Search

Search Results (364285 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-58340 2 Langchain, Langchain-ai 3 Langchain, Langchain Core, Langchain 2026-03-05 7.5 High
LangChain versions up to and including 0.3.1 contain a regular expression denial-of-service (ReDoS) vulnerability in the MRKLOutputParser.parse() method (libs/langchain/langchain/agents/mrkl/output_parser.py). The parser applies a backtracking-prone regular expression when extracting tool actions from model output. An attacker who can supply or influence the parsed text (for example via prompt injection in downstream applications that pass LLM output directly into MRKLOutputParser.parse()) can trigger excessive CPU consumption by providing a crafted payload, causing significant parsing delays and a denial-of-service condition.
CVE-2023-54341 2 Jokkedk, Webgrind Project 2 Webgrind, Webgrind 2026-03-05 6.1 Medium
Webgrind 1.1 and before contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts via the file parameter in index.php. The application does not sufficiently encode user-controlled inputs, allowing attackers to execute arbitrary JavaScript in victim's browsers by crafting malicious URLs.
CVE-2023-54339 2 Jokkedk, Webgrind Project 2 Webgrind, Webgrind 2026-03-05 9.8 Critical
Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated attackers to inject OS commands via the dataFile parameter in index.php. Attackers can execute arbitrary system commands by manipulating the dataFile parameter, such as using payload '0%27%26calc.exe%26%27' to execute commands on the target system.
CVE-2023-54337 1 Sysax 1 Multi Server 2026-03-05 9.1 Critical
Sysax Multi Server 6.95 contains a denial of service vulnerability in the administrative password field that allows attackers to crash the application. Attackers can overwrite the password field with 800 bytes of repeated characters to trigger an application crash and disrupt server functionality.
CVE-2023-54332 1 Automattic 2 Jetpack, Jetpack Boost 2026-03-05 6.1 Medium
Jetpack 11.4 contains a cross-site scripting vulnerability in the contact form module that allows attackers to inject malicious scripts through the post_id parameter. Attackers can craft malicious URLs with script payloads to execute arbitrary JavaScript in victims' browsers when they interact with the contact form page.
CVE-2023-54331 1 Getoutline 1 Outline 2026-03-05 7.8 High
Outline 1.6.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the OutlineService executable to inject malicious code that will be executed with LocalSystem permissions.
CVE-2023-54330 2 Inbit, Yahoo 2 Inbit Messenger, Messenger 2026-03-05 9.8 Critical
Inbit Messenger versions 4.6.0 to 4.9.0 contain a remote stack-based buffer overflow vulnerability that allows unauthenticated attackers to execute arbitrary code by sending malformed network packets. Attackers can craft a specially designed payload targeting the messenger's network handler to overwrite the Structured Exception Handler (SEH) and execute shellcode on vulnerable Windows systems.
CVE-2023-54329 2 Inbit, Yahoo 2 Inbit Messenger, Messenger 2026-03-05 9.8 Critical
Inbit Messenger 4.6.0 - 4.9.0 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by exploiting a stack overflow in the messenger's protocol. Attackers can send specially crafted XML packets to port 10883 with a malicious payload to trigger the vulnerability and execute commands with system privileges.
CVE-2022-50936 1 Wbce 1 Wbce Cms 2026-03-05 8.8 High
WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by crafting a specially designed zip file payload.
CVE-2022-50931 1 Teamspeak 1 Teamspeak 2026-03-05 7.8 High
TeamSpeak 3.5.6 contains an insecure file permissions vulnerability that allows local attackers to replace executable files with malicious binaries. Attackers can replace system executables like ts3client_win32.exe with custom files to potentially gain SYSTEM or Administrator-level access.
CVE-2022-50923 1 Cobiansoft 1 Cobian Backup 2026-03-05 7.8 High
Cobian Backup 0.9 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CobianReflectorService to inject malicious code that will execute with LocalSystem permissions during service startup.
CVE-2022-50919 1 Tdarr 1 Tdarr 2026-03-05 9.8 Critical
Tdarr 2.00.15 contains an unauthenticated remote code execution vulnerability in its Help terminal that allows attackers to inject and chain arbitrary commands. Attackers can exploit the lack of input filtering by chaining commands like `--help; curl .py | python` to execute remote code without authentication.
CVE-2022-50912 1 Impresscms 1 Impresscms 2026-03-05 9.8 Critical
ImpressCMS 1.4.4 contains a file upload vulnerability with weak extension sanitization that allows attackers to upload potentially malicious files. Attackers can bypass file upload restrictions by using alternative file extensions .php2.php6.php7.phps.pht to execute arbitrary PHP code on the server.
CVE-2022-50910 2 Beehive Forum, Beehiveforum 2 Beehive Forum, Beehive Forum 2026-03-05 9.8 Critical
Beehive Forum 1.5.2 contains a host header injection vulnerability in the forgot password functionality that allows attackers to manipulate password reset requests. Attackers can inject a malicious host header to intercept password reset tokens and change victim account passwords without direct authentication.
CVE-2022-50903 1 Wondershare 1 Mobiletrans 2026-03-05 8.4 High
Wondershare MobileTrans 3.5.9 contains an unquoted service path vulnerability in the ElevationService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path by placing malicious executables in specific filesystem locations that will be executed with LocalSystem permissions during service startup.
CVE-2022-50901 1 Wondershare 1 Dr.fone 2026-03-05 8.4 High
Wondershare Dr.Fone 11.4.9 contains an unquoted service path vulnerability in the DFWSIDService that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Wondershare\Wondershare Dr.Fone\ to inject malicious executables that would run with LocalSystem privileges.
CVE-2022-50900 1 Wondershare 1 Dr.fone 2026-03-05 8.4 High
Wondershare Dr.Fone 12.0.18 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path to insert malicious code that will be executed with LocalSystem permissions during service startup.
CVE-2022-50897 3 Fkrauthan, Mpdf1, Mpdf Project 3 Wp-mpdf, Mpdf, Mpdf 2026-03-05 5.5 Medium
mPDF 7.0 contains a local file inclusion vulnerability that allows attackers to read arbitrary system files by manipulating annotation file parameters. Attackers can generate URL-encoded or base64 payloads to include local files through crafted annotation content with file path specifications.
CVE-2021-47919 2 Simple-cms Project, Simplephpscripts 3 Simple Cms, Simple Cms, Simple Cms Php 2026-03-05 6.4 Medium
Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerability in the preview.php file's id parameter. Attackers can inject malicious script code through a GET request to execute arbitrary scripts and potentially hijack user sessions or perform phishing attacks.
CVE-2021-47918 2 Simple-cms Project, Simplephpscripts 3 Simple Cms, Simple Cms, Simple Cms Php 2026-03-05 8.1 High
Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application.