CVE-2021-47871 - Hestia Control Panel 1.3.2 - Arbitrary File Write
CVE ID : CVE-2021-47871
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the server.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47871
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the server.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47872 - SEO Panel < 4.9.0 - 'order_col' Blind SQL Injection
CVE ID : CVE-2021-47872
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'order_col' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by injecting malicious SQL code into the order column parameter.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47872
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'order_col' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by injecting malicious SQL code into the order column parameter.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47873 - VestaCP < 0.9.8-25 - Stored Cross-Site Scripting
CVE ID : CVE-2021-47873
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : VestaCP versions prior to 0.9.8-25 contain a cross-site scripting vulnerability in the IP interface configuration that allows attackers to inject malicious scripts. Attackers can exploit the 'v_interface' parameter by sending a crafted POST request to the add/ip/ endpoint with a stored XSS payload.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47873
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : VestaCP versions prior to 0.9.8-25 contain a cross-site scripting vulnerability in the IP interface configuration that allows attackers to inject malicious scripts. Attackers can exploit the 'v_interface' parameter by sending a crafted POST request to the add/ip/ endpoint with a stored XSS payload.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47874 - VFS for Git 1.0.21014.1 - 'GVFS.Service' Unquoted Service Path
CVE ID : CVE-2021-47874
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : VFS for Git 1.0.21014.1 contains an unquoted service path vulnerability in the GVFS.Service Windows service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem privileges during service startup or system reboot.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47874
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : VFS for Git 1.0.21014.1 contains an unquoted service path vulnerability in the GVFS.Service Windows service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem privileges during service startup or system reboot.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47875 - GeoGebra CAS Calculator 6.0.631.0 - Denial of Service
CVE ID : CVE-2021-47875
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : GeoGebra CAS Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a payload with 8000 repeated characters and paste it into the calculator's input field to trigger an application crash.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47875
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : GeoGebra CAS Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a payload with 8000 repeated characters and paste it into the calculator's input field to trigger an application crash.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47876 - GeoGebra Classic 5.0.631.0-d - Denial of Service
CVE ID : CVE-2021-47876
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : GeoGebra Classic 5.0.631.0-d contains a denial of service vulnerability in the input field that allows attackers to crash the application by sending oversized buffer content. Attackers can generate a large buffer of 800,000 repeated characters and paste it into the 'Entrada:' input field to trigger an application crash.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47876
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : GeoGebra Classic 5.0.631.0-d contains a denial of service vulnerability in the input field that allows attackers to crash the application by sending oversized buffer content. Attackers can generate a large buffer of 800,000 repeated characters and paste it into the 'Entrada:' input field to trigger an application crash.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47877 - GeoGebra Graphing Calculato r 6.0.631.0 - Denial Of Service
CVE ID : CVE-2021-47877
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : GeoGebra Graphing Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer. Attackers can generate a payload of 8000 repeated characters to overwhelm the input field and cause the application to become unresponsive.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47877
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : GeoGebra Graphing Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer. Attackers can generate a payload of 8000 repeated characters to overwhelm the input field and cause the application to become unresponsive.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47878 - eBeam Education Suite 2.5.0.9 - 'eBeam Device Service' Unquoted Service Path
CVE ID : CVE-2021-47878
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : eBeam Education Suite 2.5.0.9 contains an unquoted service path vulnerability in the eBeam Device Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem privileges during service startup.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47878
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : eBeam Education Suite 2.5.0.9 contains an unquoted service path vulnerability in the eBeam Device Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem privileges during service startup.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47879 - eBeam Interactive Suite 3.6 - 'eBeam Stylus Driver' Unquoted Service Path
CVE ID : CVE-2021-47879
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : eBeam Interactive Suite 3.6 contains an unquoted service path vulnerability in the eBeam Stylus Driver service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Luidia\eBeam Stylus Driver\ to inject malicious executables that would run with LocalSystem permissions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47879
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : eBeam Interactive Suite 3.6 contains an unquoted service path vulnerability in the eBeam Stylus Driver service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Luidia\eBeam Stylus Driver\ to inject malicious executables that would run with LocalSystem permissions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47880 - Realtek Wireless LAN Utility 700.1631 - 'Realtek11nSU' Unquoted Service Path
CVE ID : CVE-2021-47880
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : Realtek Wireless LAN Utility 700.1631 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path by inserting malicious code in the system root path that would execute during application startup or system reboot.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47880
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : Realtek Wireless LAN Utility 700.1631 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path by inserting malicious code in the system root path that would execute during application startup or system reboot.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47882 - FreeLAN 2.2 - 'FreeLAN Service' Unquoted Service Path
CVE ID : CVE-2021-47882
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : FreeLAN 2.2 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated LocalSystem privileges during service startup.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47882
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : FreeLAN 2.2 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated LocalSystem privileges during service startup.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47883 - Sandboxie Plus v0.7.2 - 'SbieSvc' Unquoted Service Path
CVE ID : CVE-2021-47883
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : Sandboxie Plus 0.7.2 contains an unquoted service path vulnerability in the SbieSvc service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions during service startup.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47883
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : Sandboxie Plus 0.7.2 contains an unquoted service path vulnerability in the SbieSvc service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions during service startup.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47884 - Configuration Tool 1.6.53 - 'OpLclSrv' Unquoted Service Path
CVE ID : CVE-2021-47884
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : OKI Configuration Tool 1.6.53 contains an unquoted service path vulnerability in the OKI Local Port Manager service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Okidata\Common\extend3\portmgrsrv.exe' to inject malicious executables and escalate privileges.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47884
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : OKI Configuration Tool 1.6.53 contains an unquoted service path vulnerability in the OKI Local Port Manager service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Okidata\Common\extend3\portmgrsrv.exe' to inject malicious executables and escalate privileges.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47886 - Pingzapper 2.3.1 - 'PingzapperSvc' Unquoted Service Path
CVE ID : CVE-2021-47886
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : Pingzapper 2.3.1 contains an unquoted service path vulnerability in the PingzapperSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Pingzapper\PZService.exe' to inject malicious executables and escalate privileges.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47886
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : Pingzapper 2.3.1 contains an unquoted service path vulnerability in the PingzapperSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Pingzapper\PZService.exe' to inject malicious executables and escalate privileges.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47887 - Print Job Accounting 4.4.10 - 'OkiJaSvc' Unquoted Service Path
CVE ID : CVE-2021-47887
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : OKI Print Job Accounting 4.4.10 contains an unquoted service path vulnerability in the OkiJaSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Okidata\Print Job Accounting\' to inject malicious executables and escalate privileges.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47887
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : OKI Print Job Accounting 4.4.10 contains an unquoted service path vulnerability in the OkiJaSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Okidata\Print Job Accounting\' to inject malicious executables and escalate privileges.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66959 - Ollama Denial of Service Vulnerability
CVE ID : CVE-2025-66959
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66959
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66960 - Ollama GGUF Denial of Service
CVE ID : CVE-2025-66960
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66960
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69762 - Tenda AX3 Remote Code Execution Vulnerability
CVE ID : CVE-2025-69762
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the list parameter, which can cause memory corruption and enable remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-69762
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the list parameter, which can cause memory corruption and enable remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69763 - Tenda AX3 Stack Overflow Vulnerability
CVE ID : CVE-2025-69763
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the vlanId parameter, which can cause memory corruption and enable remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-69763
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the vlanId parameter, which can cause memory corruption and enable remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69766 - Tenda AX3 Stack-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-69766
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the citytag stack buffer, which may result in memory corruption and remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-69766
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the citytag stack buffer, which may result in memory corruption and remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0834 - Logic Vulnerability on TP-Link Archer C20 and Archer AX53
CVE ID : CVE-2026-0834
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : Logic vulnerability in TP-Link Archer C20 v6.0 and Archer AX53 v1.0 (TDDP module) allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can remotely trigger factory resets and reboots without credentials, causing configuration loss and interruption of device availability.This issue affects Archer C20 v6.0 < V6_251031. Archer AX53 v1.0 < V1_251215
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0834
Published : Jan. 21, 2026, 6:16 p.m. | 45 minutes ago
Description : Logic vulnerability in TP-Link Archer C20 v6.0 and Archer AX53 v1.0 (TDDP module) allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can remotely trigger factory resets and reboots without credentials, causing configuration loss and interruption of device availability.This issue affects Archer C20 v6.0 < V6_251031. Archer AX53 v1.0 < V1_251215
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...