Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,917
Quick preset (or use dates below)
Clear Filters
Showing 13,141 - 13,160 of 14,327 CVEs
CVE-2021-47866 HIGH - 7.8

WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the GuardTourService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files <x86>\WINPAKPRO\WP GuardTour Service.exe to inject malicious...

Vendor: Honeywell
Product: WIN-PACK PRO
Published: Jan 21, 2026
Source: NVD
CVE-2021-47865 HIGH - 7.5

ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access.

Vendor: ProFTPD
Product: ProFTPD
Published: Jan 21, 2026
Source: NVD
CVE-2021-47864 HIGH - 7.8

OSAS Traverse Extension 11 contains an unquoted service path vulnerability in the TravExtensionHostSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to inject and execute malicious code by placing executable files in the service's path, potentially gaining...

Vendor: OSAS
Product: OSAS Traverse Extension
Published: Jan 21, 2026
Source: NVD
CVE-2021-47863 HIGH - 7.8

MacPaw Encrypto 1.0.1 contains an unquoted service path vulnerability in its Encrypto Service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Encrypto\ to inject malicious executables and escalate privileges...

Vendor: MacPaw Way Ltd.
Product: Encrypto
Published: Jan 21, 2026
Source: NVD
CVE-2021-47862 HIGH - 7.8

Hi-Rez Studios 5.1.6.3 contains an unquoted service path vulnerability in the HiPatchService that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSystem permissi...

Vendor: HI-REZ STUDIOS
Product: HiPatchService
Published: Jan 21, 2026
Source: NVD
CVE-2021-47861 HIGH - 7.8

Event Log Explorer 4.9.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file system locations that will be exec...

Vendor: FSPro Labs
Product: Event Log Explorer
Published: Jan 21, 2026
Source: NVD
CVE-2021-47859 HIGH - 7.8

ActivIdentity 8.2 contains an unquoted service path vulnerability in the ac.sharedstore service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in C:\Program Files\Common Files\ActivIdentity\ to inject malicious executables and escala...

Vendor: HID Global
Product: ActivIdentity
Published: Jan 21, 2026
Source: NVD
CVE-2021-47858 HIGH - 7.2

Genexis Platinum-4410 P4410-V2-1.31A contains a stored cross-site scripting vulnerability in the 'start_addr' parameter of the Security Management interface. Attackers can inject malicious scripts through the start source address field that will persist and trigger for privileged users whe...

Vendor: Genexis
Product: Platinum-4410
Published: Jan 21, 2026
Source: NVD
CVE-2021-47857 HIGH - 7.2

Moodle 3.10.3 contains a persistent cross-site scripting vulnerability in the calendar event subtitle field that allows attackers to inject malicious scripts. Attackers can craft a calendar event with malicious JavaScript in the subtitle track label to execute arbitrary code when users view the even...

Vendor: Moodle
Product: Moodle
Published: Jan 21, 2026
Source: NVD
CVE-2021-47855 HIGH - 7.2

Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. Attackers can craft a payload in the Notes field during listener configuration that will execute when an administrator clicks on th...

Vendor: LiteSpeed Technologies
Product: OpenLiteSpeed
Published: Jan 21, 2026
Source: NVD
CVE-2021-47853 HIGH - 8.8

phpPgAdmin 7.13.0 contains a remote command execution vulnerability that allows authenticated attackers to execute arbitrary system commands through SQL query manipulation. Attackers can create a custom table, upload a malicious .txt file, and use the COPY FROM PROGRAM command to execute operating s...

Vendor: phppgadmin
Product: phpPgAdmin
Published: Jan 21, 2026
Source: NVD
CVE-2021-47852 HIGH - 8.8

Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vulnerability that allows authenticated users to modify the service executable with weak permissions. Attackers can replace the RockstarService.exe with a malicious binary to create a new administrator user and gain elevated system a...

Vendor: Rockstar Games
Product: Rockstar Games Launcher
Published: Jan 21, 2026
Source: NVD
CVE-2021-47850 HIGH - 7.5

Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote attackers to access arbitrary system files and directories through crafted HTTP requests. Attackers can retrieve sensitive files like win.ini and list contents of system directories such as C:\Users\Public by manipulating fi...

Vendor: Yodinfo
Product: Mini Mouse
Published: Jan 21, 2026
Source: NVD
CVE-2021-47848 HIGH - 8.2

Blitar Tourism 1.0 contains an authentication bypass vulnerability that allows attackers to bypass login by injecting SQL code through the username parameter. Attackers can manipulate the login request by sending a crafted username with SQL injection techniques to gain unauthorized administrative ac...

Vendor: satndy
Product: Aplikasi-Biro-Travel
Published: Jan 21, 2026
Source: NVD
CVE-2021-47846 HIGH - 8.2

Digital Crime Report Management System 1.0 contains a critical SQL injection vulnerability affecting multiple login pages that allows unauthenticated attackers to bypass authentication. Attackers can exploit the vulnerability by sending crafted SQL injection payloads in email and password parameters...

Vendor: I Want Source Codes
Product: Digital Crime Report Management System
Published: Jan 21, 2026
Source: NVD
CVE-2021-47802 HIGH - 7.5

Tenda D151 and D301 routers contain an unauthenticated configuration download vulnerability that allows remote attackers to retrieve router configuration files. Attackers can send a request to /goform/getimage endpoint to download configuration data including admin credentials without authentication...

Vendor: Shenzhen Tenda Technology Co.,Ltd.
Product: Tenda D151 & D301
Published: Jan 21, 2026
Source: NVD
CVE-2021-47770 HIGH - 8.8

OpenPLC v3 contains an authenticated remote code execution vulnerability that allows attackers with valid credentials to inject malicious code through the hardware configuration interface. Attackers can upload a custom hardware layer with embedded reverse shell code that establishes a network connec...

Vendor: Autonomy
Product: OpenPLC
Published: Jan 21, 2026
Source: NVD
CVE-2021-47746 HIGH - 7.5

NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. Attackers with admin access can craft file upload requests with directory traversal to overwrite system files by manipu...

Vendor: NodeBB
Product: NodeBB Plugin Emoji
Published: Jan 21, 2026
Source: NVD
CVE-2025-70648 HIGH - 7.5

Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_727F4 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Vendor: n/a
Product: n/a
Published: Jan 21, 2026
Source: NVD
CVE-2025-70646 HIGH - 7.5

Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub_72290 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Vendor: n/a
Product: n/a
Published: Jan 21, 2026
Source: NVD