Export limit exceeded: 352232 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (352232 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-25151 | 1 Ecessa | 1 Wanworx Wvr-30 | 2026-04-15 | 4.3 Medium |
| Ecessa WANWorx WVR-30 versions before 10.7.4 contain a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft a malicious web page with a hidden form to create a new superuser account by tricking an authenticated administrator into loading the page. | ||||
| CVE-2025-58449 | 2026-04-15 | N/A | ||
| Maho is a free and open source ecommerce platform. In Maho prior to 25.9.0, an authenticated staff user with access to the `Dashboard` and `Catalog\Manage Products` permissions can create a custom option on a listing with a file input field. By allowing file uploads with a `.php` extension, the user can use the filed to upload malicious PHP files, gaining remote code execution. Version 25.9.0 fixes the issue. | ||||
| CVE-2025-27705 | 2026-04-15 | N/A | ||
| There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.53. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second administrator logs in. Attack complexity is high, attack requirements are present, privileges required are none, user interaction is required. The impact to confidentiality is low, the impact to availability is none, and the impact to system integrity is none. | ||||
| CVE-2025-27704 | 2026-04-15 | N/A | ||
| There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.53. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second administrator logs in. Attack complexity is high, attack requirements are present, privileges required are none, user interaction is required. The impact to confidentiality is low, the impact to availability is none, and the impact to system integrity is none. | ||||
| CVE-2025-58401 | 2026-04-15 | N/A | ||
| Obsidian GitHub Copilot Plugin versions prior to 1.1.7 store Github API token in cleartext form. As a result, an attacker may perform unauthorized operations on the linked Github account. | ||||
| CVE-2018-25150 | 1 Ecessa | 2 Shieldlink Sl175ehq, Shieldlink Sl175ehq Firmware | 2026-04-15 | 5.3 Medium |
| Ecessa ShieldLink SL175EHQ 10.7.4 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious web page with a hidden form to add a superuser account by tricking a logged-in administrator into loading the page. | ||||
| CVE-2018-25141 | 1 Flir | 2 Flir Ax8 Firmware, Thermal Traffic Cameras | 2026-04-15 | 7.5 High |
| FLIR thermal traffic cameras contain an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly retrieve video streams by accessing specific endpoints like /live.mjpeg, /snapshot.jpg, and RTSP streaming URLs without authentication. | ||||
| CVE-2021-47921 | 1 Scott Ferreira | 1 Free Photo And Video Vault Wifi Transfer | 2026-04-15 | 6.5 Medium |
| Free Photo & Video Vault 0.0.2 contains a directory traversal web vulnerability that allows remote attackers to manipulate application path requests and access sensitive system files. Attackers can exploit the vulnerability without privileges to retrieve environment variables and access unauthorized system paths. | ||||
| CVE-2021-47920 | 1 Webmo | 1 Job Manager | 2026-04-15 | 5.4 Medium |
| WebMO Job Manager 20.0 contains a cross-site scripting vulnerability in search parameters that allows remote attackers to inject malicious script code. Attackers can exploit the filterSearch and filterSearchType parameters to perform non-persistent attacks including session hijacking and external redirects. | ||||
| CVE-2021-47911 | 2 Jdwebdesigner, Redefiningtheweb | 2 Affiliate Pro, Affiliate Pro | 2026-04-15 | 5.4 Medium |
| Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index module's input fields. Attackers can inject malicious scripts through fullname, username, and email parameters to execute client-side attacks and manipulate browser requests. | ||||
| CVE-2021-47902 | 1 Testa | 1 Online Test Management System | 2026-04-15 | 8.2 High |
| Testa Online Test Management System 3.4.7 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'q' search parameter. Attackers can inject malicious SQL code in the search field to extract database information, potentially accessing sensitive user or system data. | ||||
| CVE-2021-47891 | 2 Unified Intents, Unifiedremote | 2 Unified Remote, Unified Remote | 2026-04-15 | 9.8 Critical |
| Unified Remote 3.9.0.2463 contains a remote code execution vulnerability that allows attackers to send crafted network packets to execute arbitrary commands. Attackers can exploit the service by connecting to port 9512 and sending specially crafted packets to open a command prompt and download and execute malicious payloads. | ||||
| CVE-2021-47889 | 1 Softros Systems | 1 Lan Messenger | 2026-04-15 | 7.8 High |
| Softros LAN Messenger 9.6.4 contains an unquoted service path vulnerability in the SoftrosSpellChecker service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Softros Systems\Softros Messenger\Spell Checker\' to inject malicious executables and escalate privileges. | ||||
| CVE-2021-47887 | 1 Oki | 1 Print Job Accounting | 2026-04-15 | 7.8 High |
| OKI Print Job Accounting 4.4.10 contains an unquoted service path vulnerability in the OkiJaSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Okidata\Print Job Accounting\' to inject malicious executables and escalate privileges. | ||||
| CVE-2021-47886 | 1 Fyrolabs | 1 Pingzapper | 2026-04-15 | 7.8 High |
| Pingzapper 2.3.1 contains an unquoted service path vulnerability in the PingzapperSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Pingzapper\PZService.exe' to inject malicious executables and escalate privileges. | ||||
| CVE-2021-47884 | 2 Mitsubishielectric, Oki | 2 Iu Configuration Tool, Configuration Tool | 2026-04-15 | 7.8 High |
| OKI Configuration Tool 1.6.53 contains an unquoted service path vulnerability in the OKI Local Port Manager service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Okidata\Common\extend3\portmgrsrv.exe' to inject malicious executables and escalate privileges. | ||||
| CVE-2021-47883 | 1 Sandboxie-plus | 1 Sandboxie | 2026-04-15 | 7.8 High |
| Sandboxie Plus 0.7.2 contains an unquoted service path vulnerability in the SbieSvc service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions during service startup. | ||||
| CVE-2021-47882 | 1 Freelan | 1 Freelan | 2026-04-15 | 7.8 High |
| FreeLAN 2.2 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated LocalSystem privileges during service startup. | ||||
| CVE-2021-47880 | 1 Realtek | 1 Wireless Lan Utility | 2026-04-15 | 7.8 High |
| Realtek Wireless LAN Utility 700.1631 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path by inserting malicious code in the system root path that would execute during application startup or system reboot. | ||||
| CVE-2021-47879 | 1 Luidia | 1 Ebeam Interactive Suite | 2026-04-15 | 7.8 High |
| eBeam Interactive Suite 3.6 contains an unquoted service path vulnerability in the eBeam Stylus Driver service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Luidia\eBeam Stylus Driver\ to inject malicious executables that would run with LocalSystem permissions. | ||||