Total CVEs

141,492

Critical Severity

3,867

High Severity

13,899

Last 7 Days

1,646
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 12,861 - 12,880 of 13,594 CVEs
CVE-2021-47847 HIGH - 7.8

Disk Sorter Server 13.6.12 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Sorter Server\bin\disksrs.exe' to inject maliciou...

Vendor: Disksorter
Product: Disk Sorter Server
Published: Jan 16, 2026
Source: NVD
CVE-2021-47845 HIGH - 7.8

Spy Emergency 25.0.650 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted file paths in SpyEmergencyHealth.exe and SpyEmergencySrv.exe to inject malicious code ...

Vendor: Spy-Emergency
Product: Spy Emergency
Published: Jan 16, 2026
Source: NVD
CVE-2021-47842 HIGH - 7.2

StudyMD 0.3.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code execution...

Vendor: jotron
Product: StudyMD
Published: Jan 16, 2026
Source: NVD
CVE-2021-47840 HIGH - 7.2

Moeditor 0.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload specially crafted markdown files with embedded JavaScript that execute when opened, potentially enabling remote code execution on the ...

Vendor: Moeditor
Product: Moeditor
Published: Jan 16, 2026
Source: NVD
CVE-2021-47839 HIGH - 7.2

Marky 0.0.1 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code execution.

Vendor: vesparny
Product: Marky
Published: Jan 16, 2026
Source: NVD
CVE-2021-47838 HIGH - 7.2

Markright 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to embed malicious payloads in markdown files. Attackers can upload specially crafted markdown files that execute arbitrary JavaScript when opened, potentially enabling remote code execution on the victim�...

Vendor: dvcrn
Product: Markright
Published: Jan 16, 2026
Source: NVD
CVE-2021-47837 HIGH - 7.2

Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution.

Vendor: amitmerchant1990
Product: Markdownify
Published: Jan 16, 2026
Source: NVD
CVE-2021-47835 HIGH - 7.2

Freeter 1.2.1 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads in custom widget titles and files. Attackers can craft malicious files with embedded scripts that execute when victims interact with the application, potentially enabling remote c...

Vendor: Freeter
Product: Freeter
Published: Jan 16, 2026
Source: NVD
CVE-2021-47833 HIGH - 7.8

WifiHotSpot 1.0.0.0 contains an unquoted service path vulnerability in its WifiHotSpotService.exe that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSystem per...

Vendor: Gearboxcomputers
Product: WifiHotSpot
Published: Jan 16, 2026
Source: NVD
CVE-2021-47831 HIGH - 7.5

Sandboxie 5.49.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the container folder input field. Attackers can paste a large buffer of repeated characters into the Sandbox container folder setting to trigger an application crash.

Vendor: Sandboxie-Plus
Product: Sandboxie
Published: Jan 16, 2026
Source: NVD
CVE-2021-47829 HIGH - 7.8

DHCP Broadband 4.1.0.1503 contains an unquoted service path vulnerability in its service configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path in 'C:\Program Files\DHCP Broadband 4\dhcpt.exe' to inject malicious code tha...

Vendor: Weird-Solutions
Product: DHCP Broadband
Published: Jan 16, 2026
Source: NVD
CVE-2021-47828 HIGH - 7.8

BOOTP Turbo 2.0.0.1253 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path to execute arbitrary code with elevated LocalSystem privileges during system startup or reboot.

Vendor: Weird-Solutions
Product: BOOTP Turbo
Published: Jan 16, 2026
Source: NVD
CVE-2021-47827 HIGH - 7.5

WebSSH for iOS 14.16.10 contains a denial of service vulnerability in the mashREPL tool that allows attackers to crash the application by pasting malformed input. Attackers can trigger the vulnerability by copying a 300-character buffer of repeated 'A' characters into the mashREPL input fi...

Vendor: WebSSH
Product: WebSSH for iOS
Published: Jan 16, 2026
Source: NVD
CVE-2021-47826 HIGH - 7.8

Acer Backup Manager 3.0.0.99 contains an unquoted service path vulnerability in the NTI IScheduleSvc service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\NTI\Acer Backup Manager\ to inject malicious executables that ...

Vendor: Acer
Product: Acer Backup Manager Module
Published: Jan 16, 2026
Source: NVD
CVE-2021-47825 HIGH - 7.8

Acer Updater Service 1.2.3500.0 contains an unquoted service path vulnerability that allows local users to execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files\Acer\Acer Updater\ to inject malicious executables that will run with LocalSystem permi...

Vendor: Acer
Product: Acer Updater Service
Published: Jan 16, 2026
Source: NVD
CVE-2021-47824 HIGH - 7.5

iDailyDiary 4.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the preferences tab name field. Attackers can paste a 2,000,000 character buffer into the default diary tab name to trigger an application crash.

Vendor: Splinterware
Product: iDailyDiary
Published: Jan 16, 2026
Source: NVD
CVE-2021-47823 HIGH - 7.8

Acer ePowerSvc 6.0.3008.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem permissions...

Vendor: Acer
Product: ePowerSvc
Published: Jan 16, 2026
Source: NVD
CVE-2021-47822 HIGH - 7.8

DiskBoss Service 12.2.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path by placing malicious executables in potential path locations to gain system-level ac...

Vendor: Diskboss
Product: DiskBoss Service
Published: Jan 16, 2026
Source: NVD
CVE-2021-47821 HIGH - 7.5

RarmaRadio 2.72.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing network configuration fields with large character buffers. Attackers can generate a 100,000 character buffer and paste it into multiple network settings fields to trigger applic...

Vendor: Raimersoft
Product: RarmaRadio
Published: Jan 16, 2026
Source: NVD
CVE-2021-47818 HIGH - 7.5

DupTerminator 1.4.5639.37199 contains a denial of service vulnerability that allows attackers to crash the application by inputting a long character string in the Excluded text box. Attackers can generate a payload of 8000 repeated characters to trigger the application to stop working on Windows 10.

Vendor: dupterminator
Product: DupTerminator
Published: Jan 16, 2026
Source: NVD