-2020-37035 HIGH - 8.2

e-Learning PHP Script 0.1.0 contains a SQL injection vulnerability in the search functionality that allows attackers to manipulate database queries through unvalidated user input. Attackers can inject malicious SQL code in the 'search' parameter to potentially extract, modify, or access se...

Vendor: amitkolloldey
Product: e-learning PHP Script
Published: Jan 30, 2026
Source: NVD
CVE-2020-37034 HIGH - 7.5

HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET requests to download.asp with directory traversal to access sensitive configuration and system files.

Vendor: HELLOWEB
Product: HelloWeb
Published: Jan 30, 2026
Source: NVD
CVE-2020-37033 HIGH - 8.2

Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usr_name' parameter in login requests. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'usr_name' parameter to potent...

Vendor: Insite Software
Product: Infor Storefront B2B
Published: Jan 30, 2026
Source: NVD
CVE-2020-37032 HIGH - 8.8

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the os.execut...

Vendor: Wing FTP Server
Product: Wing FTP Server
Published: Jan 30, 2026
Source: NVD
CVE-2020-37031 HIGH - 8.4

Simple Startup Manager 1.17 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory through the 'File' input parameter. Attackers can craft a malicious payload with 268 bytes to trigger code execution, bypassing DEP and overwriti...

Vendor: Ashkon Software
Product: Simple Startup Manager
Published: Jan 30, 2026
Source: NVD
CVE-2020-37029 HIGH - 8.4

FTPDummy 4.80 contains a local buffer overflow vulnerability in its preference file handling that allows attackers to execute arbitrary code. Attackers can craft a malicious preference file with carefully constructed shellcode to trigger a structured exception handler overwrite and execute system co...

Vendor: K.soft
Product: FTPDummy
Published: Jan 30, 2026
Source: NVD
CVE-2020-37028 HIGH - 8.4

Socusoft Photo to Video Converter Professional 8.07 contains a local buffer overflow vulnerability in the 'Output Folder' input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the output folder field to trigger a stack-based ...

Vendor: SOCUSOFT
Product: Photo to Video Converter Professional
Published: Jan 30, 2026
Source: NVD
CVE-2020-37025 HIGH - 8.4

Port Forwarding Wizard 4.8.0 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code through a long request in the Register feature. Attackers can craft a malicious payload with an egg tag and overwrite SEH handlers to potentially execute shellcode on vulnerabl...

Vendor: iForwarder and upRedSun Technologies, LLC.
Product: Port Forwarding Wizard
Published: Jan 30, 2026
Source: NVD
CVE-2020-37024 HIGH - 8.4

Nidesoft DVD Ripper 5.2.18 contains a local buffer overflow vulnerability in the License Code registration parameter that allows attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the License Code field to trigger a stack-based buffer overflow and execute ...

Vendor: Nidesoft Studio
Product: Nidesoft DVD Ripper
Published: Jan 30, 2026
Source: NVD
CVE-2020-37023 HIGH - 8.8

Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with system command execution capabilities by manipulating the file upload request through a web proxy and ...

Vendor: Koken
Product: Koken CMS
Published: Jan 30, 2026
Source: NVD
CVE-2026-25153 HIGH - 7.7

Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, when TechDocs is configured with `runIn: local`, a malicious actor who ...

Vendor: backstage
Product: backstage
Published: Jan 30, 2026
Source: NVD
CVE-2025-36384 HIGH - 8.4

IBM Db2 for Windows 12.1.0 - 12.1.3 could allow a local user with filesystem access to escalate their privileges due to the use of an unquoted search path element.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Jan 30, 2026
Source: NVD
CVE-2025-36184 HIGH - 7.2

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 could allow an instance owner to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Jan 30, 2026
Source: NVD
CVE-2025-69662 HIGH - 8.6

SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database.

Vendor: pip
Product: geopandas
Published: Jan 30, 2026
Source: NVD
CVE-2025-62348 HIGH - 7.8

Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process.

Vendor: Salt Project
Product: Salt
Published: Jan 30, 2026
Source: NVD
CVE-2026-1701 HIGH - 7.3

A security vulnerability has been detected in itsourcecode Student Management System 1.0. This issue affects some unknown processing of the file /enrollment/index.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disc...

Published: Jan 30, 2026
Source: NVD
CVE-2026-1689 HIGH - 7.3

A vulnerability was detected in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. The impacted element is the function checkUserFromLanOrWan of the file /boaform/admin/formLogin of the component Login Interface. The manipulation of the argument Host results in command injection. The attack can be laun...

Published: Jan 30, 2026
Source: NVD
CVE-2020-37060 HIGH - 7.8

Atomic Alarm Clock 6.3 contains a local privilege escalation vulnerability in its service configuration that allows attackers to execute arbitrary code with SYSTEM privileges. Attackers can exploit the unquoted service path by placing a malicious executable named 'Program.exe' to gain pers...

Vendor: Drive-Software
Product: Atomic Alarm Clock x86
Published: Jan 30, 2026
Source: NVD
CVE-2020-37059 HIGH - 7.8

Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can insert malicious executables in Program Files (x86) or system root directories to be executed with SYSTEM-level perm...

Vendor: Getpopcorntime
Product: Popcorn Time
Published: Jan 30, 2026
Source: NVD
CVE-2020-37058 HIGH - 7.8

Andrea ST Filters Service 1.0.64.7 contains an unquoted service path vulnerability in its Windows service configuration. Local attackers can exploit the unquoted path to inject malicious code that will execute with elevated LocalSystem privileges during service startup.

Vendor: Andrea Electronics
Product: Andrea ST Filters Service
Published: Jan 30, 2026
Source: NVD