Search Results (87011 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-54125 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2026-07-15 7.8 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an authorized attacker to elevate privileges locally.
CVE-2026-50501 1 Microsoft 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more 2026-07-15 7.8 High
Stack-based buffer overflow in Windows Resilient File System (ReFS) allows an unauthorized attacker to execute code locally.
CVE-2026-55021 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-07-15 7.3 High
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-54121 1 Microsoft 8 Windows 10 1607, Windows 10 1809, Windows Server 2012 and 5 more 2026-07-15 8.8 High
Improper authorization in Active Directory Certificate Services (AD CS) allows an authorized attacker to elevate privileges over a network.
CVE-2026-55033 1 Microsoft 11 365 Apps, Office 2019, Office 2021 and 8 more 2026-07-15 7.8 High
Integer overflow or wraparound in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-50354 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2026-07-15 7.1 High
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-50669 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-15 7 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CVE-2026-55045 1 Microsoft 11 365 Apps, Office 2016, Office 2019 and 8 more 2026-07-15 8.4 High
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-59793 1 Jetbrains 1 Teamcity 2026-07-15 8.8 High
In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration
CVE-2019-25695 1 R-project 1 R 2026-07-15 8.4 High
R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Attackers can craft a payload with a 292-byte offset and JMP ESP instruction to execute commands like calc.exe when the payload is pasted into the Language for menus and messages field.
CVE-2023-7338 2 Commscope, Ruckusnetworks 58 Ruckus C110, Ruckus E510, Ruckus H320 and 55 more 2026-07-15 7.5 High
Ruckus Unleashed contains a remote code execution vulnerability in the web-based management interface that allows authenticated remote attackers to execute arbitrary code on the system when gateway mode is enabled. Attackers can exploit this vulnerability by sending specially crafted requests through the management interface to achieve arbitrary code execution on affected systems.
CVE-2023-54346 2 Backupbliss, Wordpress 3 Backup Migration, Wordpress Plugin Backup Migration, Wordpress 2026-07-15 7.5 High
WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then construct direct download URLs to retrieve sensitive backup archives containing full database dumps.
CVE-2022-50994 1 Draytek 1 Vigor 2960 2026-07-15 8.1 High
DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands by injecting shell metacharacters into the formpassword parameter. Attackers can exploit unsanitized input passed to the otp_check.sh script to achieve remote code execution with web server privileges. Exploitation requires knowledge of a valid username and that the target account has MOTP authentication enabled.
CVE-2022-50992 1 Weaver 1 E-cology 2026-07-15 7.5 High
Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and WorkflowService.LoadTemplateProp methods. Attackers can exploit these methods without authentication to retrieve sensitive files including system configuration files and database credentials from the server. Exploitation evidence was first observed by the Shadowserver Foundation on 2022-12-14 (UTC).
CVE-2022-50971 1 Malwarebytes 1 Malwarebytes 2026-07-15 7.8 High
Malwarebytes 4.5 contains an unquoted service path vulnerability in the MBAMService executable that allows local attackers to escalate privileges by injecting malicious code into the system root path. Attackers can place executable files in unquoted path directories that execute with LocalSystem privileges during service startup or system reboot.
CVE-2022-50944 2 Aerocms Project, Megatkc 2 Aerocms, Aero Cms 2026-07-15 8.8 High
Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=add_post parameter, and the uploaded files are executed by the server.
CVE-2021-47979 3 Miniorange, Wordpress, Wpbackitup 3 Backup And Restore, Wordpress, Backup And Restore Wordpress 2026-07-15 8.8 High
WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in AJAX requests. Attackers can send POST requests to admin-ajax.php with crafted file_name and folder_name parameters to delete arbitrary files from the WordPress installation directory.
CVE-2021-47941 2 Modalsurvey, Wordpress 3 Survey & Poll, Wordpress Survey And Poll, Wordpress 2026-07-15 8.2 High
WordPress Plugin Survey & Poll 1.5.7.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wp_sap cookie parameter. Attackers can craft SQL payloads in the cookie to extract sensitive database information including usernames, passwords, and other confidential data from the WordPress database.
CVE-2021-47903 2 Litespeed Technologies, Litespeedtech 2 Litespeed Web Server, Litespeed Web Server 2026-07-15 8.8 High
LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. Authenticated administrators can inject shell commands through the 'Command' parameter in the server configuration, allowing remote code execution via path traversal and bash command injection.
CVE-2021-47889 2 Cd-messenger Project, Softros Systems 2 Cd-messenger, Lan Messenger 2026-07-15 7.8 High
Softros LAN Messenger 9.6.4 contains an unquoted service path vulnerability in the SoftrosSpellChecker service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Softros Systems\Softros Messenger\Spell Checker\' to inject malicious executables and escalate privileges.