Search

Search Results (213480 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-21840 1 Microsoft 10 365 Apps, Excel, Office and 7 more 2026-05-19 8.8 High
Microsoft Office Remote Code Execution Vulnerability
CVE-2021-42293 1 Microsoft 3 365 Apps, Office, Office Long Term Servicing Channel 2026-05-19 6.5 Medium
Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability
CVE-2021-42295 1 Microsoft 3 365 Apps, Office, Office Long Term Servicing Channel 2026-05-19 5.5 Medium
Visual Basic for Applications Information Disclosure Vulnerability
CVE-2021-42296 1 Microsoft 2 365 Apps, Office Long Term Servicing Channel 2026-05-19 7.8 High
Microsoft Word Remote Code Execution Vulnerability
CVE-2021-43255 1 Microsoft 3 365 Apps, Office, Office Long Term Servicing Channel 2026-05-19 5.5 Medium
Microsoft Office Trust Center Spoofing Vulnerability
CVE-2021-43256 1 Microsoft 8 365 Apps, Excel, Excel Rt and 5 more 2026-05-19 7.8 High
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-43875 1 Microsoft 3 365 Apps, Office, Office Long Term Servicing Channel 2026-05-19 7.8 High
Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2018-10626 1 Medtronic 4 Mycarelink 24950 Patient Monitor, Mycarelink 24950 Patient Monitor Firmware, Mycarelink 24952 Patient Monitor and 1 more 2026-05-19 4.4 Medium
Medtronic MyCareLink Patient Monitor’s update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data to the Medtronic CareLink network.
CVE-2020-28271 1 Sharpred 1 Deephas 2026-05-19 9.8 Critical
Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution.
CVE-2018-25330 1 Joomlaextensions 1 Joomla! Extension Ekrishta 2026-05-18 8.2 High
Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when users visit the profile, or submit SQL injection payloads via the phone_no parameter to the user_setting endpoint to manipulate database queries.
CVE-2018-25324 2 Simple Fields Project, Wordpress 2 Simple Fields, Wordpress 2026-05-18 6.2 Medium
Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting null bytes into the wp_abspath parameter on PHP versions before 5.3.4. Attackers can supply malicious wp_abspath values to simple_fields.php to include files like /etc/passwd or inject PHP code into Apache logs for remote code execution when allow_url_include is enabled.
CVE-2021-47981 1 Opensolution 2 Quick.cms, Quick.cms.ext 2026-05-18 5.4 Medium
Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting XSS payloads through the sDescription parameter. Attackers can craft CSRF forms targeting the admin.php?p=sliders-form endpoint to execute arbitrary JavaScript in victim browsers when the form is submitted.
CVE-2021-47969 1 Color-notes 1 Color Notes 2026-05-18 7.5 High
Color Notes 1.4 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350,000 repeated characters and paste it twice into a new note to cause the application to stop responding.
CVE-2020-37243 3 Supsystic, Wordpress, Wpdarko 3 Price Table, Wordpress, Responsive Pricing Table 2026-05-18 8.2 High
Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl action. The plugin also contains stored cross-site scripting vulnerabilities in the 'Edit name' and 'Edit HTML' fields that execute malicious scripts when viewing pricing tables.
CVE-2020-37237 1 Compo 1 Composr Cms 2026-05-18 6.4 Medium
Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin credentials can inject XSS payloads in the Description field of the Add banner functionality, which execute for all website visitors when they access the home page.
CVE-2020-37231 1 Cybertronsoft 1 Privacy Drive 2026-05-18 7.8 High
Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service binary that allows local attackers to escalate privileges by exploiting the service startup process. Attackers can place malicious executables in the unquoted path directories to execute arbitrary code with LocalSystem privileges during service startup or system reboot.
CVE-2021-47971 1 My-notes-safe 1 My Notes Safe 2026-05-18 7.5 High
My Notes Safe 5.3 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a new note to trigger an application crash.
CVE-2021-47954 1 Layerbb 1 Layerbb 2026-05-18 8.2 High
LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the search_query parameter. Attackers can send POST requests to /search.php with malicious search_query values using CASE WHEN statements to extract sensitive database information.
CVE-2020-37227 2 Heliossolutions, Wordpress 2 Hs Brand Logo Slider, Wordpress 2026-05-18 8.8 High
HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to executable extensions .php to achieve remote code execution.
CVE-2020-37233 2 Boonebgorges, Wordpress 3 Buddypress Docs, Buddypress Cover, Wordpress 2026-05-18 6.4 Medium
WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers with moderator privileges to inject malicious script code through the figure parameter in wp:html blocks. Attackers can inject iframe elements with event handlers like onload that execute when administrators or privileged users preview or view the affected page content, enabling session hijacking and persistent phishing attacks.