Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,883
Quick preset (or use dates below)
Clear Filters
Showing 13,341 - 13,360 of 14,327 CVEs
CVE-2021-47812 HIGH - 7.5

GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce parameter to inject base64-encoded payloads and create malicious custom jobs with sys...

Vendor: Getgrav
Product: GravCMS
Published: Jan 16, 2026
Source: NVD
CVE-2021-47811 HIGH - 8.2

Grocery Crud 1.6.4 contains a SQL injection vulnerability in the order_by parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the order_by[] parameter in POST requests to the ajax_list endpoint to potentially extract or modify databa...

Vendor: Grocerycrud
Product: Grocery crud
Published: Jan 16, 2026
Source: NVD
CVE-2021-47810 HIGH - 7.8

WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\PROGRAM FILES (X86)\WIBUKEY\SERVER\WkSvW32.exe' to inject malicious executables ...

Vendor: Wibu
Product: WibuKey Runtime
Published: Jan 16, 2026
Source: NVD
CVE-2021-47809 HIGH - 7.8

Disk Sorter Enterprise 13.6.12 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Sorter Enterprise\bin\disksrs.exe' to inj...

Vendor: Disksorter
Product: Disk Sorter Enterprise
Published: Jan 16, 2026
Source: NVD
CVE-2021-47808 HIGH - 7.2

Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page.

Vendor: cotonti.com
Product: Cotonti Siena
Published: Jan 16, 2026
Source: NVD
CVE-2021-47807 HIGH - 7.8

Sync Breeze 13.6.18 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries located in 'Program Files' directories to inject malicious...

Vendor: Syncbreeze
Product: Sync Breeze
Published: Jan 16, 2026
Source: NVD
CVE-2021-47806 HIGH - 7.8

Dup Scout 13.5.28 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Dup Scout Server\bin\dupscts.exe' to inject malicious execu...

Vendor: Dupscout
Product: Dup Scout
Published: Jan 16, 2026
Source: NVD
CVE-2021-47805 HIGH - 7.8

Disk Savvy 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries to inject malicious executables that will be run with elevated LocalS...

Vendor: flexense
Product: disksavvy
Published: Jan 16, 2026
Source: NVD
CVE-2021-47804 HIGH - 7.8

Wise Care 365 5.6.7.568 contains an unquoted service path vulnerability in the WiseBootAssistant service running with LocalSystem privileges. Attackers can exploit this by inserting a malicious executable in the service path, which will execute with elevated system privileges when the service restar...

Vendor: Wisecleaner
Product: Wise Care
Published: Jan 16, 2026
Source: NVD
CVE-2021-47803 HIGH - 7.8

iFunbox 4.2 contains an unquoted service path vulnerability in the Apple Mobile Device Service that allows local attackers to execute code with elevated privileges. Attackers can insert a malicious executable into the unquoted service path to run with LocalSystem privileges when the service restarts...

Vendor: I-Funbox
Product: iFunbox
Published: Jan 16, 2026
Source: NVD
CVE-2021-47801 HIGH - 8.2

Vianeos OctoPUS 5 contains a time-based blind SQL injection vulnerability in the 'login_user' parameter during authentication requests. Attackers can exploit this vulnerability by crafting malicious POST requests with specially constructed SQL payloads that trigger database sleep functions...

Vendor: Vianeos
Product: Vianeos OctoPUS
Published: Jan 16, 2026
Source: NVD
CVE-2021-47797 HIGH - 7.5

Leawo Prof. Media 11.0.0.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized payload in the activation keycode field. Attackers can generate a 6000-byte buffer of repeated characters to trigger an application crash when pasted into th...

Vendor: Leawo
Product: Leawo Prof. Media
Published: Jan 16, 2026
Source: NVD
CVE-2021-47794 HIGH - 8.8

ZesleCP 3.1.9 contains an authenticated remote code execution vulnerability that allows attackers to create malicious FTP accounts with shell injection payloads. Attackers can exploit the FTP account creation endpoint by injecting a reverse shell command that establishes a network connection to a sp...

Vendor: zesle
Product: zeslecp
Published: Jan 16, 2026
Source: NVD
CVE-2021-47793 HIGH - 7.5

Telegram Desktop 2.9.2 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized message payload. Attackers can generate a 9 million byte buffer and paste it into the messaging interface to trigger an application crash.

Vendor: Telegram
Product: Telegram Desktop
Published: Jan 16, 2026
Source: NVD
CVE-2021-47792 HIGH - 7.8

Remote Mouse 4.002 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the RemoteMouseService to inject malicious executables and gain administrative access.

Vendor: Remotemouse
Product: Remote Mouse
Published: Jan 16, 2026
Source: NVD
CVE-2021-47791 HIGH - 7.5

SmartFTP Client 10.0.2909.0 contains multiple denial of service vulnerabilities that allow attackers to crash the application through specific input manipulation. Attackers can trigger crashes by entering malformed paths, using invalid IP addresses, or clearing connection history in the client'...

Vendor: Smartftp
Product: SmartFTP Client
Published: Jan 16, 2026
Source: NVD
CVE-2021-47790 HIGH - 7.8

Active WebCam 11.5 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path by placing malicious executables in specific directory locations to gain administrative acces...

Vendor: Pysoft
Product: Active WebCam
Published: Jan 16, 2026
Source: NVD
CVE-2021-47789 HIGH - 7.5

Yenkee Hornet Gaming Mouse driver GM312Fltr.sys contains a buffer overrun vulnerability that allows attackers to crash the system by sending oversized input. Attackers can exploit the driver by sending a 2000-byte buffer through DeviceIoControl to trigger a kernel-level system crash.

Vendor: Yenkee
Product: Yenkee Hornet Gaming Mouse
Published: Jan 16, 2026
Source: NVD
CVE-2021-47788 HIGH - 8.8

WebsiteBaker 2.13.0 contains an authenticated remote code execution vulnerability that allows users with language editing permissions to execute arbitrary code. Attackers can exploit the language installation endpoint by manipulating language installation parameters to achieve remote code execution ...

Vendor: Websitebaker
Product: WebsiteBaker
Published: Jan 16, 2026
Source: NVD
CVE-2021-47787 HIGH - 7.8

TotalAV 5.15.69 contains an unquoted service path vulnerability in multiple system services running with LocalSystem privileges. Attackers can place malicious executables in specific unquoted path segments to potentially gain SYSTEM-level access by exploiting the service path configuration.

Vendor: Totalav
Product: TotalAV
Published: Jan 16, 2026
Source: NVD