Common Vulnerabilities and Exposures (CVE)

CVE-2021-3294

Jul 4, 2026 23:45:26 UTC

CASAP Automated Enrollment System 1.0 is affected by cross-site scripting (XSS) in users.php. An attacker can steal a cookie to perform user redirection to a malicious website.

CVE-2021-40219

Jul 4, 2026 23:45:18 UTC

Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution.

CVE-2021-43160

Jul 4, 2026 23:45:14 UTC

A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the switchFastDhcp function in /cgi-bin/luci/api/diagnose.

CVE-2021-28860

Jul 4, 2026 23:45:10 UTC

In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties of an object via '__proto__' through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will p...

CVE-2026-14685

Jul 4, 2026 23:45:08 UTC

A vulnerability has been found in HdrHistogram up to 2.2.2. This vulnerability affects the function recordValueWithCount of the file src/main/java/org/HdrHistogram/AbstractHistogram.java of the component AbstractHistogram. Such manipulation...

CVE-2017-15683

Jul 4, 2026 23:45:06 UTC

In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.

CVE-2022-22914

Jul 4, 2026 23:45:01 UTC

An incorrect access control issue in the component FileManager of Ovidentia CMS 6.0 allows authenticated attackers to to view and download content in the upload directory via path traversal.

CVE-2021-45026

Jul 4, 2026 23:44:56 UTC

ASG technologies ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cross Site Scripting (XSS).

CVE-2022-25022

Jul 4, 2026 23:44:53 UTC

A cross-site scripting (XSS) vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in the content field of a blog post.

CVE-2021-28937

Jul 4, 2026 23:44:48 UTC

The /password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) contains the administrator account password in plaintext. The page can be intercepted on HTTP.

CVE-2022-36532

Jul 4, 2026 23:44:44 UTC

Bolt CMS contains a vulnerability in version 5.1.12 and below that allows an authenticated user with the ROLE_EDITOR privileges to upload and rename a malicious file to achieve remote code execution.

CVE-2021-46006

Jul 4, 2026 23:44:40 UTC

In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not authenticated. Using this function, an attacker can configure multiple settings without authentication.

CVE-2020-20426

Jul 4, 2026 23:44:36 UTC

S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php.

CVE-2022-23321

Jul 4, 2026 23:44:32 UTC

A persistent cross-site scripting (XSS) vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0.

CVE-2021-45025

Jul 4, 2026 23:44:28 UTC

ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cleartext Storage of Sensitive Information in a Cookie.