Export limit exceeded: 76307 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76307 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-58340 | 2 Langchain, Langchain-ai | 3 Langchain, Langchain Core, Langchain | 2026-03-05 | 7.5 High |
| LangChain versions up to and including 0.3.1 contain a regular expression denial-of-service (ReDoS) vulnerability in the MRKLOutputParser.parse() method (libs/langchain/langchain/agents/mrkl/output_parser.py). The parser applies a backtracking-prone regular expression when extracting tool actions from model output. An attacker who can supply or influence the parsed text (for example via prompt injection in downstream applications that pass LLM output directly into MRKLOutputParser.parse()) can trigger excessive CPU consumption by providing a crafted payload, causing significant parsing delays and a denial-of-service condition. | ||||
| CVE-2023-54333 | 2 Artlosk, Wordpress | 2 Social Share Buttons, Wordpress | 2026-03-05 | 8.2 High |
| Social-Share-Buttons 2.2.3 contains a critical SQL injection vulnerability in the project_id parameter that allows attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted POST requests with malicious SQL payloads to retrieve and potentially steal entire database contents. | ||||
| CVE-2023-54331 | 1 Getoutline | 1 Outline | 2026-03-05 | 7.8 High |
| Outline 1.6.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the OutlineService executable to inject malicious code that will be executed with LocalSystem permissions. | ||||
| CVE-2022-50939 | 1 E107 | 2 E107, E107 Cms | 2026-03-05 | 7.2 High |
| e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. The vulnerability exists in the Media Manager's remote URL upload functionality (image.php) where the upload_caption parameter is not properly sanitized. An attacker with administrative privileges can use directory traversal sequences (../../../) in the upload_caption field to overwrite critical system files outside the intended upload directory. This can lead to complete compromise of the web application by overwriting configuration files, executable scripts, or other critical system components. The vulnerability was discovered by Hubert Wojciechowski and affects the image.php component in the admin interface. | ||||
| CVE-2022-50936 | 1 Wbce | 1 Wbce Cms | 2026-03-05 | 8.8 High |
| WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by crafting a specially designed zip file payload. | ||||
| CVE-2022-50931 | 1 Teamspeak | 1 Teamspeak | 2026-03-05 | 7.8 High |
| TeamSpeak 3.5.6 contains an insecure file permissions vulnerability that allows local attackers to replace executable files with malicious binaries. Attackers can replace system executables like ts3client_win32.exe with custom files to potentially gain SYSTEM or Administrator-level access. | ||||
| CVE-2022-50924 | 1 Privateinternetaccess | 2 Private Internet Access, Private Internet Access Vpn Client | 2026-03-05 | 8.4 High |
| Private Internet Access 3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem permissions during service startup. | ||||
| CVE-2022-50923 | 1 Cobiansoft | 1 Cobian Backup | 2026-03-05 | 7.8 High |
| Cobian Backup 0.9 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CobianReflectorService to inject malicious code that will execute with LocalSystem permissions during service startup. | ||||
| CVE-2022-50920 | 2 Sandboxie, Sandboxie-plus | 2 Sandboxie, Sandboxie | 2026-03-05 | 8.4 High |
| Sandboxie-Plus 5.50.2 contains an unquoted service path vulnerability in the SbieSvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup. | ||||
| CVE-2022-50917 | 2 Proton, Protonvpn | 2 Protonvpn, Protonvpn | 2026-03-05 | 7.8 High |
| ProtonVPN 1.26.0 contains an unquoted service path vulnerability in its WireGuard service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path by placing malicious executables in specific file system locations to gain elevated privileges during service startup. | ||||
| CVE-2022-50916 | 1 E107 | 2 E107, E107 Cms | 2026-03-05 | 7.2 High |
| e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators to override server files through the Media Manager import functionality. Attackers can exploit the upload mechanism by manipulating the upload URL parameter to overwrite existing files like top.php in the web application directory. | ||||
| CVE-2022-50915 | 1 Primera | 1 Ptpublisher | 2026-03-05 | 7.8 High |
| PTPublisher 2.3.4 contains an unquoted service path vulnerability in the PTProtect service that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Primera Technology\PTPublisher\UsbFlashDongleService.exe' to inject malicious executables and gain system-level access. | ||||
| CVE-2022-50907 | 1 E107 | 2 E107, E107 Cms | 2026-03-05 | 7.2 High |
| e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrative users to bypass upload restrictions and execute PHP files. Attackers can upload malicious PHP files to parent directories by manipulating the upload URL parameter, enabling remote code execution through the Media Manager import feature. | ||||
| CVE-2022-50903 | 1 Wondershare | 1 Mobiletrans | 2026-03-05 | 8.4 High |
| Wondershare MobileTrans 3.5.9 contains an unquoted service path vulnerability in the ElevationService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path by placing malicious executables in specific filesystem locations that will be executed with LocalSystem permissions during service startup. | ||||
| CVE-2022-50901 | 1 Wondershare | 1 Dr.fone | 2026-03-05 | 8.4 High |
| Wondershare Dr.Fone 11.4.9 contains an unquoted service path vulnerability in the DFWSIDService that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Wondershare\Wondershare Dr.Fone\ to inject malicious executables that would run with LocalSystem privileges. | ||||
| CVE-2022-50900 | 1 Wondershare | 1 Dr.fone | 2026-03-05 | 8.4 High |
| Wondershare Dr.Fone 12.0.18 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path to insert malicious code that will be executed with LocalSystem permissions during service startup. | ||||
| CVE-2022-50806 | 1 4homepages | 1 4images | 2026-03-05 | 7.2 High |
| 4images 1.9 contains a remote command execution vulnerability that allows authenticated administrators to inject reverse shell code through template editing functionality. Attackers can save malicious code in the template and execute arbitrary commands by accessing a specific categories.php endpoint with a crafted cat_id parameter. | ||||
| CVE-2022-50805 | 1 Slims | 1 Senayan Library Management System | 2026-03-05 | 8.2 High |
| Senayan Library Management System 9.0.0 contains a SQL injection vulnerability in the 'class' parameter that allows attackers to inject malicious SQL queries. Attackers can exploit the vulnerability by submitting crafted payloads to manipulate database queries and potentially extract sensitive information. | ||||
| CVE-2022-50693 | 1 Splashtop | 1 Splashtop | 2026-03-05 | 8.4 High |
| Splashtop 8.71.12001.0 contains an unquoted service path vulnerability in the Splashtop Software Updater Service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Splashtop\Splashtop Software Updater\ to inject malicious executables and escalate privileges. | ||||
| CVE-2021-47918 | 2 Simple-cms Project, Simplephpscripts | 3 Simple Cms, Simple Cms, Simple Cms Php | 2026-03-05 | 8.1 High |
| Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application. | ||||