CVE-2020-37154 - eLection 2.0 - 'id' SQL Injection
CVE ID : CVE-2020-37154
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can leverage SQLMap to exploit the vulnerability, potentially gaining remote code execution by uploading backdoor files to the web application directory.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37154
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can leverage SQLMap to exploit the vulnerability, potentially gaining remote code execution by uploading backdoor files to the web application directory.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37155 - Core FTP Lite 1.3 - Denial of Service (PoC)
CVE ID : CVE-2020-37155
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : Core FTP Lite 1.3 contains a buffer overflow vulnerability in the username input field that allows attackers to crash the application by supplying oversized input. Attackers can generate a 7000-byte payload of repeated 'A' characters to trigger an application crash without requiring additional interaction.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37155
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : Core FTP Lite 1.3 contains a buffer overflow vulnerability in the username input field that allows attackers to crash the application by supplying oversized input. Attackers can generate a 7000-byte payload of repeated 'A' characters to trigger an application crash without requiring additional interaction.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37157 - DBPower C300 HD Camera - Remote Configuration Disclosure
CVE ID : CVE-2020-37157
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by accessing the /tmpfs/config_backup.bin resource.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37157
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by accessing the /tmpfs/config_backup.bin resource.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37159 - Cuckoo Clock 5.0 - Buffer Overflow
CVE ID : CVE-2020-37159
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory registers in the alarm scheduling feature. Attackers can craft a malicious payload exceeding 260 bytes to overwrite EIP and EBP, enabling shellcode execution with potential remote code execution.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37159
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory registers in the alarm scheduling feature. Attackers can craft a malicious payload exceeding 260 bytes to overwrite EIP and EBP, enabling shellcode execution with potential remote code execution.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37160 - SprintWork 2.3.1 - Local Privilege Escalation
CVE ID : CVE-2020-37160
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. Local unprivileged users can exploit missing executable files and weak service configurations to create a new administrative user and gain complete system access.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37160
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. Local unprivileged users can exploit missing executable files and weak service configurations to create a new administrative user and gain complete system access.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37161 - Wedding Slideshow Studio 1.36 - 'Name' Buffer Overflow
CVE ID : CVE-2020-37161
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the registration name field with malicious payload. Attackers can craft a specially designed payload to trigger remote code execution, demonstrating the ability to run system commands like launching the calculator.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37161
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the registration name field with malicious payload. Attackers can craft a specially designed payload to trigger remote code execution, demonstrating the ability to run system commands like launching the calculator.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37162 - Wedding Slideshow Studio 1.36 - 'Key' Buffer Overflow
CVE ID : CVE-2020-37162
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability in the registration key input that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload of 1608 bytes to trigger a stack-based buffer overflow and execute commands through the registration key field.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37162
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability in the registration key input that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload of 1608 bytes to trigger a stack-based buffer overflow and execute commands through the registration key field.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37163 - QuickDate 1.3.2 - SQL Injection
CVE ID : CVE-2020-37163
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : QuickDate 1.3.2 contains a SQL injection vulnerability that allows remote attackers to manipulate database queries through the '_located' parameter in the find_matches endpoint. Attackers can inject UNION-based SQL statements to extract database information including user credentials, database name, and system version.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37163
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : QuickDate 1.3.2 contains a SQL injection vulnerability that allows remote attackers to manipulate database queries through the '_located' parameter in the find_matches endpoint. Attackers can inject UNION-based SQL statements to extract database information including user credentials, database name, and system version.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37164 - AbsoluteTelnet 11.12 - "license entry" Denial of Service
CVE ID : CVE-2020-37164
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character payload and paste it into the license entry field to trigger an application crash.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37164
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character payload and paste it into the license entry field to trigger an application crash.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37165 - AbsoluteTelnet 11.12 - "license name" Denial of Service
CVE ID : CVE-2020-37165
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character payload and paste it into the license name field to trigger an application crash.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37165
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character payload and paste it into the license name field to trigger an application crash.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37166 - AbsoluteTelnet 11.12 - 'SSH2/username' Denial of Service
CVE ID : CVE-2020-37166
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : AbsoluteTelnet 11.12 contains a denial of service vulnerability in the SSH2 username input field that allows local attackers to crash the application. Attackers can overwrite the username field with a 1000-byte buffer, causing the application to become unresponsive and terminate.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37166
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : AbsoluteTelnet 11.12 contains a denial of service vulnerability in the SSH2 username input field that allows local attackers to crash the application. Attackers can overwrite the username field with a 1000-byte buffer, causing the application to become unresponsive and terminate.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37170 - TapinRadio 2.12.3 - 'address' Denial of Service
CVE ID : CVE-2020-37170
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy address configuration that allows local attackers to crash the application. Attackers can overwrite the address field with 3000 bytes of arbitrary data to trigger an application crash and prevent normal program functionality.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37170
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy address configuration that allows local attackers to crash the application. Attackers can overwrite the address field with 3000 bytes of arbitrary data to trigger an application crash and prevent normal program functionality.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37171 - TapinRadio 2.12.3 - 'username' Denial of Service
CVE ID : CVE-2020-37171
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy username configuration that allows local attackers to crash the application. Attackers can overwrite the username field with 10,000 bytes of arbitrary data to trigger an application crash and prevent normal program functionality.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37171
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy username configuration that allows local attackers to crash the application. Attackers can overwrite the username field with 10,000 bytes of arbitrary data to trigger an application crash and prevent normal program functionality.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2071 - UTT 进取 520W formP2PLimitConfig strcpy buffer overflow
CVE ID : CVE-2026-2071
Published : Feb. 7, 2026, 1:15 a.m. | 3 hours, 39 minutes ago
Description : A vulnerability was found in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formP2PLimitConfig. Performing a manipulation of the argument except results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2071
Published : Feb. 7, 2026, 1:15 a.m. | 3 hours, 39 minutes ago
Description : A vulnerability was found in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formP2PLimitConfig. Performing a manipulation of the argument except results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2074 - O2OA HTTP POST Request check xml external entity reference
CVE ID : CVE-2026-2074
Published : Feb. 7, 2026, 4:02 a.m. | 53 minutes ago
Description : A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /x_program_center/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation leads to xml external entity reference. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2074
Published : Feb. 7, 2026, 4:02 a.m. | 53 minutes ago
Description : A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /x_program_center/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation leads to xml external entity reference. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31990 - HCL DevOps Velocity is susceptible to a Denial of Service vulnerability
CVE ID : CVE-2025-31990
Published : Feb. 7, 2026, 4:15 a.m. | 39 minutes ago
Description : Rate limiting for certain API calls is not being enforced, making HCL Velocity vulnerable to Denial of Service (DoS) attacks. An attacker could flood the system with a large number of requests, overwhelming its resources and causing it to become unresponsive to legitimate users. This vulnerability is fixed in 5.1.7.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31990
Published : Feb. 7, 2026, 4:15 a.m. | 39 minutes ago
Description : Rate limiting for certain API calls is not being enforced, making HCL Velocity vulnerable to Denial of Service (DoS) attacks. An attacker could flood the system with a large number of requests, overwhelming its resources and causing it to become unresponsive to legitimate users. This vulnerability is fixed in 5.1.7.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25837 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2026-25837
Published : Feb. 7, 2026, 4:15 a.m. | 39 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25837
Published : Feb. 7, 2026, 4:15 a.m. | 39 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25838 - Apache HTTP Server Incorrect Error Handling
CVE ID : CVE-2026-25838
Published : Feb. 7, 2026, 4:15 a.m. | 39 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25838
Published : Feb. 7, 2026, 4:15 a.m. | 39 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25839 - Apache HTTP Server Authentication Bypass
CVE ID : CVE-2026-25839
Published : Feb. 7, 2026, 4:15 a.m. | 39 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25839
Published : Feb. 7, 2026, 4:15 a.m. | 39 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25840 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2026-25840
Published : Feb. 7, 2026, 4:15 a.m. | 39 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25840
Published : Feb. 7, 2026, 4:15 a.m. | 39 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25841 - Apache HTTP Server Authentication Bypass
CVE ID : CVE-2026-25841
Published : Feb. 7, 2026, 4:15 a.m. | 39 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25841
Published : Feb. 7, 2026, 4:15 a.m. | 39 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...