Export limit exceeded: 363719 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363719 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-50894 1 Viaviweb 1 Wallpaper Admin 2026-04-07 6.5 Medium
VIAVIWEB Wallpaper Admin 1.0 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the img_id parameter. Attackers can send GET requests to edit_gallery_image.php with malicious img_id values to extract database information.
CVE-2022-50893 1 Viaviweb 1 Wallpaper Admin 2026-04-07 9.8 Critical
VIAVIWEB Wallpaper Admin 1.0 contains an unauthenticated remote code execution vulnerability in the image upload functionality. Attackers can upload a malicious PHP file through the add_gallery_image.php endpoint to execute arbitrary code on the server.
CVE-2022-50892 1 Viaviweb 1 Wallpaper Admin 2026-04-07 8.2 High
VIAVIWEB Wallpaper Admin 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating login credentials. Attackers can exploit the login page by injecting 'admin' or 1=1-- - payload to gain unauthorized access to the administrative interface.
CVE-2022-50891 2 Apple, Skyjos 7 Ipados, Iphone Os, Macos and 4 more 2026-04-07 5 Medium
Owlfiles File Manager 12.0.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the path parameter in HTTP server endpoints. Attackers can craft URLs targeting the download and list endpoints with embedded script tags to execute arbitrary JavaScript in users' browsers.
CVE-2022-50890 2 Apple, Skyjos 7 Ipados, Iphone Os, Macos and 4 more 2026-04-07 7.5 High
Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. Attackers can exploit the vulnerability by crafting GET requests with directory traversal sequences to access restricted system directories on the device.
CVE-2022-50806 1 4homepages 1 4images 2026-04-07 7.2 High
4images 1.9 contains a remote command execution vulnerability that allows authenticated administrators to inject reverse shell code through template editing functionality. Attackers can save malicious code in the template and execute arbitrary commands by accessing a specific categories.php endpoint with a crafted cat_id parameter.
CVE-2021-47860 2 Get-simple, Getsimple-ce 2 Getsimplecms, Getsimple Cms 2026-04-07 5.3 Medium
GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers can craft a malicious website that triggers a cross-site scripting payload to execute remote code on the hosting server when an authenticated administrator visits the page.
CVE-2021-47830 2 Get-simple, Getsimple-ce 2 Getsimplecms, Getsimple Cms 2026-04-07 6.5 Medium
GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not directly enable remote code execution.
CVE-2021-47812 1 Getgrav 2 Grav, Grav Cms 2026-04-07 9.8 Critical
GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce parameter to inject base64-encoded payloads and create malicious custom jobs with system command execution.
CVE-2021-47808 1 Cotonti 1 Cotonti Siena 2026-04-07 5.4 Medium
Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page.
CVE-2026-5663 1 Offis 1 Dcmtk 2026-04-07 7.3 High
A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The patch is named edbb085e45788dccaf0e64d71534cfca925784b8. Applying a patch is the recommended action to fix this issue.
CVE-2021-47789 1 Yenkee 3 Hornet Gaming Mouse, Yms 3029, Yms 3029 Firmware 2026-04-07 7.5 High
Yenkee Hornet Gaming Mouse driver GM312Fltr.sys contains a buffer overrun vulnerability that allows attackers to crash the system by sending oversized input. Attackers can exploit the driver by sending a 2000-byte buffer through DeviceIoControl to trigger a kernel-level system crash.
CVE-2021-47787 1 Totalav 1 Totalav 2026-04-07 7.8 High
TotalAV 5.15.69 contains an unquoted service path vulnerability in multiple system services running with LocalSystem privileges. Attackers can place malicious executables in specific unquoted path segments to potentially gain SYSTEM-level access by exploiting the service path configuration.
CVE-2021-47786 1 Redragon 29 Bm-4091, Bm-4091 Firmware, Gaming Mouse and 26 more 2026-04-07 7.5 High
Redragon Gaming Mouse driver contains a kernel-level vulnerability that allows attackers to trigger a denial of service by sending malformed IOCTL requests. Attackers can send a crafted 2000-byte buffer with specific byte patterns to the REDRAGON_MOUSE device to crash the kernel driver.
CVE-2021-47783 1 Phpwcms 1 Phpwcms 2026-04-07 5.4 Medium
Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks on the platform.
CVE-2021-47779 1 Dolibarr 3 Dolibarr, Dolibarr Erp/crm, Dolibarr Erp\/crm 2026-04-07 5.4 Medium
Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. Attackers can craft a specially designed ticket message with embedded JavaScript that triggers when an administrator copies the text, potentially enabling privilege escalation.
CVE-2021-47778 1 Get-simple 1 Getsimplecms 2026-04-07 7.2 High
GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server.
CVE-2021-47776 1 Umbraco 3 Umbraco, Umbraco Cms, Umbraco Forms 2026-04-07 5.3 Medium
Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and GetRemoteDashboardCss endpoints to trigger unauthorized server-side requests to external hosts.
CVE-2021-47755 1 Softlinkint 2 Oliver Library Server, Oliver V5 Library 2026-04-07 7.5 High
Oliver Library Server v5 contains a file download vulnerability that allows unauthenticated attackers to access arbitrary system files through unsanitized input in the FileServlet endpoint. Attackers can exploit the vulnerability by manipulating the 'fileName' parameter to download sensitive files from the server's filesystem.
CVE-2021-47754 1 Arunna 1 Arunna 2026-04-07 6.5 Medium
Arunna 1.0.0 contains a cross-site request forgery vulnerability that allows attackers to manipulate user profile settings without authentication. Attackers can craft a malicious form to change user details, including passwords, email, and administrative privileges by tricking authenticated users into submitting the form.