Export limit exceeded: 81132 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (81132 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-47867 | 1 Honeywell | 1 Win-pak | 2026-04-15 | 7.8 High |
| WIN-PACK PRO4.8 contains an unquoted service path vulnerability in the ScheduleService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in 'C:\Program Files <x86>\WINPAKPRO\ScheduleService Service.exe' to inject malicious code that would execute during service startup. | ||||
| CVE-2021-47868 | 1 Honeywell | 1 Win-pak | 2026-04-15 | 7.8 High |
| WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the WPCommandFileService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files <x86>\WINPAKPRO\WPCommandFileService Service.exe to inject malicious code that would execute with LocalSystem permissions. | ||||
| CVE-2021-47869 | 1 Brother | 1 Bradmin Professional | 2026-04-15 | 7.8 High |
| Brother BRAdmin Professional 3.75 contains an unquoted service path vulnerability in the BRA_Scheduler service that allows local users to potentially execute arbitrary code. Attackers can place a malicious executable named 'BRAdmin' in the C:\Program Files (x86)\Brother\ directory to gain local system privileges. | ||||
| CVE-2021-47871 | 1 Hestiacp | 1 Control Panel | 2026-04-15 | 8.8 High |
| Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the server. | ||||
| CVE-2021-47873 | 1 Vestacp | 2 Control Panel, Vesta Control Panel | 2026-04-15 | 7.2 High |
| VestaCP versions prior to 0.9.8-25 contain a cross-site scripting vulnerability in the IP interface configuration that allows attackers to inject malicious scripts. Attackers can exploit the 'v_interface' parameter by sending a crafted POST request to the add/ip/ endpoint with a stored XSS payload. | ||||
| CVE-2021-47858 | 1 Genexis | 2 Platinum-4410, Platinum-4410 Firmware | 2026-04-15 | 7.2 High |
| Genexis Platinum-4410 P4410-V2-1.31A contains a stored cross-site scripting vulnerability in the 'start_addr' parameter of the Security Management interface. Attackers can inject malicious scripts through the start source address field that will persist and trigger for privileged users when they access the security management page. | ||||
| CVE-2021-47874 | 1 Vfsforgit | 1 Vfs For Git | 2026-04-15 | 7.8 High |
| VFS for Git 1.0.21014.1 contains an unquoted service path vulnerability in the GVFS.Service Windows service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem privileges during service startup or system reboot. | ||||
| CVE-2021-47876 | 1 Geogebra | 1 Classic | 2026-04-15 | 7.5 High |
| GeoGebra Classic 5.0.631.0-d contains a denial of service vulnerability in the input field that allows attackers to crash the application by sending oversized buffer content. Attackers can generate a large buffer of 800,000 repeated characters and paste it into the 'Entrada:' input field to trigger an application crash. | ||||
| CVE-2021-47877 | 1 Geogebra | 1 Graphing Calculator | 2026-04-15 | 7.5 High |
| GeoGebra Graphing Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer. Attackers can generate a payload of 8000 repeated characters to overwhelm the input field and cause the application to become unresponsive. | ||||
| CVE-2021-47878 | 1 Luidia | 1 Ebeam Education Suite | 2026-04-15 | 7.8 High |
| eBeam Education Suite 2.5.0.9 contains an unquoted service path vulnerability in the eBeam Device Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem privileges during service startup. | ||||
| CVE-2021-47879 | 1 Luidia | 1 Ebeam Interactive Suite | 2026-04-15 | 7.8 High |
| eBeam Interactive Suite 3.6 contains an unquoted service path vulnerability in the eBeam Stylus Driver service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Luidia\eBeam Stylus Driver\ to inject malicious executables that would run with LocalSystem permissions. | ||||
| CVE-2021-47880 | 1 Realtek | 1 Wireless Lan Utility | 2026-04-15 | 7.8 High |
| Realtek Wireless LAN Utility 700.1631 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path by inserting malicious code in the system root path that would execute during application startup or system reboot. | ||||
| CVE-2021-47882 | 1 Freelan | 1 Freelan | 2026-04-15 | 7.8 High |
| FreeLAN 2.2 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated LocalSystem privileges during service startup. | ||||
| CVE-2021-47883 | 1 Sandboxie-plus | 1 Sandboxie | 2026-04-15 | 7.8 High |
| Sandboxie Plus 0.7.2 contains an unquoted service path vulnerability in the SbieSvc service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions during service startup. | ||||
| CVE-2021-47855 | 2 Litespeed Technologies, Litespeedtech | 2 Openlitespeed, Openlitespeed | 2026-04-15 | 7.2 High |
| Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. Attackers can craft a payload in the Notes field during listener configuration that will execute when an administrator clicks on the Default Icon. | ||||
| CVE-2021-47662 | 2026-04-15 | 7.5 High | ||
| Due to missing authorization an unauthenticated remote attacker can cause a DoS attack by connecting via HTTPS and triggering the shutdown button. | ||||
| CVE-2021-47621 | 1 Classgraph | 1 Classgraph | 2026-04-15 | 7.5 High |
| ClassGraph before 4.8.112 was not resistant to XML eXternal Entity (XXE) attacks. | ||||
| CVE-2021-47862 | 1 Hirezstudios | 1 Hi-rez Studios | 2026-04-15 | 7.8 High |
| Hi-Rez Studios 5.1.6.3 contains an unquoted service path vulnerability in the HiPatchService that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSystem permissions. | ||||
| CVE-2021-47852 | 1 Rockstargames | 1 Launcher | 2026-04-15 | 8.8 High |
| Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vulnerability that allows authenticated users to modify the service executable with weak permissions. Attackers can replace the RockstarService.exe with a malicious binary to create a new administrator user and gain elevated system access. | ||||
| CVE-2021-47884 | 2 Mitsubishielectric, Oki | 2 Iu Configuration Tool, Configuration Tool | 2026-04-15 | 7.8 High |
| OKI Configuration Tool 1.6.53 contains an unquoted service path vulnerability in the OKI Local Port Manager service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Okidata\Common\extend3\portmgrsrv.exe' to inject malicious executables and escalate privileges. | ||||