|
91
|
6.2 |
MEDIUM
Local
|
-
|
-
|
Internet Download Manager 6.38.12 contains a buffer overflow vulnerability in the Scheduler component that allows local attackers to crash the application by supplying oversized input. Attackers can …
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-37234
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
92
|
6.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers with moderator privileges to inject malicious script code through the fi…
New
|
CWE-79
Cross-site Scripting
|
CVE-2020-37233
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
93
|
7.8 |
HIGH
Local
|
-
|
-
|
Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Atta…
New
|
CWE-428
Unquoted Search Path or Element
|
CVE-2020-37232
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
94
|
7.8 |
HIGH
Local
|
-
|
-
|
Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service binary that allows local attackers to escalate privileges by exploiting the service startup process. Atta…
New
|
CWE-428
Unquoted Search Path or Element
|
CVE-2020-37231
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
95
|
7.8 |
HIGH
Local
|
-
|
-
|
Syncplify.me Server! 5.0.37 contains an unquoted service path vulnerability in the SMWebRestServicev5 service that allows local attackers to escalate privileges by exploiting the unquoted binary path…
New
|
CWE-428
Unquoted Search Path or Element
|
CVE-2020-37230
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
96
|
7.8 |
HIGH
Local
|
-
|
-
|
OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnerability in the sPSVOpLclSrv service that allows local attackers to escalate privileges by inserting executable files into the unqu…
New
|
CWE-428
Unquoted Search Path or Element
|
CVE-2020-37229
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
97
|
9.8 |
CRITICAL
Network
|
-
|
-
|
iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retr…
New
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-37228
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
98
|
8.8 |
HIGH
Network
|
-
|
-
|
HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-37227
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
99
|
- |
|
-
|
-
|
Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections.
The metric names were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject add…
New
|
CWE-93
CRLF Injection
|
CVE-2026-46719
|
2026-05-16 23:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
100
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
ptrace: slightly saner 'get_dumpable()' logic
The 'dumpability' of a task is fundamentally about the memory image of
the task - t…
New
|
-
|
CVE-2026-46333
|
2026-05-16 22:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
