Export limit exceeded: 366292 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366292 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366292 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-37010 2 Bearshare, Musiclab-llc 2 Bearshare Lite, Bearshare 2026-07-15 9.8 Critical
BearShare Lite 5.2.5 contains a buffer overflow vulnerability in the Advanced Search keywords input that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload to overwrite the EIP register and execute shellcode by pasting malicious content into the search keywords field.
CVE-2020-37004 2 Codexcube, Rise 2 Ultimate Project Manager Crm Pro, Ultimate Project Manager 2026-07-15 8.2 High
The Ultimate Project Manager CRM PRO version 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tbl_users database table. Attackers can exploit the /frontend/get_article_suggestion/ endpoint by crafting malicious search parameters to progressively guess and retrieve user credentials through boolean-based inference techniques.
CVE-2020-36975 1 Epson 1 Status Monitor 3 2026-07-15 7.8 High
EPSON Status Monitor 3 version 8.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can leverage the unquoted path in 'C:\Program Files\Common Files\EPSON\EPW!3SSRP\E_S60RPB.EXE' to inject malicious executables and escalate privileges.
CVE-2020-36970 1 Pmb Services 2 Pmb, Pmb Services 2026-07-15 8.4 High
PMB 5.6 contains a local file disclosure vulnerability in getgif.php that allows attackers to read arbitrary system files by manipulating the 'chemin' parameter. Attackers can exploit the unsanitized file path input to access sensitive files like /etc/passwd by sending crafted requests to the getgif.php endpoint.
CVE-2020-36957 2 Campcodes, Pdfcomplete 2 Complete Online Dj Booking System, Pdf Complete 2026-07-15 7.8 High
PDF Complete 3.5.310.2002 contains an unquoted service path vulnerability in its pdfsvc.exe service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges.
CVE-2020-36910 1 Cayintech 1 Smp-pro4 2026-07-15 8.8 High
Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard_system.cgi pages. Attackers can exploit the 'NTP_Server_IP' parameter with default credentials to execute arbitrary shell commands as root.
CVE-2020-36909 1 Securecomputing 2 Snapgear Sg560, Snapgear Sg560 Firmware 2026-07-15 6.5 Medium
SnapGear Management Console SG560 3.1.5 contains a file manipulation vulnerability that allows authenticated users to read, write, and delete files using the edit_config_files CGI script. Attackers can manipulate POST request parameters in /cgi-bin/cgix/edit_config_files to access and modify files outside the intended /etc/config/ directory.
CVE-2020-36908 1 Securecomputing 2 Snapgear Sg560, Snapgear Sg560 Firmware 2026-07-15 5.3 Medium
SnapGear Management Console SG560 version 3.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft a malicious web page that automatically submits a form to create a new super user account with full administrative privileges when a logged-in user visits the page.
CVE-2019-25763 3 Brainstormforce, Ultimatebeaver, Wordpress 3 Ultimate Addons For Beaver Builder, Ultimate Addons For Beaver Builder, Wordpress 2026-07-15 9.8 Critical
WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functionality. Attackers can submit a POST request to the admin-ajax.php endpoint with the uabb-lf-google-submit action, a valid administrator email address, and a valid nonce to obtain session cookies and authenticate as that user.
CVE-2019-25752 1 Cmsjunkie 1 J-businessdirectory 2026-07-15 8.2 High
Joomla! Component J-BusinessDirectory 4.9.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the type parameter. Attackers can send GET requests to index.php with the option=com_jbusinessdirectory&task=categories.getCategories parameters and inject UNION-based SQL statements in the type parameter to extract database information including schema names and sensitive data.
CVE-2019-25751 1 Cmsjunkie 1 J-classifiedsmanager 2026-07-15 8.2 High
Joomla Component J-ClassifiedsManager 3.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the categorySearch, adType, and citySearch parameters to the displayads component to extract sensitive database information including usernames, databases, and version details.
CVE-2019-25747 2 Brocade, Network-inventory-advisor 2 Network Advisor, Network Inventory Advisor 2026-07-15 7.8 High
Network Inventory Advisor 5.0.26.0 installs the niaservice service with an unquoted binary path that allows local attackers to escalate privileges by placing malicious executables in intermediate directories. Attackers can exploit the unquoted path in the service configuration to execute arbitrary code with LocalSystem privileges when the service starts or restarts.
CVE-2019-25746 2 Slicedinvoices, Wordpress 2 Sliced Invoices, Wordpress 2026-07-15 7.1 High
WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send requests to the admin.php endpoint with action=duplicate_quote_invoice and malicious 'post' values to extract sensitive database information or modify data.
CVE-2019-25744 3 Popup Builder, Sygnoos, Wordpress 3 Popup Builder, Popup Builder, Wordpress 2026-07-15 5.4 Medium
WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in the post_title parameter. Attackers can submit crafted POST requests to the post.php endpoint with script payloads in the post_title field that execute when pages or posts display popup selections.
CVE-2019-25740 1 Joomsky 1 Js Jobs 2026-07-15 6.5 Medium
Joomla com_jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. Attackers can send POST requests to the job.savejob task with path traversal sequences in the field_2 parameter to delete arbitrary files accessible to the web server.
CVE-2019-25735 1 Allplayer 1 Allplayer 2026-07-15 8.4 High
AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an excessively long URL string. Attackers can craft a malicious URL, paste it into the Open URL dialog, and trigger SEH-based code execution to run arbitrary commands with user privileges.
CVE-2019-25718 1 Draeger 1 Infinity Explorer C700 2026-07-15 8.4 High
Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog interaction. Attackers can exploit this kiosk escape to take control of the operating system and cause the device to display incorrect or no information from the connected Delta Family patient monitor.
CVE-2019-25717 1 Draeger 2 Infinity Delta, Infinity Kappa 2026-07-15 4.3 Medium
Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log files over a network connection. Attackers can retrieve device internals, location information, and wired network configuration details from the exposed log files.
CVE-2019-25716 1 Draeger 2 Infinity Delta, Infinity Kappa 2026-07-15 6.5 Medium
Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network packet. Attackers can repeatedly send malformed network packets to disrupt patient monitoring until the device falls back to default configuration and loses network connectivity.
CVE-2019-25693 2 Montala, Resourcespace 2 Resourcespace, Resourcespace 2026-07-15 7.1 High
ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection_edit.php. Attackers can submit POST requests with crafted SQL payloads in the keywords field to extract sensitive database information including schema names, user credentials, and other confidential data.