Common Vulnerabilities and Exposures (CVE)

CVE-2020-36012

Jul 4, 2026 23:42:18 UTC

Stored XSS vulnerability in BDTASK Multi-Store Inventory Management System 1.0 allows a local admin to inject arbitrary code via the Customer Name Field.

CVE-2022-28986

Jul 4, 2026 23:42:14 UTC

LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure direct object references (IDOR) vulnerability, which allows remote attackers to update sensitive records such as email, password and phone numb...

CVE-2020-23630

Jul 4, 2026 23:42:10 UTC

A blind SQL injection vulnerability exists in zzcms ver201910 based on time (cookie injection).

CVE-2021-38265

Jul 4, 2026 23:42:06 UTC

Cross-site scripting (XSS) vulnerability in the Asset module in Liferay Portal 7.3.4 through 7.3.6 allow remote attackers to inject arbitrary web script or HTML when creating a collection page via the _com_liferay_asset_list_web_portlet_Ass...

CVE-2021-36666

Jul 4, 2026 23:42:01 UTC

An issue was discovered in Druva 6.9.0 for MacOS, allows attackers to gain escalated local privileges via the inSyncDecommission.

CVE-2021-43712

Jul 4, 2026 23:41:57 UTC

Stored XSS in Add New Employee Form in Sourcecodester Employee Daily Task Management System 1.0 Allows Remote Attacker to Inject/Store Arbitrary Code via the Name Field.

CVE-2021-45783

Jul 4, 2026 23:41:53 UTC

Bookeen Notea Firmware BK_R_1.0.5_20210608 is affected by a directory traversal vulnerability that allows an attacker to obtain sensitive information.

CVE-2020-19964

Jul 4, 2026 23:41:49 UTC

A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication.

CVE-2021-35504

Jul 4, 2026 23:41:45 UTC

Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary.

CVE-2022-36552

Jul 4, 2026 23:41:41 UTC

Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an issue in the component /cgi-bin/DownloadFlash which allows attackers to steal all data such as source code and system files via a crafted GET request.

CVE-2022-40030

Jul 4, 2026 23:41:37 UTC

SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at changeStatus.php.

CVE-2022-37775

Jul 4, 2026 23:41:33 UTC

Genesys PureConnect Interaction Web Tools Chat Service (up to at least 26- September- 2019) allows XSS within the Printable Chat History via the participant -> name JSON POST parameter.

CVE-2020-28856

Jul 4, 2026 23:41:29 UTC

OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing attackers to spoof it using X-Forwarded-For in the header, by supplying localhost address such as 127....

CVE-2021-46010

Jul 4, 2026 23:41:25 UTC

Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuration. The SESSION_ID is predictable. An attacker can hijack a valid session and conduct further malicious operations.

CVE-2022-36262

Jul 4, 2026 23:41:21 UTC

An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php.