Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,659
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 12,541 - 12,560 of 13,433 CVEs
CVE-2021-47879 HIGH - 7.8

eBeam Interactive Suite 3.6 contains an unquoted service path vulnerability in the eBeam Stylus Driver service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Luidia\eBeam Stylus Driver\ to inject malicio...

Vendor: Luidia
Product: eBeam Interactive Suite
Published: Jan 21, 2026
Source: NVD
CVE-2021-47878 HIGH - 7.8

eBeam Education Suite 2.5.0.9 contains an unquoted service path vulnerability in the eBeam Device Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute wit...

Vendor: Luidia
Product: eBeam Education Suite
Published: Jan 21, 2026
Source: NVD
CVE-2021-47877 HIGH - 7.5

GeoGebra Graphing Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer. Attackers can generate a payload of 8000 repeated characters to overwhelm the input field and cause the application to become unresponsiv...

Vendor: GeoGebra
Product: GeoGebra Graphing Calculato‪r‬
Published: Jan 21, 2026
Source: NVD
CVE-2021-47876 HIGH - 7.5

GeoGebra Classic 5.0.631.0-d contains a denial of service vulnerability in the input field that allows attackers to crash the application by sending oversized buffer content. Attackers can generate a large buffer of 800,000 repeated characters and paste it into the 'Entrada:' input field t...

Vendor: GeoGebra
Product: GeoGebra Classic
Published: Jan 21, 2026
Source: NVD
CVE-2021-47874 HIGH - 7.8

VFS for Git 1.0.21014.1 contains an unquoted service path vulnerability in the GVFS.Service Windows service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem priv...

Vendor: Vfsforgit
Product: VFS for Git
Published: Jan 21, 2026
Source: NVD
CVE-2021-47873 HIGH - 7.2

VestaCP versions prior to 0.9.8-25 contain a cross-site scripting vulnerability in the IP interface configuration that allows attackers to inject malicious scripts. Attackers can exploit the 'v_interface' parameter by sending a crafted POST request to the add/ip/ endpoint with a stored XSS...

Vendor: VestaCP
Product: VestaCP
Published: Jan 21, 2026
Source: NVD
CVE-2021-47872 HIGH - 7.1

SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'order_col' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information...

Vendor: SEO Panel
Product: SEO Panel
Published: Jan 21, 2026
Source: NVD
CVE-2021-47871 HIGH - 8.8

Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the ser...

Vendor: Hestia Control Panel
Product: Hestia Control Panel
Published: Jan 21, 2026
Source: NVD
CVE-2021-47869 HIGH - 7.8

Brother BRAdmin Professional 3.75 contains an unquoted service path vulnerability in the BRA_Scheduler service that allows local users to potentially execute arbitrary code. Attackers can place a malicious executable named 'BRAdmin' in the C:\Program Files (x86)\Brother\ directory to gain ...

Vendor: Brother Industries, Ltd.
Product: BRAdmin Professional
Published: Jan 21, 2026
Source: NVD
CVE-2021-47868 HIGH - 7.8

WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the WPCommandFileService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files <x86>\WINPAKPRO\WPCommandFileService Service.exe to inject mali...

Vendor: Honeywell
Product: WIN-PACK PRO
Published: Jan 21, 2026
Source: NVD
CVE-2021-47867 HIGH - 7.8

WIN-PACK PRO4.8 contains an unquoted service path vulnerability in the ScheduleService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in 'C:\Program Files <x86>\WINPAKPRO\ScheduleService Service.exe' to inj...

Vendor: Security
Product: Winpakpro
Published: Jan 21, 2026
Source: NVD
CVE-2021-47866 HIGH - 7.8

WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the GuardTourService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files <x86>\WINPAKPRO\WP GuardTour Service.exe to inject malicious...

Vendor: Honeywell
Product: WIN-PACK PRO
Published: Jan 21, 2026
Source: NVD
CVE-2021-47865 HIGH - 7.5

ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access.

Vendor: ProFTPD
Product: ProFTPD
Published: Jan 21, 2026
Source: NVD
CVE-2021-47864 HIGH - 7.8

OSAS Traverse Extension 11 contains an unquoted service path vulnerability in the TravExtensionHostSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to inject and execute malicious code by placing executable files in the service's path, potentially gaining...

Vendor: OSAS
Product: OSAS Traverse Extension
Published: Jan 21, 2026
Source: NVD
CVE-2021-47863 HIGH - 7.8

MacPaw Encrypto 1.0.1 contains an unquoted service path vulnerability in its Encrypto Service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Encrypto\ to inject malicious executables and escalate privileges...

Vendor: MacPaw Way Ltd.
Product: Encrypto
Published: Jan 21, 2026
Source: NVD
CVE-2021-47862 HIGH - 7.8

Hi-Rez Studios 5.1.6.3 contains an unquoted service path vulnerability in the HiPatchService that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSystem permissi...

Vendor: HI-REZ STUDIOS
Product: HiPatchService
Published: Jan 21, 2026
Source: NVD
CVE-2021-47861 HIGH - 7.8

Event Log Explorer 4.9.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file system locations that will be exec...

Vendor: FSPro Labs
Product: Event Log Explorer
Published: Jan 21, 2026
Source: NVD
CVE-2021-47859 HIGH - 7.8

ActivIdentity 8.2 contains an unquoted service path vulnerability in the ac.sharedstore service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in C:\Program Files\Common Files\ActivIdentity\ to inject malicious executables and escala...

Vendor: HID Global
Product: ActivIdentity
Published: Jan 21, 2026
Source: NVD
CVE-2021-47858 HIGH - 7.2

Genexis Platinum-4410 P4410-V2-1.31A contains a stored cross-site scripting vulnerability in the 'start_addr' parameter of the Security Management interface. Attackers can inject malicious scripts through the start source address field that will persist and trigger for privileged users whe...

Vendor: Genexis
Product: Platinum-4410
Published: Jan 21, 2026
Source: NVD
CVE-2021-47857 HIGH - 7.2

Moodle 3.10.3 contains a persistent cross-site scripting vulnerability in the calendar event subtitle field that allows attackers to inject malicious scripts. Attackers can craft a calendar event with malicious JavaScript in the subtitle track label to execute arbitrary code when users view the even...

Vendor: Moodle
Product: Moodle
Published: Jan 21, 2026
Source: NVD