8.5
CVE-2021-47810 - WibuKey Runtime 6.51 - 'WkSvW32.exe' Unquoted Service Path
WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\PROGRAM FILES (X86)\WIBUKEY\SERVER\WkSvW32.exe' to inject malicious executables and escalโฆ
8.5
CVE-2021-47809 - Disk Sorter Enterprise 13.6.12 - 'Disk Sorter Enterprise' Unquoted Service Path
Disk Sorter Enterprise 13.6.12 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Sorter Enterprise\bin\disksrs.exe' to inject malicโฆ
5.1
CVE-2021-47808 - Cotonti Siena 0.9.19 - 'maintitle' Stored Cross-Site Scripting
Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page.
8.5
CVE-2021-47807 - Sync Breeze 13.6.18 - 'Multiple' Unquoted Service Path
Sync Breeze 13.6.18 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries located in 'Program Files' directories to inject malicious executabโฆ
8.5
CVE-2021-47806 - Dup Scout 13.5.28 - 'Multiple' Unquoted Service Path
Dup Scout 13.5.28 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Dup Scout Server\bin\dupscts.exe' to inject malicious executables anโฆ
8.5
CVE-2021-47805 - Disk Savvy 13.6.14 - 'Multiple' Unquoted Service Path
Disk Savvy 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries to inject malicious executables that will be run with elevated Localโฆ
8.5
CVE-2021-47804 - Wise Care 365 5.6.7.568 - 'WiseBootAssistant' Unquoted Service Path
Wise Care 365 5.6.7.568 contains an unquoted service path vulnerability in the WiseBootAssistant service running with LocalSystem privileges. Attackers can exploit this by inserting a malicious executable in the service path, which will execute with elevated system privileges when the service restaโฆ
8.5
CVE-2021-47803 - iFunbox 4.2 - 'Apple Mobile Device Service' Unquoted Service Path
iFunbox 4.2 contains an unquoted service path vulnerability in the Apple Mobile Device Service that allows local attackers to execute code with elevated privileges. Attackers can insert a malicious executable into the unquoted service path to run with LocalSystem privileges when the service restartโฆ
8.8
CVE-2021-47801 - Vianeos OctoPUS 5 - 'login_user' SQLi
Vianeos OctoPUS 5 contains a time-based blind SQL injection vulnerability in the 'login_user' parameter during authentication requests. Attackers can exploit this vulnerability by crafting malicious POST requests with specially constructed SQL payloads that trigger database sleep functions to extraโฆ
6.9
CVE-2021-47800 - b2evolution 7.2.2 - 'edit account details' Cross-Site Request Forgery (CSRF)
b2evolution 7.2.2 contains a cross-site request forgery vulnerability that allows attackers to modify admin account details without authentication. Attackers can craft a malicious HTML form to submit unauthorized changes to user profiles by tricking victims into loading a specially crafted webpage.