Export limit exceeded: 342389 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342389 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-25253 | 2026-04-04 | 6.2 Medium | ||
| Termite 3.4 contains a buffer overflow vulnerability in the User interface language settings field that allows local attackers to cause a denial of service by supplying an excessively long string. Attackers can paste a 2000-byte payload into the Settings User interface language field to crash the application. | ||||
| CVE-2018-25252 | 1 Solarwinds | 1 Ftp Voyager | 2026-04-04 | 6.2 Medium |
| FTP Voyager 16.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by injecting oversized buffer data into the site profile IP field. Attackers can create a malicious site profile containing 500 bytes of repeated characters and paste it into the IP field to trigger a buffer overflow that crashes the FTP Voyager process. | ||||
| CVE-2018-25251 | 2026-04-04 | 8.4 High | ||
| Snes9K 0.0.9z contains a buffer overflow vulnerability in the Netplay Socket Port Number field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Attackers can craft a malicious payload and paste it into the Socket Port Number field via the Netplay Options menu to achieve code execution through SEH chain exploitation. | ||||
| CVE-2018-25250 | 1 Mybb | 1 Mybb | 2026-04-04 | 7.2 High |
| MyBB Last User's Threads in Profile Plugin 1.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by crafting thread subjects with script tags. Attackers can create threads with script payloads in the subject field that execute when users visit the attacker's profile page. | ||||
| CVE-2018-25249 | 1 Mybb | 1 Mybb | 2026-04-04 | 6.4 Medium |
| MyBB My Arcade Plugin 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through arcade game score comments. Attackers can add crafted HTML and JavaScript payloads in the comment field that execute when other users view or edit the comment. | ||||
| CVE-2018-25248 | 1 Mybb | 1 Mybb | 2026-04-04 | 7.2 High |
| MyBB Downloads Plugin 2.0.3 contains a persistent cross-site scripting vulnerability that allows regular members to inject malicious scripts through the download title field. Attackers can submit a new download with HTML/JavaScript code in the title parameter, which executes when administrators validate the download in downloads.php. | ||||
| CVE-2018-25247 | 1 Mybb | 1 Mybb | 2026-04-04 | 6.1 Medium |
| MyBB Like Plugin 3.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating posts or threads with unvalidated subject content. Attackers can craft post subjects containing script tags that execute when other users view the attacker's profile, where liked posts are displayed without sanitization. | ||||
| CVE-2016-20061 | 2026-04-04 | 7.8 High | ||
| sheed AntiVirus 2.3 contains an unquoted service path vulnerability in the ShavProt service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can insert a malicious executable in the unquoted path and trigger service restart or system reboot to execute code with LocalSystem privileges. | ||||
| CVE-2016-20060 | 1 Pango | 1 Hotspot Shield | 2026-04-04 | 7.8 High |
| Hotspot Shield 6.0.3 contains an unquoted service path vulnerability in the hshld service binary that allows local attackers to escalate privileges by injecting malicious executables. Attackers can place executable files in the service path and upon service restart or system reboot, the malicious code executes with LocalSystem privileges. | ||||
| CVE-2016-20059 | 1 Iobit | 1 Malware Fighter | 2026-04-04 | 7.8 High |
| IObit Malware Fighter 4.3.1 contains an unquoted service path vulnerability in the IMFservice and LiveUpdateSvc services that allows local attackers to escalate privileges. Attackers can insert a malicious executable file in the unquoted service path and trigger privilege escalation when the service restarts or the system reboots, executing code with LocalSystem privileges. | ||||
| CVE-2016-20058 | 2026-04-04 | 7.8 High | ||
| Netgate AMITI Antivirus build 23.0.305 contains an unquoted service path vulnerability in the AmitiAvSrv and AmitiAntivirusHealth services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted service path and trigger service restart or system reboot to execute code with LocalSystem privileges. | ||||
| CVE-2016-20057 | 2026-04-04 | 7.8 High | ||
| NETGATE Registry Cleaner build 16.0.205 contains an unquoted service path vulnerability in the NGRegClnSrv service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the unquoted path and trigger service restart or system reboot to execute code with LocalSystem privileges. | ||||
| CVE-2016-20056 | 2026-04-04 | 7.8 High | ||
| Spy Emergency build 23.0.205 contains an unquoted service path vulnerability in the SpyEmrgHealth and SpyEmrgSrv services that allows local attackers to escalate privileges by inserting malicious executables. Attackers can place executable files in the unquoted service path and trigger service restart or system reboot to execute code with LocalSystem privileges. | ||||
| CVE-2016-20055 | 1 Iobit | 2 Advanced Systemcare, Advanced Systemcare Ultimate | 2026-04-04 | 7.8 High |
| IObit Advanced SystemCare 10.0.2 contains an unquoted service path vulnerability in the AdvancedSystemCareService10 service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the service path and trigger privilege escalation when the service restarts or the system reboots, executing code with LocalSystem privileges. | ||||
| CVE-2016-20053 | 1 Redaxo | 1 Redaxo Cms | 2026-04-04 | 5.3 Medium |
| Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the users endpoint with hidden fields containing admin credentials and account parameters to add new administrator accounts without user consent. | ||||
| CVE-2016-20052 | 1 Snewscms | 1 Snews | 2026-04-04 | 9.8 Critical |
| Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Attackers can upload malicious PHP files through the multipart form-data upload endpoint and execute them by accessing the uploaded file path to achieve remote code execution. | ||||
| CVE-2016-20051 | 1 Snewscms | 1 Snews | 2026-04-04 | 5.3 Medium |
| Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that submits POST requests to the changeup action, modifying the admin username and password parameters to gain unauthorized access. | ||||
| CVE-2016-20050 | 2026-04-04 | 6.2 Medium | ||
| NetSchedScan 1.0 contains a buffer overflow vulnerability in the scan Hostname/IP field that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a crafted payload containing 388 bytes of data followed by 4 bytes of EIP overwrite into the Hostname/IP field to trigger a denial of service condition. | ||||
| CVE-2026-3666 | 2026-04-04 | 8.8 High | ||
| The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 2.4.16. This is due to a missing file name/path validation against path traversal sequences. This makes it possible for authenticated attackers, with subscriber level access and above, to delete arbitrary files on the server by embedding a crafted path traversal string in a forum post body and then deleting the post. | ||||
| CVE-2026-3309 | 2026-04-04 | 6.5 Medium | ||
| The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.11. This is due to the plugin allowing user-supplied billing field values from the checkout process to be interpolated into shortcode template strings that are subsequently processed without proper sanitization of shortcode syntax. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes by submitting crafted billing field values during the checkout process. | ||||