Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,831
Quick preset (or use dates below)
Clear Filters
Showing 12,521 - 12,540 of 14,217 CVEs
CVE-2020-37021 HIGH - 7.8

10-Strike Bandwidth Monitor 3.9 contains an unquoted service path vulnerability in multiple services that allows local attackers to escalate privileges. Attackers can place a malicious executable in specific file path locations to achieve privilege escalation to SYSTEM during service startup.

Vendor: 10-Strike
Product: Bandwidth Monitor
Published: Jan 29, 2026
Source: NVD
CVE-2020-37020 HIGH - 7.8

SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe in the service path with a malicious executable to execute code with highest system privileges during...

Vendor: Sonarqube
Product: SonarQube
Published: Jan 29, 2026
Source: NVD
CVE-2020-37017 HIGH - 7.8

CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CodeMeter Runtime Server service to inject malicious code that would execute with LocalS...

Vendor: Wibu
Product: CodeMeter
Published: Jan 29, 2026
Source: NVD
CVE-2020-37016 HIGH - 7.8

BarcodeOCR 19.3.6 contains an unquoted service path vulnerability that allows local attackers to execute code with elevated privileges during system startup. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will run with LocalSystem privileges...

Vendor: Barcode-Ocr
Product: BarcodeOCR
Published: Jan 29, 2026
Source: NVD
CVE-2020-37015 HIGH - 7.5

Ruijie Networks Switch eWeb S29_RGOS 11.4 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by manipulating file path parameters. Attackers can exploit the /download.do endpoint with '../' sequences to retrieve system...

Vendor: Ruijienetworks
Product: Ruijie Networks Switch eWeb S29_RGOS
Published: Jan 29, 2026
Source: NVD
CVE-2020-37013 HIGH - 8.4

Audio Playback Recorder 3.2.2 contains a local buffer overflow vulnerability in the eject and registration parameters that allows attackers to execute arbitrary code. Attackers can craft malicious payloads and overwrite Structured Exception Handler (SEH) to execute shellcode when pasting specially c...

Vendor: Tucows Inc.
Product: Audio Playback Recorder
Published: Jan 29, 2026
Source: NVD
CVE-2020-37011 HIGH - 7.5

Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to trigger an out-of-bounds write by crafting a malicious TTF font file. Attackers can generate a specially crafted TTF file with an oversized pattern to cause an infinite malloc() loop and potentially crash the...

Vendor: GNOME
Product: Fonts Viewer
Published: Jan 29, 2026
Source: NVD
CVE-2020-37009 HIGH - 8.8

MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevated p...

Vendor: MedDream
Product: MedDream PACS Server
Published: Jan 29, 2026
Source: NVD
CVE-2020-37008 HIGH - 7.5

EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak input validation by injecting single quotes in ID parameters and modify admin user passwords without pr...

Vendor: Elektraweb
Product: EasyPMS
Published: Jan 29, 2026
Source: NVD
CVE-2020-37006 HIGH - 8.2

berliCRM 1.0.24 contains a SQL injection vulnerability in the 'src_record' parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through a crafted POST request to the index.php endpoint to potentially extract or modify database infor...

Vendor: crm-now GmbH
Product: berliCRM
Published: Jan 29, 2026
Source: NVD
CVE-2020-37005 HIGH - 7.1

TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the add_entry.php endpoint to determine user existence by measu...

Vendor: TimeClock Software
Product: TimeClock Software
Published: Jan 29, 2026
Source: NVD
CVE-2020-37004 HIGH - 8.2

Ultimate Project Manager CRM PRO 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tbl_users database table. Attackers can exploit the /frontend/get_article_suggestion/ endpoint by crafting malicious search parameters to progre...

Vendor: codexcube
Product: Ultimate Project Manager CRM PRO
Published: Jan 29, 2026
Source: NVD
CVE-2020-37001 HIGH - 8.4

Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the Pack File feature that allows attackers to execute arbitrary code by overflowing the 'Archive To' input field. Attackers can craft a malicious payload that overwrites the Structured Exception Handler (SEH) ...

Vendor: Frigate3
Product: Frigate Professional
Published: Jan 29, 2026
Source: NVD
CVE-2020-36999 HIGH - 8.2

Elaniin CMS 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard by manipulating the login page with SQL injection. Attackers can bypass authentication by sending crafted email and password parameters with '=''or' payload to login.php,...

Vendor: Elaniin
Product: Elaniin CMS
Published: Jan 29, 2026
Source: NVD
CVE-2020-36995 HIGH - 7.5

Mocha Telnet Lite for iOS 4.2 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the user configuration input. Attackers can overwrite the 'User' field with 350 bytes of repeated characters to trigger an application crash and prevent n...

Vendor: telnet-lite
Product: Mocha Telnet Lite for iOS
Published: Jan 29, 2026
Source: NVD
CVE-2026-1616 HIGH - 7.5

The $uri$args concatenation in nginx configuration file present in Open Security Issue Management (OSIM) prior v2025.9.0 allows path traversal attacks via query parameters.

Published: Jan 29, 2026
Source: NVD
CVE-2025-7016 HIGH - 8.0

Improper Access Control vulnerability in Akฤฑn Software Computer Import Export Industry and Trade Ltd. QR Menu allows Authentication Abuse.This issue affects QR Menu: before s1.05.12.

Published: Jan 29, 2026
Source: NVD
CVE-2025-14975 HIGH - 8.1

The Custom Login Page Customizer WordPress plugin before 2.5.4 does not have a proper password reset process, allowing a few unauthenticated requests to reset the password of any user by knowing their username, such as administrator ones, and therefore gain access to their account

Vendor: Unknown
Product: Custom Login Page Customizer
Published: Jan 29, 2026
Source: NVD
CVE-2026-1545 HIGH - 7.3

A weakness has been identified in itsourcecode School Management System 1.0. The affected element is an unknown function of the file /course/index.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been made available ...

Vendor: angeljudesuarez
Product: school_management_system
Published: Jan 28, 2026
Source: NVD
CVE-2026-24856 HIGH - 7.8

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Versions prior to 2.3.1.2 have an undefined behavior issue when floating-point NaN values are converted to unsigned short integer types during ICC profile XML ...

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Jan 28, 2026
Source: NVD