Total
332738 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5965 | 1 Centreon | 1 Centreon Web | 2026-01-26 | N/A | 7.2 HIGH |
| In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Backup configuration in the administration setup modules) allows OS Command Injection.This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19. | |||||
| CVE-2021-47834 | 2026-01-26 | N/A | 6.4 MEDIUM | ||
| Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into category titles. Attackers can create a new contact category with a script payload that will execute when the page is viewed by other users. | |||||
| CVE-2021-47820 | 2026-01-26 | N/A | 5.3 MEDIUM | ||
| Ubee EVW327 contains a cross-site request forgery vulnerability that allows attackers to enable remote access without user interaction. Attackers can craft a malicious webpage that automatically submits a form to change router remote access settings to port 8080 without the user's consent. | |||||
| CVE-2025-43904 | 2026-01-26 | N/A | 4.2 MEDIUM | ||
| In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator. | |||||
| CVE-2012-10064 | 2026-01-26 | N/A | N/A | ||
| Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary file upload vulnerability in the bundled plupload example endpoint. The /wp-content/plugins/omni-secure-files/plupload/examples/upload.php handler allows unauthenticated uploads without enforcing safe file type restrictions, enabling an attacker to place attacker-controlled files under the plugin's uploads directory. This can lead to remote code execution if a server-executable file type is uploaded and subsequently accessed. | |||||
| CVE-2021-47831 | 2026-01-26 | N/A | 7.5 HIGH | ||
| Sandboxie 5.49.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the container folder input field. Attackers can paste a large buffer of repeated characters into the Sandbox container folder setting to trigger an application crash. | |||||
| CVE-2021-47822 | 2026-01-26 | N/A | 7.8 HIGH | ||
| DiskBoss Service 12.2.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path by placing malicious executables in potential path locations to gain system-level access during service startup. | |||||
| CVE-2021-47833 | 2026-01-26 | N/A | 7.8 HIGH | ||
| WifiHotSpot 1.0.0.0 contains an unquoted service path vulnerability in its WifiHotSpotService.exe that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSystem permissions. | |||||
| CVE-2026-0629 | 2026-01-26 | N/A | N/A | ||
| Authentication bypass in the password recovery feature of the local web interface across multiple VIGI camera models allows an attacker on the LAN to reset the admin password without verification by manipulating client-side state. Attackers can gain full administrative access to the device, compromising configuration and network security. | |||||
| CVE-2025-15032 | 2026-01-26 | N/A | 7.4 HIGH | ||
| Missing about:blank indicator in custom-sized new windows in Dia before 1.9.0 on macOS could allow an attacker to spoof a trusted domain in the window title and mislead users about the current site. | |||||
| CVE-2025-61873 | 2026-01-26 | N/A | 2.6 LOW | ||
| Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used. | |||||
| CVE-2021-47827 | 2026-01-26 | N/A | 7.5 HIGH | ||
| WebSSH for iOS 14.16.10 contains a denial of service vulnerability in the mashREPL tool that allows attackers to crash the application by pasting malformed input. Attackers can trigger the vulnerability by copying a 300-character buffer of repeated 'A' characters into the mashREPL input field, causing the application to crash. | |||||
| CVE-2021-47835 | 2026-01-26 | N/A | 7.2 HIGH | ||
| Freeter 1.2.1 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads in custom widget titles and files. Attackers can craft malicious files with embedded scripts that execute when victims interact with the application, potentially enabling remote code execution. | |||||
| CVE-2021-47823 | 2026-01-26 | N/A | 7.8 HIGH | ||
| Acer ePowerSvc 6.0.3008.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem permissions during service startup. | |||||
| CVE-2025-62291 | 2026-01-26 | N/A | 8.1 HIGH | ||
| In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow. | |||||
| CVE-2021-47818 | 2026-01-26 | N/A | 7.5 HIGH | ||
| DupTerminator 1.4.5639.37199 contains a denial of service vulnerability that allows attackers to crash the application by inputting a long character string in the Excluded text box. Attackers can generate a payload of 8000 repeated characters to trigger the application to stop working on Windows 10. | |||||
| CVE-2021-47837 | 2026-01-26 | N/A | 7.2 HIGH | ||
| Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution. | |||||
| CVE-2021-47845 | 2026-01-26 | N/A | 7.8 HIGH | ||
| Spy Emergency 25.0.650 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted file paths in SpyEmergencyHealth.exe and SpyEmergencySrv.exe to inject malicious code during system startup or service restart. | |||||
| CVE-2025-51602 | 2026-01-26 | N/A | 4.8 MEDIUM | ||
| mmstu.c in VideoLAN VLC media player before 3.0.22 allows an out-of-bounds read and denial of service via a crafted 0x01 response from an MMS server. | |||||
| CVE-2025-24531 | 2026-01-26 | N/A | 6.7 MEDIUM | ||
| In OpenSC pam_pkcs11 before 0.6.13, pam_sm_authenticate() wrongly returns PAM_IGNORE in many error situations (such as an error triggered by a smartcard before login), allowing authentication bypass. | |||||