Lucene search
K

363816 matches found

NVD
NVD
added 2026/06/19 4:16 p.m.12 views

CVE-2026-12620

The GridTime 3000 GNSS Time Server leaks the access token in the URL parameters of some endpoints. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0...

4.6CVSS0.00242EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 4:16 p.m.13 views

CVE-2026-12622

The GridTime 3000 GNSS Time Server has an open redirect vulnerability in the password change form submission. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0...

5.3CVSS0.00207EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 4:16 p.m.13 views

CVE-2017-20265

Joomla! Component Flip Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the option=comflipwall&task=click&wallid...

7.1CVSS0.00241EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 4:16 p.m.13 views

CVE-2017-20267

Joomla! Component Calendar Planner 1.0.1 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the categoryid parameter. Attackers can send GET requests to the events view with malicious SQL code in the categoryid parameter to extract sensiti...

8.8CVSS0.00334EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 4:16 p.m.11 views

CVE-2017-20266

Joomla SP Movie Database 1.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the searchword parameter. Attackers can send GET requests to the searchresults view with crafted SQL payloads in the...

8.8CVSS0.00334EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 4:16 p.m.14 views

CVE-2026-12619

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Microchip GridTime 3000 allows Cross-Site Scripting XSS. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0...

5.1CVSS0.0023EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 4:16 p.m.12 views

CVE-2017-20263

Joomla! Component FocalPoint Pro/Free 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=comfocalpoint, view=location, a...

8.8CVSS0.00334EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 4:16 p.m.12 views

CVE-2017-20264

Joomla! Component Sponsor Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the option=comsponsorwall&task=click&wallid...

7.1CVSS0.00241EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 4:16 p.m.13 views

CVE-2017-20261

Joomla! Component Bargain Product VM3 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can supply crafted SQL statements in GET requests to the brainy and alice...

8.8CVSS0.00334EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 4:16 p.m.12 views

CVE-2017-20259

Joomla OSDownloads 1.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=comosdownloads&view=item&id=SQL to extract sensiti...

8.8CVSS0.00334EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 4:16 p.m.13 views

CVE-2017-20258

Joomla! Component RPC Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=compofos&view=pofo&id=SQL ...

8.8CVSS0.00334EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 4:16 p.m.14 views

CVE-2017-20260

Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can send requests to the subscribeajax view with crafted SQL payloads in the...

8.8CVSS0.00334EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 4:16 p.m.11 views

CVE-2017-20255

Joomla! Component JB Visa 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the visatype parameter. Attackers can send GET requests to index.php with the option=combookpro and view=popup parameter...

8.8CVSS0.00334EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 4:16 p.m.13 views

CVE-2017-20262

Joomla! Component Ajax Quiz 1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cid parameter. Attackers can send GET requests to index.php with the option=comajaxquiz and view=ajaxquiz paramete...

8.8CVSS0.00334EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 4:16 p.m.13 views

CVE-2017-20257

Joomla! Component Quiz Deluxe 3.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands through the ajaxaction.flagquestion task. Attackers can inject malicious SQL code via the stuquizid or flagquest parameters to manipulate database...

8.8CVSS0.00334EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 4:16 p.m.17 views

CVE-2017-20256

Joomla Survey Force Deluxe 3.2.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the invite parameter. Attackers can send GET requests to the component with crafted SQL payloads in the invite...

8.8CVSS0.00334EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 4:16 p.m.12 views

CVE-2017-20254

Joomla! Component User Bench 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the userid parameter. Attackers can send GET requests to index.php with the option=comuserbench&view=detail&userid...

8.8CVSS0.00334EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 4:16 p.m.15 views

CVE-2017-20253

Joomla! Component My Projects 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the VerAyari parameter. Attackers can craft requests to the component endpoint with SQL injection payloads to extrac...

8.8CVSS0.00334EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 4:16 p.m.15 views

CVE-2017-20252

Joomla NextGen Editor 2.1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands through the plname parameter. Attackers can send GET requests to index.php with option=comnge&view=config and inject malicious SQL code in the plname paramet...

8.8CVSS0.00323EPSS
Exploits0References3
NVD
NVD
added 2026/06/19 3:16 p.m.15 views

CVE-2026-21768

The compose-rich-editor library v1.0.0-rc14 used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input thereby allowing malicious content to be executed in certain situations...

6.3CVSS0.00112EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 3:16 p.m.11 views

CVE-2026-49358

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, AbstractGenerator::$temporaryFiles is a public array, and removeTemporaryFiles — invoked from destruct and from a registered shutdown function — calls unlink on every entry without verifying...

3CVSS0.00112EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 3:16 p.m.11 views

CVE-2026-52910

In the Linux kernel, the following vulnerability has been resolved: bpf: Free reuseport cBPF prog after RCU grace period. Eulgyu Kim reported the splat below with a repro. 0 The repro sets up a UDP reuseport group with a cBPF prog and replaces it with a new one while another thread is sending a U...

7.8CVSS0.00103EPSS
Exploits0References11
NVD
NVD
added 2026/06/19 3:16 p.m.14 views

CVE-2026-52908

In the Linux kernel, the following vulnerability has been resolved: RDMA: During reregmr ensure that REREGACCESS is compatible If IBMRREREGACCESS changes from RO to RW then the umem has to be re-evaluated to ensure it is properly pinned as RW. Since the umem is hidden inside each driver's mr stru...

7.8CVSS0.00129EPSS
Exploits0References5
NVD
NVD
added 2026/06/19 3:16 p.m.11 views

CVE-2026-52909

In the Linux kernel, the following vulnerability has been resolved: ip6vti: set netnsimmutable on the fallback device. john1988 and Noam Rathaus reported that vti6initnet does not set the netnsimmutable flag on the per-netns fallback tunnel device ip6vti0. Other similar tunnel drivers like...

7.8CVSS0.0012EPSS
Exploits0References8
NVD
NVD
added 2026/06/19 3:16 p.m.11 views

CVE-2020-37254

Wondershare PDFelement 5.2.9 contains a privilege escalation vulnerability due to an unquoted service path in the WsAppService Windows service. Local attackers can place a malicious executable in the service path and execute code with LocalSystem privileges upon service restart or system reboot...

8.5CVSS0.0012EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 3:16 p.m.11 views

CVE-2023-54353

Chromacam 4.0.3.0 contains an unquoted service path vulnerability in the PsyFrameGrabberService that allows local attackers to execute arbitrary code by placing malicious executables in unquoted path directories. Attackers with write access to C:\ or subdirectories like C:\Program Files...

8.5CVSS0.0012EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 3:16 p.m.13 views

CVE-2020-37252

Realtek Audio Service 1.0.0.55 contains an unquoted service path vulnerability in RtkAudioService64.exe that allows local attackers to escalate privileges by injecting malicious code. Attackers can place executable files in the unquoted service path directory to execute arbitrary code with...

8.5CVSS0.00121EPSS
Exploits0References3
NVD
NVD
added 2026/06/19 3:16 p.m.13 views

CVE-2020-37253

Winstep 18.06.0096 contains an unquoted service path vulnerability in the Winstep Xtreme Service that allows local attackers to escalate privileges. Attackers can place malicious executables in the Program Files directory to be executed with LocalSystem privileges when the service starts...

8.5CVSS0.00109EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 3:16 p.m.11 views

CVE-2022-50971

Malwarebytes 4.5 contains an unquoted service path vulnerability in the MBAMService executable that allows local attackers to escalate privileges by injecting malicious code into the system root path. Attackers can place executable files in unquoted path directories that execute with LocalSystem...

8.5CVSS0.00205EPSS
Exploits1References4
NVD
NVD
added 2026/06/19 3:16 p.m.10 views

CVE-2021-47985

Brother SAPSprint 7.60 contains an unquoted service path vulnerability in the SAPSprint service binary that allows local attackers to escalate privileges. Attackers can place a malicious executable in the Program Files directory path to be executed with LocalSystem privileges when the service...

8.5CVSS0.00115EPSS
Exploits0References3
NVD
NVD
added 2026/06/19 3:16 p.m.13 views

CVE-2025-71326

AVAST Antivirus 25.11 contains an unquoted service path vulnerability in the SecureLine service that allows local non-privileged users to execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that...

8.5CVSS0.00127EPSS
Exploits0References3
NVD
NVD
added 2026/06/19 3:16 p.m.9 views

CVE-2016-20093

Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted service path vulnerabilities in the WiseBootAssistant and SpyHunter 4 Service respectively, allowing local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that...

8.5CVSS0.0012EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 3:16 p.m.11 views

CVE-2016-20095

Matrix42 Remote Control Host 3.20.0031 contains an unquoted service path vulnerability in the FastViewerRemoteService and FastViewerRemoteProxy services that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can place a malicious executable in the Program Files...

8.5CVSS0.00119EPSS
Exploits0References3
NVD
NVD
added 2026/06/19 3:16 p.m.10 views

CVE-2019-25747

Network Inventory Advisor 5.0.26.0 installs the niaservice service with an unquoted binary path that allows local attackers to escalate privileges by placing malicious executables in intermediate directories. Attackers can exploit the unquoted path in the service configuration to execute arbitrar...

8.5CVSS0.0012EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 3:16 p.m.10 views

CVE-2016-20094

AnyDesk 2.5.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation. Attackers can insert malicious executables in the system root path that execute with elevated privileges during applicatio...

8.5CVSS0.00181EPSS
Exploits1References4
NVD
NVD
added 2026/06/19 3:16 p.m.9 views

CVE-2020-37250

TFTP Broadband 4.3.0.1465 contains an unquoted service path vulnerability in the tftpt.exe service binary that allows local attackers to execute arbitrary code with system privileges. Attackers can place a malicious executable in the Program Files directory path that will be executed during servi...

8.5CVSS0.00119EPSS
Exploits0References3
NVD
NVD
added 2026/06/19 3:16 p.m.10 views

CVE-2020-37251

RealTimes Desktop Service 18.1.4 contains an unquoted service path vulnerability in the rpdsvc.exe binary that allows local attackers to escalate privileges. Attackers can place malicious executables in unquoted path directories to execute arbitrary code with LocalSystem privileges during service...

8.5CVSS0.00119EPSS
Exploits0References3
NVD
NVD
added 2026/06/19 3:16 p.m.13 views

CVE-2016-20092

NetDrive 2.6.12 contains an unquoted service path vulnerability in the Netdrive2ServiceNetdrive2 service that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that will be executed during service startup or...

8.5CVSS0.0012EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 3:16 p.m.8 views

CVE-2016-20086

Vembu StoreGrid 4.0 contains an unquoted service path vulnerability in the RemoteBackup and RemoteBackupwebServer services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and restart the service to execute code with LocalSystem...

8.5CVSS0.00114EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 3:16 p.m.10 views

CVE-2016-20088

Comodo Chromodo Browser 52.15.25.664 contains an unquoted service path vulnerability in the ChromodoUpdater service that runs with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevated privileges upon service restart or...

8.5CVSS0.0012EPSS
Exploits0References5
NVD
NVD
added 2026/06/19 3:16 p.m.11 views

CVE-2016-20090

Comodo Dragon Browser versions up to 52.15.25.663 contain a privilege escalation vulnerability in the DragonUpdater service due to an unquoted service path running with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevat...

8.5CVSS0.00122EPSS
Exploits0References5
NVD
NVD
added 2026/06/19 3:16 p.m.10 views

CVE-2016-20089

Iperius Remote 1.7.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation path. When installed from directories containing spaces, attackers can place malicious executables in the path to be...

8.5CVSS0.00122EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 3:16 p.m.11 views

CVE-2016-20087

Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated privileges by exploiting the service binary path. Attackers can insert malicious executables in the system root path that execute with SYSTEM privileges during...

8.5CVSS0.0012EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 3:16 p.m.14 views

CVE-2016-20091

Windows Firewall Control 4.8.6.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by inserting malicious executables in the service path. Attackers can place executable files in unquoted path directories that the wfcs.exe service will execute with...

8.5CVSS0.00113EPSS
Exploits0References3
NVD
NVD
added 2026/06/19 3:16 p.m.11 views

CVE-2016-20085

Realtek High Definition Audio Driver 6.0.1.6730 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by placing a malicious executable in the service path. Attackers can insert an executable file in the unquoted path and restart the service to execute...

8.5CVSS0.00114EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 2:16 p.m.11 views

CVE-2026-4027

A security vulnerability has been identified in FlexNet Manager Suite 2025 R1 and R2 that could allow unauthorized access to attachment files due to insufficient access control...

7.1CVSS0.00207EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 2:16 p.m.12 views

CVE-2026-9142

There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback. This may allow an unauthenticated user access to the server on the local network. This affects NI grpc-device 2.17.0 and prior versions...

9.3CVSS0.00308EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 2:16 p.m.12 views

CVE-2026-9143

There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGen. This may silently discard high bits if a size value exceeded the target type's range. This affects NI grpc-device 2.17.0 and prior versions...

6.3CVSS0.0018EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 2:16 p.m.14 views

CVE-2026-4026

A security vulnerability has been identified in FlexNet Manager Suite 2025 R1 that could allow an authenticated user with read-only access to account settings to escalate their privileges to Administrator level...

8.7CVSS0.00255EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 2:16 p.m.10 views

CVE-2026-49230

Improper Validation of Integrity Check Value vulnerability in Apache APISIX. The jwe-decrypt plugin under default configuration is vulnerable to authentication bypass. This issue affects Apache APISIX: from 3.8.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the...

9.1CVSS0.00224EPSS
Exploits0References2
Total number of security vulnerabilities363816