High
CVE-2020-37072
Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'comment_author' POST parameter that allows attackers to inject malicious scripts. Attackers can submit crafted JavaScript p…
Tag: Remote Code Execution
All CVEs associated with "Remote Code Execution". Page 17/345 • 41310 CVEs.
Subscribe CVEs: RSS for “Remote Code Execution” · RSS (High+Critical only)
About “Remote Code Execution”
A curated feed of “Remote Code Execution”-related CVEs appears below. We currently track 41310 CVEs for this tag (all time). In the last 365 days, 4654 were published. Average CVSS is 8.3 (all time; 8.2 over 365d), and 86% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-94 - Improper Control of Generation of Code ('Code Injection'), CWE-434 - Unrestricted Upload of File with Dangerous Type, CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection').
In our taxonomy this topic maps to a VERY HIGH impact class. Common exploitation patterns for this weakness can lead to very high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2026-02-03
Critical
CVE-2020-37071
CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary PHP code through a crafted payload. Attackers can generate a maliciou…
Critical
CVE-2020-37070
CloudMe 1.11.2 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code through crafted network packets. Attackers can exploit the vulnerability by sending a sp…
Critical
CVE-2020-37066
GoldWave 5.70 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting malicious input in the File Open URL dialog. Attackers can generate a specially craf…
Critical
CVE-2020-37065
StreamRipper32 version 2.6 contains a buffer overflow vulnerability in the Station/Song Section that allows attackers to overwrite memory by manipulating the SongPattern input. Attackers can craft a…
High
CVE-2019-25260
OXID eShop versions 6.x prior to 6.3.4 contains a SQL injection vulnerability in the 'sorting' parameter that allows attackers to insert malicious database content. Attackers can exploit the vulnerab…
Medium
CVE-2025-65081
An out-of-bounds read vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an un…
Medium
CVE-2025-65080
A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivi…
Medium
CVE-2025-65079
A heap-based buffer overflow vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code a…
Critical
CVE-2025-65078
An untrusted search path vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code.
High
CVE-2025-65077
A relative path traversal vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary cod…
High
CVE-2026-24149
NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may…
High
CVE-2026-25502
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, stack-based buffer overflow in i…
Critical
CVE-2026-25237
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, use of preg_replace() with the /e modifier in bug update email handling can enable PHP code execution…
High
CVE-2025-62673
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tdpserver modules) allows adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially…
High
CVE-2025-62405
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code vi…
High
CVE-2025-62404
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code vi…
High
CVE-2025-61983
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code vi…
High
CVE-2025-61944
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code vi…
High
CVE-2025-59487
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code. T…
High
CVE-2025-59482
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code vi…
High
CVE-2025-58455
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code vi…
High
CVE-2025-58077
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code v…
High
CVE-2025-70560
Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An atta…
Medium
CVE-2025-70559
pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An at…
Critical
CVE-2025-69983
FUXA v1.2.7 allows Remote Code Execution (RCE) via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An atta…
Critical
CVE-2025-69981
FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the `/api/upload` API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arb…
Medium
CVE-2025-67189
A buffer overflow vulnerability exists in the setParentalRules interface of TOTOLINK A950RG V4.1.2cu.5204_B20210112. The urlKeyword parameter is not properly validated, and the function concatenates…
Critical
CVE-2025-67186
TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vulnerability in the setUrlFilterRules interface of /lib/cste_modules/firewall.so. The vulnerability occurs because the `url` parame…
High
CVE-2025-65875
An arbitrary file upload vulnerability in the AddFont() function of FPDF v1.86 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file.
Critical
CVE-2025-63624
SQL Injection vulnerability in Shandong Kede Electronics Co., Ltd IoT smart water meter monitoring platform v.1.0 allows a remote attacker to execute arbitrary code via the imei_list.aspx file.
High
CVE-2020-37113
GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute a…
High
CVE-2020-37102
Adaware Web Companion 4.9.2159 contains an unquoted service path vulnerability in the WCAssistantService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the u…
High
CVE-2020-37100
Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquote…
High
CVE-2020-37099
Disk Savvy Enterprise 12.3.18 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the…
High
CVE-2020-37098
Disk Sorter Enterprise 12.4.16 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquote…
High
CVE-2026-1730
The OS DataHub Maps plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'OS_DataHub_Maps_Admin::add_file_and_ext' function in all versions up to,…
Critical
CVE-2026-24465
Stack-based buffer overflow vulnerability exists in ELECOM wireless LAN access point devices. A crafted packet may lead to arbitrary code execution.
High
CVE-2026-24694
The installer for Roland Cloud Manager ver.3.1.19 and prior insecurely loads Dynamic Link Libraries (DLLs), which could allow an attacker to execute arbitrary code with the privileges of the applicat…
High
CVE-2025-15556
Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability where downloaded update metadata and installers are not cryptographically veri…
2026-02-02
Critical
CVE-2026-25142
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.27, SanboxJS does not properly restrict __lookupGetter__ which can be used to obtain prototypes, which can be used for escaping the sandbox…
High
CVE-2026-25134
Group-Office is an enterprise customer relationship management and groupware tool. Prior to 6.8.150, 25.0.82, and 26.0.5, the MaintenanceController exposes an action zipLanguage which takes a lang pa…
High
CVE-2026-24051
OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking (Untrusted Search Paths) on macOS/Darwin systems. The re…
Critical
CVE-2026-22778
vLLM is an inference and serving engine for large language models (LLMs). From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns t…
Critical
CVE-2025-66480
Wildfire IM is an instant messaging and real-time audio/video solution. Prior to 1.4.3, a critical vulnerability exists in the im-server component related to the file upload functionality found in co…
High
CVE-2026-22223
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent authenticated attacker execute arbitrary code. Successful exploitation could allow an attacker to…
High
CVE-2026-22222
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker t…
High
CVE-2026-22221
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent authenticated attacker execute arbitrary code. Successful exploitation could allow an attacker to…
High
CVE-2026-0631
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows an adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacke…
High
CVE-2026-0630
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) and Archer AXE75 v1.0 allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation cou…
Medium
CVE-2026-1770
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting ma…
High
CVE-2025-14914
IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading…
High
CVE-2026-1761
A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit…
High
CVE-2025-10279
In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions (0o777). This vulnerability allows an attacker with wri…
Critical
CVE-2024-5986
A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the `/3/Parse` endpoint to inject attacker-co…
Critical
CVE-2024-2356
A Local File Inclusion (LFI) vulnerability exists in the '/reinstall_extension' endpoint of the parisneo/lollms-webui application, specifically within the `name` parameter of the `@router.post("/rein…
2026-02-01
High
CVE-2020-37064
EPSON EasyMP Network Projection 2.81 contains an unquoted service path vulnerability in the EMP_NSWLSV service that allows local users to potentially execute arbitrary code. Attackers can exploit the…
High
CVE-2020-37063
TFTP Turbo 4.6.1273 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path…
High
CVE-2020-37062
DHCP Turbo 4.61298 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can place malicio…
High
CVE-2020-37061
BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquo…
High
CVE-2020-37055
SpyHunter 4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service p…
High
CVE-2020-37048
Iskysoft Application Framework Service 2.4.3.241 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated privileges. Attackers can…
High
CVE-2020-37045
Veritas NetBackup 7.0 contains an unquoted service path vulnerability in the NetBackup INET Daemon service that allows local users to potentially execute arbitrary code. Attackers can exploit the unq…
2026-01-30
Critical
CVE-2020-37052
AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injecti…
Critical
CVE-2020-37050
Quick Player 1.3 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious .m3l file with carefully constructed payload. Attackers can trigger t…
High
CVE-2020-37049
Frigate 3.36.0.9 contains a local buffer overflow vulnerability in the Command Line input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload to overflow th…
Critical
CVE-2020-37043
10-Strike Bandwidth Monitor 3.9 contains a buffer overflow vulnerability that allows attackers to bypass SafeSEH, ASLR, and DEP protections through carefully crafted input. Attackers can exploit the…
High
CVE-2020-37042
Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the 'Find Computer' feature that allows attackers to execute arbitrary code by overflowing the computer name input fiel…
High
CVE-2020-37040
Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious file name with Unicode characters. Attackers can trigger the v…
High
CVE-2020-37036
RM Downloader 2.50.60 contains a local buffer overflow vulnerability in the 'Load' parameter that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious pay…
High
CVE-2020-37032
Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to sen…
High
CVE-2020-37031
Simple Startup Manager 1.17 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory through the 'File' input parameter. Attackers can craf…
High
CVE-2020-37029
FTPDummy 4.80 contains a local buffer overflow vulnerability in its preference file handling that allows attackers to execute arbitrary code. Attackers can craft a malicious preference file with care…
High
CVE-2020-37028
Socusoft Photo to Video Converter Professional 8.07 contains a local buffer overflow vulnerability in the 'Output Folder' input field that allows attackers to execute arbitrary code. Attackers can cr…
High
CVE-2020-37025
Port Forwarding Wizard 4.8.0 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code through a long request in the Register feature. Attackers can craft a malic…
High
CVE-2020-37024
Nidesoft DVD Ripper 5.2.18 contains a local buffer overflow vulnerability in the License Code registration parameter that allows attackers to execute arbitrary code. Attackers can craft a malicious p…
Critical
CVE-2026-25130
Cybersecurity AI (CAI) is a framework for AI Security. In versions up to and including 0.5.10, the CAI (Cybersecurity AI) framework contains multiple argument injection vulnerabilities in its functio…
Medium
CVE-2026-25129
PsySH is a runtime developer console, interactive debugger, and REPL for PHP. Prior to versions 0.11.23 and 0.12.19, PsySH automatically loads and executes a `.psysh.php` file from the Current Workin…
High
CVE-2025-62348
Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of t…
High
CVE-2020-37060
Atomic Alarm Clock 6.3 contains a local privilege escalation vulnerability in its service configuration that allows attackers to execute arbitrary code with SYSTEM privileges. Attackers can exploit t…
High
CVE-2020-37030
Outline Service 1.3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted…
Critical
CVE-2026-1699
In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pull_request_target trigger while checking out and executing untrusted pull request code. This…
Critical
CVE-2026-0963
An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution vi…
High
CVE-2026-0805
An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path t…
2026-01-29
High
CVE-2026-25116
Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the `UserConfigController` allows any remote us…
High
CVE-2026-25063
gradle-completion provides Bash and Zsh completion support for Gradle. A command injection vulnerability was found in gradle-completion up to and including 9.3.0 that allows arbitrary code execution…
High
CVE-2026-25061
tcpflow is a TCP/IP packet demultiplexer. In versions up to and including 1.61, wifipcap parses 802.11 management frame elements and performs a length check on the wrong field when handling the TIM e…
Critical
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
Critical
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
High
CVE-2026-1457
An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buf…
Medium
CVE-2025-69749
Cross Site Scripting vulnerability in tale v.2.0.5 allows an attacker to execute arbitrary code.
High
CVE-2026-24780
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.44, AutoGPT Platfo…
High
CVE-2020-37017
CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary…
High
CVE-2020-37013
Audio Playback Recorder 3.2.2 contains a local buffer overflow vulnerability in the eject and registration parameters that allows attackers to execute arbitrary code. Attackers can craft malicious pa…
Critical
CVE-2020-37012
Tea LaTex 1.0 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary shell commands through the /api.php endpoint. Attackers can craft a malicious L…
Critical
CVE-2020-37010
BearShare Lite 5.2.5 contains a buffer overflow vulnerability in the Advanced Search keywords input that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload t…
High
CVE-2020-37009
MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endp…
High
CVE-2020-37001
Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the Pack File feature that allows attackers to execute arbitrary code by overflowing the 'Archive To' input field. Atta…
Critical
CVE-2020-37000
Free MP3 CD Ripper 2.8 contains a stack buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting a malicious WAV file with oversized payload. Attackers can lev…
2026-01-28
Critical
CVE-2026-24897
Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient val…
High
CVE-2026-24856
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Versions prior to 2.3.1.2 have an undefined behavior issue…
Medium
CVE-2026-24768
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an unvalidated redirect (open redirect) vulnerability exists in NocoDB’s login flow due to missing validation of t…
High
CVE-2025-68119
Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom d…
High
CVE-2022-40620
FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism.…
Critical
CVE-2025-57795
Explorance Blue versions prior to 8.14.13 contain an authenticated remote file download vulnerability in a web service component. In default configurations, this flaw can be leveraged to achieve remo…
Critical
CVE-2025-57794
Explorance Blue versions prior to 8.14.9 contain an authenticated unrestricted file upload vulnerability in the administrative interface. The application does not adequately restrict uploaded file ty…
High
CVE-2025-33220
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause heap memory access after the memory is freed. A successful exploit of this vulnerability…
High
CVE-2025-33219
NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. A successful exploit of this vulnerability might…
High
CVE-2025-33218
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where an attacker could cause an integer overflow. A successful exploit of this vulnerability m…
High
CVE-2025-33217
NVIDIA Display Driver for Windows contains a vulnerability where an attacker could trigger a use after free. A successful exploit of this vulnerability might lead to code execution, escalation of pri…
Medium
CVE-2020-36973
PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt…
High
CVE-2020-36971
Nidesoft 3GP Video Converter 2.6.18 contains a local stack buffer overflow vulnerability in the license registration parameter. Attackers can craft a malicious payload and paste it into the 'License…
Critical
CVE-2020-36967
Zortam Mp3 Media Studio 27.60 contains a buffer overflow vulnerability in the library creation file selection process that allows remote code execution. Attackers can craft a malicious text file with…
High
CVE-2020-36965
docPrint Pro 8.0 contains a local buffer overflow vulnerability in the 'Add URL' input field that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious pay…
Critical
CVE-2020-36961
10-Strike Network Inventory Explorer 8.65 contains a buffer overflow vulnerability in exception handling that allows remote attackers to execute arbitrary code. Attackers can craft a malicious file w…
Critical
CVE-2026-1056
The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'generate_user_dirpath' function in all versions up to, and includi…
High
CVE-2020-36991
ShareMouse 5.0.43 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the insecure ser…
High
CVE-2020-36989
ForensiT AppX Management Service 2.2.0.4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can e…
High
CVE-2020-36985
IP Watcher 3.0.0.30 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted bina…
High
CVE-2026-1400
The AI Engine – The Chatbot and AI Framework for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the `rest_helpers_update_media_metadata`…