Common Vulnerabilities and Exposures (CVE)

CVE-2022-24644

Jul 4, 2026 23:44:23 UTC

ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code execution vulnerability during an unauthenticated update. To exploit this vulnerability, a user must trigger an update of an affected installation of KeyMouse.

CVE-2020-28858

Jul 4, 2026 23:44:19 UTC

OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly verify whether a request made to the application was intentionally made by the user, allowing for cross-site request forgery attacks on all user functions.

CVE-2021-41945

Jul 4, 2026 23:44:15 UTC

Encode OSS httpx < 0.23.0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`.

CVE-2021-42627

Jul 4, 2026 23:44:11 UTC

The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data f...

CVE-2022-38553

Jul 4, 2026 23:44:07 UTC

Academy Learning Management System before v5.9.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter.

CVE-2022-24252

Jul 4, 2026 23:44:03 UTC

An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file.

CVE-2020-21819

Jul 4, 2026 23:43:58 UTC

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641via htmlescape ../../programs/escape.c:51.

CVE-2022-30078

Jul 4, 2026 23:43:53 UTC

NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.1.11 and R6300_V2 firmware versions through R6300v2-V1.0.4.52_10.0.93 allow remote authenticated attackers to execute arbitrary command via shell metacharacters in the ipv6_fix...

CVE-2020-24914

Jul 4, 2026 23:43:49 UTC

A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request.

CVE-2022-32385

Jul 4, 2026 23:43:45 UTC

Tenda AC23 v16.03.07.44 is vulnerable to Stack Overflow that will allow for the execution of arbitrary code (remote).

CVE-2020-35274

Jul 4, 2026 23:43:41 UTC

DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges. An attacker could compromise the security of a website or web application through a stored XSS attack and stealing cookies using...

CVE-2020-29477

Jul 4, 2026 23:43:37 UTC

Invision Community 4.5.4 is affected by cross-site scripting (XSS) in the Field Name field. This vulnerability can allow an attacker to inject the XSS payload in Field Name and each time any user will open that, the XSS triggers and the att...

CVE-2020-21732

Jul 4, 2026 23:43:33 UTC

Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). An attacker can add JavaScript code to the filename.

CVE-2022-28077

Jul 4, 2026 23:43:29 UTC

Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['s'] parameter.

CVE-2021-36668

Jul 4, 2026 23:43:25 UTC

URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary url via the port parameter to the Electron App.