CVE-2020-37064 - EPSON EasyMP Network Projection 2.81 - 'EMP_NSWLSV' Unquoted Service Path
Published: Sun, 01 Feb 2026 15:16:04 +0000
CVE ID : CVE-2020-37064
Published : Feb. 1, 2026, 3:16 p.m. | 4 hours, 46 minutes ago
Description : EPSON EasyMP Network Projection 2.81 contains an unquoted service path vulnerability in the EMP_NSWLSV service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\EPSON Projector\EasyMP Network Projection V2\ to inject malicious code that would execute with LocalSystem privileges.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37063 - TFTP Turbo 4.6.1273 - 'TFTP Turbo 4' Unquoted Service Path
Published: Sun, 01 Feb 2026 15:16:04 +0000
CVE ID : CVE-2020-37063
Published : Feb. 1, 2026, 3:16 p.m. | 4 hours, 46 minutes ago
Description : TFTP Turbo 4.6.1273 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37062 - DHCP Turbo 4.6.1298- 'DHCP Turbo 4' Unquoted Service Path
Published: Sun, 01 Feb 2026 15:16:04 +0000
CVE ID : CVE-2020-37062
Published : Feb. 1, 2026, 3:16 p.m. | 4 hours, 46 minutes ago
Description : DHCP Turbo 4.61298 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can place malicious executables in the service path to gain elevated privileges when the service starts.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37061 - BOOTP Turbo 2.0.1214 - 'BOOTP Turbo' Unquoted Service Path
Published: Sun, 01 Feb 2026 15:16:04 +0000
CVE ID : CVE-2020-37061
Published : Feb. 1, 2026, 3:16 p.m. | 4 hours, 46 minutes ago
Description : BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted executable path to inject malicious code that will be executed when the service starts with LocalSystem permissions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37055 - SpyHunter 4 - 'SpyHunter 4 Service' Unquoted Service Path
Published: Sun, 01 Feb 2026 15:16:04 +0000
CVE ID : CVE-2020-37055
Published : Feb. 1, 2026, 3:16 p.m. | 4 hours, 46 minutes ago
Description : SpyHunter 4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file system locations to gain elevated access during service startup.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37048 - Iskysoft Application Framework Service 2.4.3.241 - 'IsAppService' Unquoted Service Path
Published: Sun, 01 Feb 2026 15:16:03 +0000
CVE ID : CVE-2020-37048
Published : Feb. 1, 2026, 3:16 p.m. | 4 hours, 46 minutes ago
Description : Iskysoft Application Framework Service 2.4.3.241 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that would be run with the service's high-level system permissions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37047 - Deep Instinct Windows Agent 1.2.29.0 - 'DeepMgmtService' Unquoted Service Path
Published: Sun, 01 Feb 2026 15:16:03 +0000
CVE ID : CVE-2020-37047
Published : Feb. 1, 2026, 3:16 p.m. | 4 hours, 46 minutes ago
Description : Deep Instinct Windows Agent 1.2.29.0 contains an unquoted service path vulnerability in the DeepMgmtService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepMgmtService.exe to inject malicious code that would execute with LocalSystem permissions during service startup.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37045 - NetBackup 7.0 - 'NetBackup INET Daemon' Unquoted Service Path
Published: Sun, 01 Feb 2026 15:16:03 +0000
CVE ID : CVE-2020-37045
Published : Feb. 1, 2026, 3:16 p.m. | 4 hours, 46 minutes ago
Description : Veritas NetBackup 7.0 contains an unquoted service path vulnerability in the NetBackup INET Daemon service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Veritas\NetBackup\bin\bpinetd.exe to inject malicious code that would execute with elevated LocalSystem privileges.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37037 - AVAST SecureLine 5.5.522.0 - 'SecureLine' Unquoted Service Path
Published: Sun, 01 Feb 2026 15:16:02 +0000
CVE ID : CVE-2020-37037
Published : Feb. 1, 2026, 3:16 p.m. | 4 hours, 46 minutes ago
Description : Avast SecureLine 5.5.522.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem account permissions during service startup.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-54343 - QWE DL 2.0.1 Persistent XSS Vulnerability via Path Parameter
Published: Sun, 01 Feb 2026 13:15:58 +0000
CVE ID : CVE-2023-54343
Published : Feb. 1, 2026, 1:15 p.m. | 6 hours, 46 minutes ago
Description : QWE DL 2.0.1 mobile web application contains a persistent input validation vulnerability allowing remote attackers to inject malicious script code through path parameter manipulation. Attackers can exploit the vulnerability to execute persistent cross-site scripting attacks, potentially leading to session hijacking and application module manipulation.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-50952 - Banco Guayaquil 8.0.0 Mobile iOS Cross-Site Scripting via Profile Name Input
Published: Sun, 01 Feb 2026 13:15:57 +0000
CVE ID : CVE-2022-50952
Published : Feb. 1, 2026, 1:15 p.m. | 6 hours, 46 minutes ago
Description : Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cross-site scripting vulnerability in the TextBox Name Profile input. Attackers can inject malicious script code through a POST request that executes on application review without user interaction.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-50951 - WiFi File Transfer 1.0.8 Persistent XSS via Web Server Input Validation
Published: Sun, 01 Feb 2026 13:15:57 +0000
CVE ID : CVE-2022-50951
Published : Feb. 1, 2026, 1:15 p.m. | 6 hours, 46 minutes ago
Description : WiFi File Transfer 1.0.8 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through file and folder names. Attackers can exploit the web server's input validation weakness to execute arbitrary JavaScript when users preview infected file paths, potentially compromising user browser sessions.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-50950 - Webile 1.0.1 Directory Traversal Vulnerability via Web Application
Published: Sun, 01 Feb 2026 13:15:57 +0000
CVE ID : CVE-2022-50950
Published : Feb. 1, 2026, 1:15 p.m. | 6 hours, 46 minutes ago
Description : Webile 1.0.1 contains a directory traversal vulnerability that allows remote attackers to manipulate file system paths without authentication. Attackers can exploit path manipulation to access sensitive system directories and potentially compromise the mobile device's local file system.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-50942 - Inciga Web 2.8.2 Client-Side Cross-Site Scripting via EventListener
Published: Sun, 01 Feb 2026 13:15:57 +0000
CVE ID : CVE-2022-50942
Published : Feb. 1, 2026, 1:15 p.m. | 6 hours, 46 minutes ago
Description : Inciga Web 2.8.2 contains a client-side cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through the icinga.min.js file. Attackers can exploit the EventListener.handleEvent method to execute arbitrary scripts, potentially leading to session hijacking and non-persistent phishing attacks.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-50941 - BootCommerce 3.2.1 Persistent Cross-Site Scripting via Order Checkout
Published: Sun, 01 Feb 2026 13:15:57 +0000
CVE ID : CVE-2022-50941
Published : Feb. 1, 2026, 1:15 p.m. | 6 hours, 46 minutes ago
Description : BootCommerce 3.2.1 contains persistent input validation vulnerabilities that allow remote attackers to inject malicious script code through guest order checkout input fields. Attackers can exploit unvalidated input parameters to execute arbitrary scripts, potentially leading to session hijacking, phishing attacks, and application module manipulation.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-50940 - Knap Advanced PHP Login 3.1.3 Persistent Cross-Site Scripting via Name Parameter
Published: Sun, 01 Feb 2026 13:15:57 +0000
CVE ID : CVE-2022-50940
Published : Feb. 1, 2026, 1:15 p.m. | 6 hours, 46 minutes ago
Description : Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script code in the name parameter. Attackers can exploit the vulnerability to execute arbitrary scripts in users and activity log backend modules, potentially leading to session hijacking and persistent phishing attacks.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-50797 - Stripe Green Downloads Wordpress Plugin 2.03 Persistent XSS via Settings
Published: Sun, 01 Feb 2026 13:15:56 +0000
CVE ID : CVE-2022-50797
Published : Feb. 1, 2026, 1:15 p.m. | 6 hours, 46 minutes ago
Description : Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerability allowing remote attackers to inject malicious scripts in button label fields. Attackers can exploit input parameters to execute arbitrary scripts, potentially leading to session hijacking and application module manipulation.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47921 - Free Photo & Video Vault 0.0.2 Directory Traversal Vulnerability via Web Request
Published: Sun, 01 Feb 2026 13:15:56 +0000
CVE ID : CVE-2021-47921
Published : Feb. 1, 2026, 1:15 p.m. | 6 hours, 46 minutes ago
Description : Free Photo & Video Vault 0.0.2 contains a directory traversal web vulnerability that allows remote attackers to manipulate application path requests and access sensitive system files. Attackers can exploit the vulnerability without privileges to retrieve environment variables and access unauthorized system paths.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47920 - WebMO Job Manager 20.0 Cross-Site Scripting via Search Parameters
Published: Sun, 01 Feb 2026 13:15:56 +0000
CVE ID : CVE-2021-47920
Published : Feb. 1, 2026, 1:15 p.m. | 6 hours, 46 minutes ago
Description : WebMO Job Manager 20.0 contains a cross-site scripting vulnerability in search parameters that allows remote attackers to inject malicious script code. Attackers can exploit the filterSearch and filterSearchType parameters to perform non-persistent attacks including session hijacking and external redirects.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47919 - Simple CMS 2.1 Non-Persistent Cross-Site Scripting via Preview Parameter
Published: Sun, 01 Feb 2026 13:15:56 +0000
CVE ID : CVE-2021-47919
Published : Feb. 1, 2026, 1:15 p.m. | 6 hours, 46 minutes ago
Description : Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerability in the preview.php file's id parameter. Attackers can inject malicious script code through a GET request to execute arbitrary scripts and potentially hijack user sessions or perform phishing attacks.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47918 - Simple CMS 2.1 SQL Injection Vulnerability via Users Module
Published: Sun, 01 Feb 2026 13:15:56 +0000
CVE ID : CVE-2021-47918
Published : Feb. 1, 2026, 1:15 p.m. | 6 hours, 46 minutes ago
Description : Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47917 - Simple CMS 2.1 Persistent Cross-Site Scripting via User Input Parameters
Published: Sun, 01 Feb 2026 13:15:56 +0000
CVE ID : CVE-2021-47917
Published : Feb. 1, 2026, 1:15 p.m. | 6 hours, 46 minutes ago
Description : Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading to session hijacking and application manipulation.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47916 - Simple CMS 2.1 SQL Injection Vulnerability via Users Module
Published: Sun, 01 Feb 2026 13:15:55 +0000
CVE ID : CVE-2021-47916
Published : Feb. 1, 2026, 1:15 p.m. | 6 hours, 46 minutes ago
Description : Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47915 - PHP Melody 3.0 SQL Injection Vulnerability via Edit Video Parameter
Published: Sun, 01 Feb 2026 13:15:55 +0000
CVE ID : CVE-2021-47915
Published : Feb. 1, 2026, 1:15 p.m. | 6 hours, 46 minutes ago
Description : PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web application and database management system.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47914 - PHP Melody 3.0 Persistent XSS Vulnerability via Edit Video Parameter
Published: Sun, 01 Feb 2026 13:15:55 +0000
CVE ID : CVE-2021-47914
Published : Feb. 1, 2026, 1:15 p.m. | 6 hours, 46 minutes ago
Description : PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.php submitted parameter that allows remote attackers to inject malicious script code. Attackers can exploit this vulnerability to execute arbitrary JavaScript, potentially leading to session hijacking, persistent phishing, and manipulation of application modules.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
