Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,830
Quick preset (or use dates below)
Clear Filters
Showing 13,481 - 13,500 of 14,327 CVEs
CVE-2022-50914 HIGH - 8.4

EaseUS Data Recovery 15.1.0.0 contains an unquoted service path vulnerability in the EaseUS UPDATE SERVICE executable. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges.

Published: Jan 13, 2026
Source: NVD
CVE-2022-50913 HIGH - 8.4

ITeC ITeCProteccioAppServer contains an unquoted service path vulnerability that allows local attackers to execute code with elevated system privileges. Attackers can insert a malicious executable in the service path to gain elevated access during service restart or system reboot.

Published: Jan 13, 2026
Source: NVD
CVE-2022-50910 HIGH - 7.5

Beehive Forum 1.5.2 contains a host header injection vulnerability in the forgot password functionality that allows attackers to manipulate password reset requests. Attackers can inject a malicious host header to intercept password reset tokens and change victim account passwords without direct auth...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50909 HIGH - 8.8

Algo 8028 Control Panel version 3.3.3 contains a command injection vulnerability in the fm-data.lua endpoint that allows authenticated attackers to execute arbitrary commands. Attackers can exploit the insecure 'source' parameter by injecting commands that are executed with root privileges...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50908 HIGH - 7.2

Mailhog 1.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through email attachments. Attackers can send crafted emails with XSS payloads to execute arbitrary API calls, including message deletion and browser manipulation.

Published: Jan 13, 2026
Source: NVD
CVE-2022-50907 HIGH - 7.2

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrative users to bypass upload restrictions and execute PHP files. Attackers can upload malicious PHP files to parent directories by manipulating the upload URL parameter, enabling remote code execution thro...

Vendor: e107
Product: e107
Published: Jan 13, 2026
Source: NVD
CVE-2022-50904 HIGH - 8.4

Wondershare UBackit 2.0.5 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the wsbackup service to inject malicious executables that would run with LocalSystem per...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50903 HIGH - 8.4

Wondershare MobileTrans 3.5.9 contains an unquoted service path vulnerability in the ElevationService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path by placing malicious executables in specific filesystem locations that wi...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50902 HIGH - 8.4

Wondershare FamiSafe 1.0 contains an unquoted service path vulnerability in the FSService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Wondershare\FamiSafe\ to inject malicious code that would run with...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50901 HIGH - 8.4

Wondershare Dr.Fone 11.4.9 contains an unquoted service path vulnerability in the DFWSIDService that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Wondershare\Wondershare Dr.Fone\ to inject malicious executables that would...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50900 HIGH - 8.4

Wondershare Dr.Fone 12.0.18 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path to insert malicious code that will be executed with LocalSystem permissions during servi...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50898 HIGH - 8.8

NanoCMS 0.4 contains an authenticated file upload vulnerability that allows remote code execution through unvalidated page content creation. Authenticated attackers can upload PHP files with arbitrary code to the server's pages directory by exploiting the page creation mechanism without proper ...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50895 HIGH - 8.2

Aero CMS 0.0.1 contains a SQL injection vulnerability in the author parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, time-based, and UNION query techniques to extract sensitive database information and potentially compromise the system...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50890 HIGH - 7.5

Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. Attackers can exploit the vulnerability by crafting GET requests with directory traversal sequences to access restricted system directories on the devi...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50808 HIGH - 8.4

CoolerMaster MasterPlus 1.8.5 contains an unquoted service path vulnerability in the MPService that allows local attackers to execute code with elevated system privileges. Attackers can drop a malicious executable in the service path and trigger code execution during service startup or system reboot...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50806 HIGH - 8.8

4images 1.9 contains a remote command execution vulnerability that allows authenticated administrators to inject reverse shell code through template editing functionality. Attackers can save malicious code in the template and execute arbitrary commands by accessing a specific categories.php endpoint...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50805 HIGH - 8.2

Senayan Library Management System 9.0.0 contains a SQL injection vulnerability in the 'class' parameter that allows attackers to inject malicious SQL queries. Attackers can exploit the vulnerability by submitting crafted payloads to manipulate database queries and potentially extract sensi...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50693 HIGH - 8.4

Splashtop 8.71.12001.0 contains an unquoted service path vulnerability in the Splashtop Software Updater Service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Splashtop\Splashtop Software Updater\ to inject malici...

Published: Jan 13, 2026
Source: NVD
CVE-2021-47751 HIGH - 7.5

CuteEditor for PHP (now referred to as Rich Text Editor) 6.6 contains a directory traversal vulnerability in the browse template feature that allows attackers to write files to arbitrary web root directories. Attackers can exploit the ServerMapPath() function by renaming uploaded HTML files using di...

Published: Jan 13, 2026
Source: NVD
CVE-2026-22870 HIGH - 7.5

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, GuardDog's safe_extract() function does not validate decompressed file sizes when extracting ZIP archives (wheels, eggs), allowing attackers to cause denial of service through zip bombs. A malicious package can consume ...

Vendor: datadoghq
Product: guarddog
Published: Jan 13, 2026
Source: NVD