Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,619
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 13,061 - 13,080 of 13,618 CVEs
CVE-2022-50937 HIGH - 7.2

Ametys CMS v4.4.1 contains a persistent cross-site scripting vulnerability in the link directory's input fields for external links. Attackers can inject malicious script code in link text and descriptions to execute persistent attacks that compromise user sessions and manipulate application mod...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50936 HIGH - 8.8

WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by craftin...

Vendor: wbce
Product: wbce_cms
Published: Jan 13, 2026
Source: NVD
CVE-2022-50933 HIGH - 8.4

Cain & Abel 4.9.56 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions.

Published: Jan 13, 2026
Source: NVD
CVE-2022-50932 HIGH - 7.5

Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files by manipulating file paths under the /js/ path. Attackers can exploit the issue by sending requests like /js/../../../../.../etc/passwd%00.jpg (n...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50931 HIGH - 8.4

TeamSpeak 3.5.6 contains an insecure file permissions vulnerability that allows local attackers to replace executable files with malicious binaries. Attackers can replace system executables like ts3client_win32.exe with custom files to potentially gain SYSTEM or Administrator-level access.

Published: Jan 13, 2026
Source: NVD
CVE-2022-50930 HIGH - 8.4

Emerson PAC Machine Edition 9.80 contains an unquoted service path vulnerability in the TrapiServer service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute w...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50929 HIGH - 8.4

Connectify Hotspot 2018 contains an unquoted service path vulnerability in its ConnectifyService executable that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Connectify\ConnectifyService.exe' to inject mali...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50928 HIGH - 8.4

BlueSoleilCS 5.4.277 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in 'C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe' to i...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50924 HIGH - 8.4

Private Internet Access 3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50923 HIGH - 8.4

Cobian Backup 0.9 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CobianReflectorService to inject malicious code that will execute with LocalSystem permissions du...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50921 HIGH - 8.4

WOW21 5.0.1.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions during se...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50920 HIGH - 8.4

Sandboxie-Plus 5.50.2 contains an unquoted service path vulnerability in the SbieSvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during s...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50918 HIGH - 8.4

VIVE Runtime Service 1.0.0.4 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific system directories to gain LocalSystem access du...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50917 HIGH - 8.4

ProtonVPN 1.26.0 contains an unquoted service path vulnerability in its WireGuard service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path by placing malicious executables in specific file system locations to gain elevated privi...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50916 HIGH - 7.2

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators to override server files through the Media Manager import functionality. Attackers can exploit the upload mechanism by manipulating the upload URL parameter to overwrite existing files like top.php i...

Vendor: e107
Product: e107
Published: Jan 13, 2026
Source: NVD
CVE-2022-50915 HIGH - 8.4

PTPublisher 2.3.4 contains an unquoted service path vulnerability in the PTProtect service that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Primera Technology\PTPublisher\UsbFlashDongle...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50914 HIGH - 8.4

EaseUS Data Recovery 15.1.0.0 contains an unquoted service path vulnerability in the EaseUS UPDATE SERVICE executable. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges.

Published: Jan 13, 2026
Source: NVD
CVE-2022-50913 HIGH - 8.4

ITeC ITeCProteccioAppServer contains an unquoted service path vulnerability that allows local attackers to execute code with elevated system privileges. Attackers can insert a malicious executable in the service path to gain elevated access during service restart or system reboot.

Published: Jan 13, 2026
Source: NVD
CVE-2022-50910 HIGH - 7.5

Beehive Forum 1.5.2 contains a host header injection vulnerability in the forgot password functionality that allows attackers to manipulate password reset requests. Attackers can inject a malicious host header to intercept password reset tokens and change victim account passwords without direct auth...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50909 HIGH - 8.8

Algo 8028 Control Panel version 3.3.3 contains a command injection vulnerability in the fm-data.lua endpoint that allows authenticated attackers to execute arbitrary commands. Attackers can exploit the insecure 'source' parameter by injecting commands that are executed with root privileges...

Published: Jan 13, 2026
Source: NVD