Export limit exceeded: 345249 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345249 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-50923 | 1 Cobiansoft | 1 Cobian Backup | 2026-03-05 | 7.8 High |
| Cobian Backup 0.9 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CobianReflectorService to inject malicious code that will execute with LocalSystem permissions during service startup. | ||||
| CVE-2022-50919 | 1 Tdarr | 1 Tdarr | 2026-03-05 | 9.8 Critical |
| Tdarr 2.00.15 contains an unauthenticated remote code execution vulnerability in its Help terminal that allows attackers to inject and chain arbitrary commands. Attackers can exploit the lack of input filtering by chaining commands like `--help; curl .py | python` to execute remote code without authentication. | ||||
| CVE-2022-50912 | 1 Impresscms | 1 Impresscms | 2026-03-05 | 9.8 Critical |
| ImpressCMS 1.4.4 contains a file upload vulnerability with weak extension sanitization that allows attackers to upload potentially malicious files. Attackers can bypass file upload restrictions by using alternative file extensions .php2.php6.php7.phps.pht to execute arbitrary PHP code on the server. | ||||
| CVE-2022-50910 | 2 Beehive Forum, Beehiveforum | 2 Beehive Forum, Beehive Forum | 2026-03-05 | 9.8 Critical |
| Beehive Forum 1.5.2 contains a host header injection vulnerability in the forgot password functionality that allows attackers to manipulate password reset requests. Attackers can inject a malicious host header to intercept password reset tokens and change victim account passwords without direct authentication. | ||||
| CVE-2022-50903 | 1 Wondershare | 1 Mobiletrans | 2026-03-05 | 8.4 High |
| Wondershare MobileTrans 3.5.9 contains an unquoted service path vulnerability in the ElevationService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path by placing malicious executables in specific filesystem locations that will be executed with LocalSystem permissions during service startup. | ||||
| CVE-2022-50901 | 1 Wondershare | 1 Dr.fone | 2026-03-05 | 8.4 High |
| Wondershare Dr.Fone 11.4.9 contains an unquoted service path vulnerability in the DFWSIDService that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Wondershare\Wondershare Dr.Fone\ to inject malicious executables that would run with LocalSystem privileges. | ||||
| CVE-2022-50900 | 1 Wondershare | 1 Dr.fone | 2026-03-05 | 8.4 High |
| Wondershare Dr.Fone 12.0.18 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path to insert malicious code that will be executed with LocalSystem permissions during service startup. | ||||
| CVE-2022-50897 | 3 Fkrauthan, Mpdf1, Mpdf Project | 3 Wp-mpdf, Mpdf, Mpdf | 2026-03-05 | 5.5 Medium |
| mPDF 7.0 contains a local file inclusion vulnerability that allows attackers to read arbitrary system files by manipulating annotation file parameters. Attackers can generate URL-encoded or base64 payloads to include local files through crafted annotation content with file path specifications. | ||||
| CVE-2021-47919 | 2 Simple-cms Project, Simplephpscripts | 3 Simple Cms, Simple Cms, Simple Cms Php | 2026-03-05 | 6.4 Medium |
| Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerability in the preview.php file's id parameter. Attackers can inject malicious script code through a GET request to execute arbitrary scripts and potentially hijack user sessions or perform phishing attacks. | ||||
| CVE-2021-47918 | 2 Simple-cms Project, Simplephpscripts | 3 Simple Cms, Simple Cms, Simple Cms Php | 2026-03-05 | 8.1 High |
| Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application. | ||||
| CVE-2021-47917 | 2 Simple-cms Project, Simplephpscripts | 3 Simple Cms, Simple Cms, Simple Cms Php | 2026-03-05 | 6.4 Medium |
| Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading to session hijacking and application manipulation. | ||||
| CVE-2021-47915 | 1 Phpsugar | 1 Php Melody | 2026-03-05 | 8.1 High |
| PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web application and database management system. | ||||
| CVE-2021-47914 | 1 Phpsugar | 1 Php Melody | 2026-03-05 | 6.4 Medium |
| PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.php submitted parameter that allows remote attackers to inject malicious script code. Attackers can exploit this vulnerability to execute arbitrary JavaScript, potentially leading to session hijacking, persistent phishing, and manipulation of application modules. | ||||
| CVE-2021-47913 | 1 Phpsugar | 1 Php Melody | 2026-03-05 | 6.4 Medium |
| PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation. | ||||
| CVE-2021-47912 | 1 Phpsugar | 1 Php Melody | 2026-03-05 | 6.4 Medium |
| PHP Melody version 3.0 contains multiple non-persistent cross-site scripting vulnerabilities in categories, import, and user import files. Attackers can inject malicious scripts through unvalidated parameters to execute client-side attacks and potentially hijack user sessions. | ||||
| CVE-2021-47843 | 2 Pabloandumundu, Tagstoo | 2 Tagstoo, Tagstoo | 2026-03-05 | 5.4 Medium |
| Tagstoo 2.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious payloads through files or custom tags. Attackers can execute arbitrary JavaScript code to spawn system processes, access files, and perform remote code execution on the victim's computer. | ||||
| CVE-2021-47817 | 2 Open-emr, Openemr | 2 Openemr, Openemr | 2026-03-05 | 5.4 Medium |
| OpenEMR 5.0.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript through user profile parameters. Attackers can exploit the vulnerability by crafting a malicious payload to download and execute a web shell, enabling remote command execution on the vulnerable OpenEMR instance. | ||||
| CVE-2021-47814 | 2 Nsasoft, Nsauditor | 2 Nbmonitor, Nbmonitor | 2026-03-05 | 7.5 High |
| NBMonitor 1.6.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the registration code input field. Attackers can paste a 256-character buffer into the registration key field to trigger an application crash and potential system instability. | ||||
| CVE-2021-47811 | 1 Grocerycrud | 1 Grocery Crud | 2026-03-05 | 9.1 Critical |
| Grocery Crud 1.6.4 contains a SQL injection vulnerability in the order_by parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the order_by[] parameter in POST requests to the ajax_list endpoint to potentially extract or modify database information. | ||||
| CVE-2021-47810 | 1 Wibu | 1 Wibukey | 2026-03-05 | 7.8 High |
| WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\PROGRAM FILES (X86)\WIBUKEY\SERVER\WkSvW32.exe' to inject malicious executables and escalate privileges. | ||||