Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,917
Quick preset (or use dates below)
Clear Filters
Showing 13,121 - 13,140 of 14,327 CVEs
CVE-2025-68134 HIGH - 7.4

EVerest is an EV charging software stack. Prior to version 2025.10.0, the use of the `assert` function to handle errors frequently causes the module to crash. This is particularly critical because the manager shuts down all other modules and exits when any one of them terminates, leading to a denial...

Vendor: EVerest
Product: everest-core
Published: Jan 21, 2026
Source: NVD
CVE-2025-66960 HIGH - 7.5

An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata

Vendor: n/a
Product: n/a
Published: Jan 21, 2026
Source: NVD
CVE-2025-66959 HIGH - 7.5

An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder

Vendor: n/a
Product: n/a
Published: Jan 21, 2026
Source: NVD
CVE-2021-47887 HIGH - 7.8

OKI Print Job Accounting 4.4.10 contains an unquoted service path vulnerability in the OkiJaSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Okidata\Print Job Accounting\' to inject malicious executa...

Vendor: OKI
Product: Print Job Accounting
Published: Jan 21, 2026
Source: NVD
CVE-2021-47886 HIGH - 7.8

Pingzapper 2.3.1 contains an unquoted service path vulnerability in the PingzapperSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Pingzapper\PZService.exe' to inject malicious executables and ...

Vendor: Fyrolabs LLC.
Product: Pingzapper
Published: Jan 21, 2026
Source: NVD
CVE-2021-47884 HIGH - 7.8

OKI Configuration Tool 1.6.53 contains an unquoted service path vulnerability in the OKI Local Port Manager service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Okidata\Common\extend3\portmgrsrv.exe' to inje...

Vendor: OKI
Product: Configuration Tool
Published: Jan 21, 2026
Source: NVD
CVE-2021-47883 HIGH - 7.8

Sandboxie Plus 0.7.2 contains an unquoted service path vulnerability in the SbieSvc service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions during s...

Vendor: Sandboxie-Plus
Product: Sandboxie Plus
Published: Jan 21, 2026
Source: NVD
CVE-2021-47882 HIGH - 7.8

FreeLAN 2.2 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated LocalSystem privileges during ser...

Vendor: FreeLAN
Product: FreeLAN
Published: Jan 21, 2026
Source: NVD
CVE-2021-47880 HIGH - 7.8

Realtek Wireless LAN Utility 700.1631 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path by inserting malicious code in the system root path that would execute during app...

Vendor: Realtek Semiconductor Corp.
Product: Realtek Wireless LAN Utility
Published: Jan 21, 2026
Source: NVD
CVE-2021-47879 HIGH - 7.8

eBeam Interactive Suite 3.6 contains an unquoted service path vulnerability in the eBeam Stylus Driver service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Luidia\eBeam Stylus Driver\ to inject malicio...

Vendor: Luidia
Product: eBeam Interactive Suite
Published: Jan 21, 2026
Source: NVD
CVE-2021-47878 HIGH - 7.8

eBeam Education Suite 2.5.0.9 contains an unquoted service path vulnerability in the eBeam Device Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute wit...

Vendor: Luidia
Product: eBeam Education Suite
Published: Jan 21, 2026
Source: NVD
CVE-2021-47877 HIGH - 7.5

GeoGebra Graphing Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer. Attackers can generate a payload of 8000 repeated characters to overwhelm the input field and cause the application to become unresponsiv...

Vendor: GeoGebra
Product: GeoGebra Graphing Calculato‪r‬
Published: Jan 21, 2026
Source: NVD
CVE-2021-47876 HIGH - 7.5

GeoGebra Classic 5.0.631.0-d contains a denial of service vulnerability in the input field that allows attackers to crash the application by sending oversized buffer content. Attackers can generate a large buffer of 800,000 repeated characters and paste it into the 'Entrada:' input field t...

Vendor: GeoGebra
Product: GeoGebra Classic
Published: Jan 21, 2026
Source: NVD
CVE-2021-47874 HIGH - 7.8

VFS for Git 1.0.21014.1 contains an unquoted service path vulnerability in the GVFS.Service Windows service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem priv...

Vendor: Vfsforgit
Product: VFS for Git
Published: Jan 21, 2026
Source: NVD
CVE-2021-47873 HIGH - 7.2

VestaCP versions prior to 0.9.8-25 contain a cross-site scripting vulnerability in the IP interface configuration that allows attackers to inject malicious scripts. Attackers can exploit the 'v_interface' parameter by sending a crafted POST request to the add/ip/ endpoint with a stored XSS...

Vendor: VestaCP
Product: VestaCP
Published: Jan 21, 2026
Source: NVD
CVE-2021-47872 HIGH - 7.1

SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'order_col' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information...

Vendor: SEO Panel
Product: SEO Panel
Published: Jan 21, 2026
Source: NVD
CVE-2021-47871 HIGH - 8.8

Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the ser...

Vendor: Hestia Control Panel
Product: Hestia Control Panel
Published: Jan 21, 2026
Source: NVD
CVE-2021-47869 HIGH - 7.8

Brother BRAdmin Professional 3.75 contains an unquoted service path vulnerability in the BRA_Scheduler service that allows local users to potentially execute arbitrary code. Attackers can place a malicious executable named 'BRAdmin' in the C:\Program Files (x86)\Brother\ directory to gain ...

Vendor: Brother Industries, Ltd.
Product: BRAdmin Professional
Published: Jan 21, 2026
Source: NVD
CVE-2021-47868 HIGH - 7.8

WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the WPCommandFileService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files <x86>\WINPAKPRO\WPCommandFileService Service.exe to inject mali...

Vendor: Honeywell
Product: WIN-PACK PRO
Published: Jan 21, 2026
Source: NVD
CVE-2021-47867 HIGH - 7.8

WIN-PACK PRO4.8 contains an unquoted service path vulnerability in the ScheduleService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in 'C:\Program Files <x86>\WINPAKPRO\ScheduleService Service.exe' to inj...

Vendor: Security
Product: Winpakpro
Published: Jan 21, 2026
Source: NVD