Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,840
Quick preset (or use dates below)
Clear Filters
Showing 13,461 - 13,480 of 14,327 CVEs
CVE-2023-54331 HIGH - 8.4

Outline 1.6.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the OutlineService executable to inject malicious code that will be executed with LocalS...

Published: Jan 13, 2026
Source: NVD
CVE-2023-53984 HIGH - 8.4

Clevo HotKey Clipboard 2.1.0.6 contains an unquoted service path vulnerability in the HKClipSvc service that allows local non-privileged users to potentially execute code with system privileges. Attackers can exploit the misconfigured service path to inject and execute arbitrary code by placing mali...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50939 HIGH - 7.2

e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. The vulnerability exists in the Media Manager's remote URL upload functionality (image.php) where the upload_caption parameter...

Vendor: e107
Product: e107
Published: Jan 13, 2026
Source: NVD
CVE-2022-50938 HIGH - 8.4

CONTPAQi AdminPAQ 14.0.0 contains an unquoted service path vulnerability in the AppKeyLicenseServer service running with LocalSystem privileges. Attackers can exploit the unquoted path to inject malicious code in the service binary path, potentially executing arbitrary code with elevated system priv...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50937 HIGH - 7.2

Ametys CMS v4.4.1 contains a persistent cross-site scripting vulnerability in the link directory's input fields for external links. Attackers can inject malicious script code in link text and descriptions to execute persistent attacks that compromise user sessions and manipulate application mod...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50936 HIGH - 8.8

WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by craftin...

Vendor: wbce
Product: wbce_cms
Published: Jan 13, 2026
Source: NVD
CVE-2022-50933 HIGH - 8.4

Cain & Abel 4.9.56 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions.

Published: Jan 13, 2026
Source: NVD
CVE-2022-50932 HIGH - 7.5

Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files by manipulating file paths under the /js/ path. Attackers can exploit the issue by sending requests like /js/../../../../.../etc/passwd%00.jpg (n...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50931 HIGH - 8.4

TeamSpeak 3.5.6 contains an insecure file permissions vulnerability that allows local attackers to replace executable files with malicious binaries. Attackers can replace system executables like ts3client_win32.exe with custom files to potentially gain SYSTEM or Administrator-level access.

Published: Jan 13, 2026
Source: NVD
CVE-2022-50930 HIGH - 8.4

Emerson PAC Machine Edition 9.80 contains an unquoted service path vulnerability in the TrapiServer service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute w...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50929 HIGH - 8.4

Connectify Hotspot 2018 contains an unquoted service path vulnerability in its ConnectifyService executable that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Connectify\ConnectifyService.exe' to inject mali...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50928 HIGH - 8.4

BlueSoleilCS 5.4.277 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in 'C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe' to i...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50924 HIGH - 8.4

Private Internet Access 3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50923 HIGH - 8.4

Cobian Backup 0.9 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CobianReflectorService to inject malicious code that will execute with LocalSystem permissions du...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50921 HIGH - 8.4

WOW21 5.0.1.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions during se...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50920 HIGH - 8.4

Sandboxie-Plus 5.50.2 contains an unquoted service path vulnerability in the SbieSvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during s...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50918 HIGH - 8.4

VIVE Runtime Service 1.0.0.4 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific system directories to gain LocalSystem access du...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50917 HIGH - 8.4

ProtonVPN 1.26.0 contains an unquoted service path vulnerability in its WireGuard service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path by placing malicious executables in specific file system locations to gain elevated privi...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50916 HIGH - 7.2

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators to override server files through the Media Manager import functionality. Attackers can exploit the upload mechanism by manipulating the upload URL parameter to overwrite existing files like top.php i...

Vendor: e107
Product: e107
Published: Jan 13, 2026
Source: NVD
CVE-2022-50915 HIGH - 8.4

PTPublisher 2.3.4 contains an unquoted service path vulnerability in the PTProtect service that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Primera Technology\PTPublisher\UsbFlashDongle...

Published: Jan 13, 2026
Source: NVD