Total CVEs

141,492

Critical Severity

3,867

High Severity

13,899

Last 7 Days

1,606
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 12,921 - 12,940 of 13,594 CVEs
CVE-2021-47804 HIGH - 7.8

Wise Care 365 5.6.7.568 contains an unquoted service path vulnerability in the WiseBootAssistant service running with LocalSystem privileges. Attackers can exploit this by inserting a malicious executable in the service path, which will execute with elevated system privileges when the service restar...

Vendor: Wisecleaner
Product: Wise Care
Published: Jan 16, 2026
Source: NVD
CVE-2021-47803 HIGH - 7.8

iFunbox 4.2 contains an unquoted service path vulnerability in the Apple Mobile Device Service that allows local attackers to execute code with elevated privileges. Attackers can insert a malicious executable into the unquoted service path to run with LocalSystem privileges when the service restarts...

Vendor: I-Funbox
Product: iFunbox
Published: Jan 16, 2026
Source: NVD
CVE-2021-47801 HIGH - 8.2

Vianeos OctoPUS 5 contains a time-based blind SQL injection vulnerability in the 'login_user' parameter during authentication requests. Attackers can exploit this vulnerability by crafting malicious POST requests with specially constructed SQL payloads that trigger database sleep functions...

Vendor: Vianeos
Product: Vianeos OctoPUS
Published: Jan 16, 2026
Source: NVD
CVE-2021-47797 HIGH - 7.5

Leawo Prof. Media 11.0.0.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized payload in the activation keycode field. Attackers can generate a 6000-byte buffer of repeated characters to trigger an application crash when pasted into th...

Vendor: Leawo
Product: Leawo Prof. Media
Published: Jan 16, 2026
Source: NVD
CVE-2021-47794 HIGH - 8.8

ZesleCP 3.1.9 contains an authenticated remote code execution vulnerability that allows attackers to create malicious FTP accounts with shell injection payloads. Attackers can exploit the FTP account creation endpoint by injecting a reverse shell command that establishes a network connection to a sp...

Vendor: zesle
Product: zeslecp
Published: Jan 16, 2026
Source: NVD
CVE-2021-47793 HIGH - 7.5

Telegram Desktop 2.9.2 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized message payload. Attackers can generate a 9 million byte buffer and paste it into the messaging interface to trigger an application crash.

Vendor: Telegram
Product: Telegram Desktop
Published: Jan 16, 2026
Source: NVD
CVE-2021-47792 HIGH - 7.8

Remote Mouse 4.002 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the RemoteMouseService to inject malicious executables and gain administrative access.

Vendor: Remotemouse
Product: Remote Mouse
Published: Jan 16, 2026
Source: NVD
CVE-2021-47791 HIGH - 7.5

SmartFTP Client 10.0.2909.0 contains multiple denial of service vulnerabilities that allow attackers to crash the application through specific input manipulation. Attackers can trigger crashes by entering malformed paths, using invalid IP addresses, or clearing connection history in the client'...

Vendor: Smartftp
Product: SmartFTP Client
Published: Jan 16, 2026
Source: NVD
CVE-2021-47790 HIGH - 7.8

Active WebCam 11.5 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path by placing malicious executables in specific directory locations to gain administrative acces...

Vendor: Pysoft
Product: Active WebCam
Published: Jan 16, 2026
Source: NVD
CVE-2021-47789 HIGH - 7.5

Yenkee Hornet Gaming Mouse driver GM312Fltr.sys contains a buffer overrun vulnerability that allows attackers to crash the system by sending oversized input. Attackers can exploit the driver by sending a 2000-byte buffer through DeviceIoControl to trigger a kernel-level system crash.

Vendor: Yenkee
Product: Yenkee Hornet Gaming Mouse
Published: Jan 16, 2026
Source: NVD
CVE-2021-47788 HIGH - 8.8

WebsiteBaker 2.13.0 contains an authenticated remote code execution vulnerability that allows users with language editing permissions to execute arbitrary code. Attackers can exploit the language installation endpoint by manipulating language installation parameters to achieve remote code execution ...

Vendor: Websitebaker
Product: WebsiteBaker
Published: Jan 16, 2026
Source: NVD
CVE-2021-47787 HIGH - 7.8

TotalAV 5.15.69 contains an unquoted service path vulnerability in multiple system services running with LocalSystem privileges. Attackers can place malicious executables in specific unquoted path segments to potentially gain SYSTEM-level access by exploiting the service path configuration.

Vendor: Totalav
Product: TotalAV
Published: Jan 16, 2026
Source: NVD
CVE-2021-47786 HIGH - 7.5

Redragon Gaming Mouse driver contains a kernel-level vulnerability that allows attackers to trigger a denial of service by sending malformed IOCTL requests. Attackers can send a crafted 2000-byte buffer with specific byte patterns to the REDRAGON_MOUSE device to crash the kernel driver.

Vendor: Redragon
Product: Redragon Gaming Mouse
Published: Jan 16, 2026
Source: NVD
CVE-2021-47782 HIGH - 8.2

Odine Solutions GateKeeper 1.0 contains a SQL injection vulnerability in the trafficCycle API endpoint that allows remote attackers to inject malicious database queries. Attackers can exploit the vulnerability by sending crafted payloads to the /rass/api/v1/trafficCycle/ endpoint to manipulate Postg...

Vendor: Odinesolutions
Product: Odine Solutions GateKeeper
Published: Jan 16, 2026
Source: NVD
CVE-2021-47780 HIGH - 7.8

Macro Expert 4.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the improperly configured service path to inject malicious executables that will be run with LocalSystem permissions d...

Vendor: macro-expert
Product: macro_expert
Published: Jan 16, 2026
Source: NVD
CVE-2021-47779 HIGH - 7.2

Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. Attackers can craft a specially designed ticket message with embedded JavaScript that triggers when an administrator copies the text...

Vendor: Dolibarr
Product: CRM
Published: Jan 16, 2026
Source: NVD
CVE-2021-47756 HIGH - 8.4

Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escalation vulnerability that allows users to modify the valet command with root privileges. Attackers can edit the symlinked valet command to execute arbitrary code with root permissions without additional authentication.

Vendor: Laravel
Product: Laravel Valet
Published: Jan 16, 2026
Source: NVD
CVE-2020-36930 HIGH - 7.8

SysGauge Server 7.9.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\SysGauge Server\bin\sysgaus.exe' to inject malicious execu...

Vendor: Sysgauge
Product: SysGauge
Published: Jan 16, 2026
Source: NVD
CVE-2020-36929 HIGH - 7.8

Brother BRPrint Auditor 3.0.7 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted file paths in BrAuSvc and BRPA_Agent services to inject malicious executables and ...

Vendor: Support
Product: Brother BRPrint Auditor
Published: Jan 16, 2026
Source: NVD
CVE-2020-36928 HIGH - 7.8

Brother BRAgent 1.38 contains an unquoted service path vulnerability in the WBA_Agent_Client service running with LocalSystem privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Brother\BRAgent\ to inject and execute malicious code with elevated system permissions.

Vendor: Brother
Product: Brother BRAgent
Published: Jan 16, 2026
Source: NVD