Total
332166 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-37160 | 1 Microsoft | 1 Windows | 2026-02-10 | 6.2 Medium |
| SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. Local unprivileged users can exploit missing executable files and weak service configurations to create a new administrative user and gain complete system access. | ||||
| CVE-2020-37161 | 1 Wedding Slideshow Studio | 1 Wedding Slideshow Studio | 2026-02-10 | 9.8 Critical |
| Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the registration name field with malicious payload. Attackers can craft a specially designed payload to trigger remote code execution, demonstrating the ability to run system commands like launching the calculator. | ||||
| CVE-2020-37162 | 1 Wedding Slideshow Studio | 1 Wedding Slideshow Studio | 2026-02-10 | 9.8 Critical |
| Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability in the registration key input that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload of 1608 bytes to trigger a stack-based buffer overflow and execute commands through the registration key field. | ||||
| CVE-2025-57529 | 1 Youdatasum | 1 Cpas Audit Management System | 2026-02-10 | 9.8 Critical |
| YouDataSum CPAS Audit Management System <=v4.9 is vulnerable to SQL Injection in /cpasList/findArchiveReportByDah due to insufficient input validation. This allows remote unauthenticated attackers to execute arbitrary SQL commands via crafted input to the parameter. Successful exploitation could lead to unauthorized data access | ||||
| CVE-2020-37163 | 1 Quickdate | 1 Quickdate | 2026-02-10 | 8.2 High |
| QuickDate 1.3.2 contains a SQL injection vulnerability that allows remote attackers to manipulate database queries through the '_located' parameter in the find_matches endpoint. Attackers can inject UNION-based SQL statements to extract database information including user credentials, database name, and system version. | ||||
| CVE-2020-37164 | 1 Celestial Software | 1 Absolutetelnet | 2026-02-10 | 6.2 Medium |
| AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character payload and paste it into the license entry field to trigger an application crash. | ||||
| CVE-2020-37165 | 1 Celestial Software | 1 Absolutetelnet | 2026-02-10 | 6.2 Medium |
| AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character payload and paste it into the license name field to trigger an application crash. | ||||
| CVE-2020-37166 | 1 Celestial Software | 1 Absolutetelnet | 2026-02-10 | 6.2 Medium |
| AbsoluteTelnet 11.12 contains a denial of service vulnerability in the SSH2 username input field that allows local attackers to crash the application. Attackers can overwrite the username field with a 1000-byte buffer, causing the application to become unresponsive and terminate. | ||||
| CVE-2020-37170 | 1 Raimersoft | 1 Tapinradio | 2026-02-10 | 6.2 Medium |
| TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy address configuration that allows local attackers to crash the application. Attackers can overwrite the address field with 3000 bytes of arbitrary data to trigger an application crash and prevent normal program functionality. | ||||
| CVE-2020-37171 | 1 Raimersoft | 1 Tapinradio | 2026-02-10 | 6.2 Medium |
| TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy username configuration that allows local attackers to crash the application. Attackers can overwrite the username field with 10,000 bytes of arbitrary data to trigger an application crash and prevent normal program functionality. | ||||
| CVE-2020-37079 | 1 Winftp Server | 1 Winftp Server | 2026-02-10 | 4.3 Medium |
| Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery (CSRF) vulnerability in the web administration interface that allows attackers to delete admin users. Attackers can craft a malicious HTML page with a hidden form to submit a request that deletes the administrative user account without proper authorization. | ||||
| CVE-2025-60865 | 1 Avanquest | 2 Driver Updater, Pc Helpsoft Driver Updater | 2026-02-10 | 7.8 High |
| Insecure Permissions vulnerability in avanquest Driver Updater v.9.1.57803.1174 allows a local attacker to escalate privileges via the Driver Updater Service windows component. | ||||
| CVE-2025-64093 | 1 Zenitel | 4 Icx500, Icx500 Firmware, Icx510 and 1 more | 2026-02-10 | 10 Critical |
| Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device. | ||||
| CVE-2025-14598 | 1 Cloudilyaerp | 1 Bet E-portal | 2026-02-10 | 9.8 Critical |
| BeeS Software Solutions BET Portal contains an SQL injection vulnerability in the login functionality of affected sites. The vulnerability enables arbitrary SQL commands to be executed on the backend database. | ||||
| CVE-2025-67133 | 1 Heromotocorp | 2 Vida V1 Pro, Vida V1 Pro Firmware | 2026-02-10 | 7.5 High |
| An issue in Hero Motocorp Vida V1 Pro 2.0.7 allows a local attacker to cause a denial of service via the BLE component | ||||
| CVE-2026-1478 | 1 Quatuor | 1 Evaluacion De Desempeno | 2026-02-10 | 7.5 High |
| An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Id_usuario' and 'Id_evaluacion’ in ‘/evaluacion_hca_evalua.aspx’, could allow an attacker to extract sensitive information from the database through external channels, without the affected application returning the data directly, compromising the confidentiality of the stored information. | ||||
| CVE-2026-1483 | 1 Quatuor | 1 Evaluacion De Desempeno | 2026-02-10 | 7.5 High |
| An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Id_usuario' in '/evaluacion_objetivos_ver_auto.aspx', could allow an attacker to extract sensitive information from the database through external channels, without the affected application returning the data directly, compromising the confidentiality of the stored information. | ||||
| CVE-2026-1472 | 1 Quatuor | 1 Evaluacion De Desempeno | 2026-02-10 | 7.5 High |
| An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'txAny' in '/evaluacion_competencias_autoeval_list.aspx', could allow an attacker to extract sensitive information from the database through external channels, without the affected application returning the data directly, compromising the confidentiality of the stored information. | ||||
| CVE-2026-1473 | 1 Quatuor | 1 Evaluacion De Desempeno | 2026-02-10 | 7.5 High |
| An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Id_usuario’ in '/evaluacion_competencias_evalua.aspx', could allow an attacker to extract sensitive information from the database through external channels, without the affected application returning the data directly, compromising the confidentiality of the stored information. | ||||
| CVE-2026-0817 | 2 Mediawiki, Wikimedia | 3 Mediawiki, Campaignevents, Mediawiki-campaignevents Extension | 2026-02-10 | 5.3 Medium |
| Missing Authorization vulnerability in Wikimedia Foundation MediaWiki - CampaignEvents extension allows Privilege Abuse.This issue affects MediaWiki - CampaignEvents extension: 1.45, 1.44, 1.43, 1.39. | ||||