Export limit exceeded: 24482 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9808 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-23852 | 2 B3log, Siyuan | 2 Siyuan, Siyuan | 2026-01-30 | 9.6 Critical |
| SiYuan is a personal knowledge management system. Versions prior to 3.5.4 have a stored Cross-Site Scripting (XSS) vulnerability that allows an attacker to inject arbitrary HTML attributes into the `icon` attribute of a block via the `/api/attr/setBlockAttrs` API. The payload is later rendered in the dynamic icon feature in an unsanitized context, leading to stored XSS and, in the desktop environment, potential remote code execution (RCE). This issue bypasses the previous fix for issue `#15970` (XSS → RCE via dynamic icons). Version 3.5.4 contains an updated fix. | ||||
| CVE-2020-37012 | 1 Ammarfaizi2 | 1 Tea Latex | 2026-01-30 | 9.8 Critical |
| Tea LaTex 1.0 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary shell commands through the /api.php endpoint. Attackers can craft a malicious LaTeX payload with shell commands that are executed when processed by the application's tex2png API action. | ||||
| CVE-2020-37009 | 1 Meddream | 1 Pacs Server | 2026-01-30 | 8.8 High |
| MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevated privileges. | ||||
| CVE-2020-37000 | 1 Cleanersoft | 1 Free Mp3 Cd Ripper | 2026-01-30 | 9.8 Critical |
| Free MP3 CD Ripper 2.8 contains a stack buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting a malicious WAV file with oversized payload. Attackers can leverage a specially crafted exploit file with shellcode, SEH bypass, and egghunter technique to achieve remote code execution on vulnerable Windows systems. | ||||
| CVE-2025-67325 | 1 Webkul | 1 Qloapps | 2026-01-30 | 9.8 Critical |
| Unrestricted file upload in the hotel review feature in QloApps versions 1.7.0 and earlier allows remote unauthenticated attackers to achieve remote code execution. | ||||
| CVE-2025-66913 | 1 Jeecg | 1 Jimureport | 2026-01-30 | 9.8 Critical |
| JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-controlled H2 JDBC URLs. The application passes the attacker-supplied JDBC URL directly to the H2 driver, allowing the use of certain directives to execute arbitrary Java code. A different vulnerability than CVE-2025-10770. | ||||
| CVE-2021-47788 | 1 Websitebaker | 1 Websitebaker | 2026-01-30 | 8.8 High |
| WebsiteBaker 2.13.0 contains an authenticated remote code execution vulnerability that allows users with language editing permissions to execute arbitrary code. Attackers can exploit the language installation endpoint by manipulating language installation parameters to achieve remote code execution on the server. | ||||
| CVE-2026-22793 | 2 5ire, Nanbingxyz | 2 5ire, 5ire | 2026-01-29 | 9.7 Critical |
| 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the renderer context. This can lead to Remote Code Execution (RCE) in environments where privileged APIs (such as Electron’s electron.mcp) are exposed, resulting in full compromise of the host system. Version 0.15.3 patches the issue. | ||||
| CVE-2020-36967 | 1 Zortam | 1 Mp3 Media Studio | 2026-01-29 | 9.8 Critical |
| Zortam Mp3 Media Studio 27.60 contains a buffer overflow vulnerability in the library creation file selection process that allows remote code execution. Attackers can craft a malicious text file with shellcode to trigger a structured exception handler (SEH) overwrite and execute arbitrary commands on the target system. | ||||
| CVE-2022-50919 | 1 Tdarr | 1 Tdarr | 2026-01-29 | 9.8 Critical |
| Tdarr 2.00.15 contains an unauthenticated remote code execution vulnerability in its Help terminal that allows attackers to inject and chain arbitrary commands. Attackers can exploit the lack of input filtering by chaining commands like `--help; curl .py | python` to execute remote code without authentication. | ||||
| CVE-2026-23592 | 1 Arubanetworks | 1 Fabric Composer | 2026-01-29 | 7.2 High |
| Insecure file operations in HPE Aruba Networking Fabric Composer’s backup functionality could allow authenticated attackers to achieve remote code execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. | ||||
| CVE-2026-1400 | 2 Tigroumeow, Wordpress | 2 Ai Engine – The Chatbot And Ai Framework For Wordpress, Wordpress | 2026-01-29 | 7.2 High |
| The AI Engine – The Chatbot and AI Framework for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the `rest_helpers_update_media_metadata` function in all versions up to, and including, 3.3.2. This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. The attacker can upload a benign image file, then use the `update_media_metadata` endpoint to rename it to a PHP file, creating an executable PHP file in the uploads directory. | ||||
| CVE-2021-47900 | 1 Gilacms | 1 Gila Cms | 2026-01-29 | 9.8 Critical |
| Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shell_exec() to run system commands by sending crafted requests to the admin endpoint. | ||||
| CVE-2020-36973 | 1 Michalc | 1 Pdw File Browser | 2026-01-29 | 6.5 Medium |
| PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it to accessible directories using double-encoded path traversal techniques. | ||||
| CVE-2026-1056 | 2 2inc, Wordpress | 2 Snow Monkey Forms, Wordpress | 2026-01-29 | 9.8 Critical |
| The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'generate_user_dirpath' function in all versions up to, and including, 12.0.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | ||||
| CVE-2022-50898 | 1 Kalyan02 | 1 Nanocms | 2026-01-29 | 8.8 High |
| NanoCMS 0.4 contains an authenticated file upload vulnerability that allows remote code execution through unvalidated page content creation. Authenticated attackers can upload PHP files with arbitrary code to the server's pages directory by exploiting the page creation mechanism without proper input sanitization. | ||||
| CVE-2020-36911 | 1 Cobbr | 1 Covenant | 2026-01-29 | 9.8 Critical |
| Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to craft malicious JWT tokens with administrative privileges. Attackers can generate forged tokens with admin roles and upload custom DLL payloads to execute arbitrary commands on the target system. | ||||
| CVE-2026-24478 | 1 Mintplexlabs | 2 Anything-llm, Anythingllm | 2026-01-28 | 7.2 High |
| AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.10.0, a critical Path Traversal vulnerability in the DrupalWiki integration allows a malicious admin (or an attacker who can convince an admin to configure a malicious DrupalWiki URL) to write arbitrary files to the server. This can lead to Remote Code Execution (RCE) by overwriting configuration files or writing executable scripts. Version 1.10.0 fixes the issue. | ||||
| CVE-2026-24480 | 1 Qgis | 1 Qgis | 2026-01-27 | 9.9 Critical |
| QGIS is a free, open source, cross platform geographical information system (GIS) The repository contains a GitHub Actions workflow called "pre-commit checks" that, before commit 76a693cd91650f9b4e83edac525e5e4f90d954e9, was vulnerable to remote code execution and repository compromise because it used the `pull_request_target` trigger and then checked out and executed untrusted pull request code in a privileged context. Workflows triggered by `pull_request_target` ran with the base repository's credentials and access to secrets. If these workflows then checked out and executed code from the head of an external pull request (which could have been attacker controlled), the attacker could have executed arbitrary commands with elevated privileges. This insecure pattern has been documented as a security risk by GitHub and security researchers. Commit 76a693cd91650f9b4e83edac525e5e4f90d954e9 removed the vulnerable code. | ||||
| CVE-2026-24344 | 1 Actions-micro | 2 Ezcast Pro Ii, Ezcast Pro Ii Firmware | 2026-01-27 | N/A |
| Multiple Buffer Overflows in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to cause a program crash and potential remote code execution | ||||