Export limit exceeded: 341647 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 341647 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341647 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25232 | 1 Netpclinker | 1 Netpclinker | 2026-02-04 | 9.8 Critical |
| NetPCLinker 1.0.0.0 contains a buffer overflow vulnerability in the Clients Control Panel DNS/IP field that allows attackers to execute arbitrary shellcode. Attackers can craft a malicious payload in the DNS/IP input to overwrite SEH handlers and execute shellcode when adding a new client. | ||||
| CVE-2020-36998 | 1 Forma | 1 E-learning Suite | 2026-02-04 | 6.4 Medium |
| Forma.lms The E-Learning Suite 2.3.0.2 contains a persistent cross-site scripting vulnerability in multiple course and profile parameters. Attackers can inject malicious scripts in course code, name, description fields, and email parameter to execute arbitrary JavaScript without proper input sanitization. | ||||
| CVE-2020-37023 | 1 Koken | 1 Cms | 2026-02-04 | 8.8 High |
| Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with system command execution capabilities by manipulating the file upload request through a web proxy and changing the file extension. | ||||
| CVE-2020-37024 | 1 Nidesoft | 1 Dvd Ripper | 2026-02-04 | 8.4 High |
| Nidesoft DVD Ripper 5.2.18 contains a local buffer overflow vulnerability in the License Code registration parameter that allows attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the License Code field to trigger a stack-based buffer overflow and execute shellcode. | ||||
| CVE-2020-37025 | 1 Upredsun | 1 Port Forwarding Wizard | 2026-02-04 | 8.4 High |
| Port Forwarding Wizard 4.8.0 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code through a long request in the Register feature. Attackers can craft a malicious payload with an egg tag and overwrite SEH handlers to potentially execute shellcode on vulnerable Windows systems. | ||||
| CVE-2020-37026 | 1 Midgetspy | 1 Sickbeard | 2026-02-04 | 5.3 Medium |
| Sickbeard alpha contains a cross-site request forgery vulnerability that allows attackers to disable authentication by submitting crafted configuration parameters. Attackers can trick users into submitting a malicious form that clears web username and password, effectively removing authentication protection. | ||||
| CVE-2020-37027 | 1 Midgetspy | 1 Sickbeard | 2026-02-04 | 9.8 Critical |
| Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger processing to execute remote code on the vulnerable Sickbeard installation. | ||||
| CVE-2020-37029 | 1 K.soft | 1 Ftpdummy | 2026-02-04 | 8.4 High |
| FTPDummy 4.80 contains a local buffer overflow vulnerability in its preference file handling that allows attackers to execute arbitrary code. Attackers can craft a malicious preference file with carefully constructed shellcode to trigger a structured exception handler overwrite and execute system commands. | ||||
| CVE-2020-37031 | 1 Ashkon | 1 Simple Startup Manager | 2026-02-04 | 8.4 High |
| Simple Startup Manager 1.17 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory through the 'File' input parameter. Attackers can craft a malicious payload with 268 bytes to trigger code execution, bypassing DEP and overwriting memory addresses to launch calc.exe. | ||||
| CVE-2020-37058 | 1 Andrea Electronics | 1 Andrea St Filters Service | 2026-02-04 | 7.8 High |
| Andrea ST Filters Service 1.0.64.7 contains an unquoted service path vulnerability in its Windows service configuration. Local attackers can exploit the unquoted path to inject malicious code that will execute with elevated LocalSystem privileges during service startup. | ||||
| CVE-2020-37060 | 1 Drive-software | 1 Atomic Alarm Clock X86 | 2026-02-04 | 7.8 High |
| Atomic Alarm Clock 6.3 contains a local privilege escalation vulnerability in its service configuration that allows attackers to execute arbitrary code with SYSTEM privileges. Attackers can exploit the unquoted service path by placing a malicious executable named 'Program.exe' to gain persistent system-level access. | ||||
| CVE-2025-11175 | 1 Wikimedia | 1 Mediawiki-discussiontools Extension | 2026-02-04 | N/A |
| Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue affects Mediawiki - DiscussionTools Extension: 1.44, 1.43. | ||||
| CVE-2025-12899 | 1 Zephyrproject-rtos | 1 Zephyr | 2026-02-04 | 6.5 Medium |
| A flaw in Zephyr’s network stack allows an IPv4 packet containing ICMP type 128 to be misclassified as an ICMPv6 Echo Request. This results in an out-of-bounds memory read and creates a potential information-leak vulnerability in the networking subsystem. | ||||
| CVE-2025-13176 | 1 Eset | 1 Inspect Connector | 2026-02-04 | N/A |
| Planting a custom configuration file in ESET Inspect Connector allow load a malicious DLL. | ||||
| CVE-2025-15497 | 1 Openvpn | 1 Openvpn | 2026-02-04 | N/A |
| Insufficient epoch key slot processing in OpenVPN 2.7_alpha1 through 2.7_rc5 allows remote authenticated users to trigger an assert resulting in a denial of service | ||||
| CVE-2026-24149 | 1 Nvidia | 1 Megatron-lm | 2026-02-04 | 7.8 High |
| NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, data tampering. | ||||
| CVE-2026-1755 | 2 Themeisle, Wordpress | 2 Menu Icons, Wordpress | 2026-02-04 | 6.4 Medium |
| The Menu Icons by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_wp_attachment_image_alt’ post meta in all versions up to, and including, 0.13.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-1622 | 1 Neo4j | 2 Community Edition, Enterprise Edition | 2026-02-04 | 5.5 Medium |
| Neo4j Enterprise and Community editions versions prior to 2026.01.3 and 5.26.21 are vulnerable to a potential information disclosure by a user who has ability to access the local log files. The "obfuscate_literals" option in the query logs does not redact error information, exposing unredacted data in the query log when a customer writes a query that fails. It can allow a user with legitimate access to the local log files to obtain information they are not authorised to see. If this user is also in a position to run queries and trigger errors, this vulnerability can potentially help them to infer information they are not authorised to see through their intended database access. We recommend upgrading to versions 2026.01.3 (or 5.26.21) where the issue is fixed, and reviewing query log files permissions to ensure restricted access. If your configuration had db.logs.query.obfuscate_literals enabled, and you wish the obfuscation to cover the error messages as well, you need to enable the new configuration setting db.logs.query.obfuscate_errors once you have upgraded Neo4j. | ||||
| CVE-2020-37075 | 1 Lizardsystems | 1 Lansend | 2026-02-04 | 9.8 Critical |
| LanSend 3.2 contains a buffer overflow vulnerability in the Add Computers Wizard file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload file to trigger a structured exception handler (SEH) overwrite and execute shellcode when importing computers from a file. | ||||
| CVE-2020-37077 | 1 Twinkle Toes Software | 1 Booked Scheduler | 2026-02-04 | 6.5 Medium |
| Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manage_email_templates.php script that allows authenticated administrators to access unauthorized files. Attackers can exploit the vulnerable 'tn' parameter to read files outside the intended directory by manipulating directory path traversal techniques. | ||||