Common Vulnerabilities and Exposures (CVE)

CVE-2022-35192

Jul 4, 2026 23:42:47 UTC

D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via the User parameter or Pwd parameter to Login.asp.

CVE-2020-24913

Jul 4, 2026 23:42:43 UTC

A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.

CVE-2021-44087

Jul 4, 2026 23:42:38 UTC

A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows an unauthenticated remote attacker to upload a maliciously crafted PHP via photo upload.

CVE-2022-30426

Jul 4, 2026 23:42:34 UTC

There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack contro...

CVE-2021-36582

Jul 4, 2026 23:42:30 UTC

In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., aspx) to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can b...

CVE-2021-34201

Jul 4, 2026 23:42:27 UTC

D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640). Local ordinary users can overwrite the global variables in the .bss section, causing...

CVE-2022-37146

Jul 4, 2026 23:42:22 UTC

The PlexTrac platform prior to version 1.28.0 allows for username enumeration via HTTP response times on invalid login attempts for users configured to use the PlexTrac authentication provider. Login attempts for valid, unlocked users confi...

CVE-2020-36012

Jul 4, 2026 23:42:18 UTC

Stored XSS vulnerability in BDTASK Multi-Store Inventory Management System 1.0 allows a local admin to inject arbitrary code via the Customer Name Field.

CVE-2022-28986

Jul 4, 2026 23:42:14 UTC

LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure direct object references (IDOR) vulnerability, which allows remote attackers to update sensitive records such as email, password and phone numb...

CVE-2020-23630

Jul 4, 2026 23:42:10 UTC

A blind SQL injection vulnerability exists in zzcms ver201910 based on time (cookie injection).

CVE-2021-38265

Jul 4, 2026 23:42:06 UTC

Cross-site scripting (XSS) vulnerability in the Asset module in Liferay Portal 7.3.4 through 7.3.6 allow remote attackers to inject arbitrary web script or HTML when creating a collection page via the _com_liferay_asset_list_web_portlet_Ass...

CVE-2021-36666

Jul 4, 2026 23:42:01 UTC

An issue was discovered in Druva 6.9.0 for MacOS, allows attackers to gain escalated local privileges via the inSyncDecommission.

CVE-2021-43712

Jul 4, 2026 23:41:57 UTC

Stored XSS in Add New Employee Form in Sourcecodester Employee Daily Task Management System 1.0 Allows Remote Attacker to Inject/Store Arbitrary Code via the Name Field.

CVE-2021-45783

Jul 4, 2026 23:41:53 UTC

Bookeen Notea Firmware BK_R_1.0.5_20210608 is affected by a directory traversal vulnerability that allows an attacker to obtain sensitive information.

CVE-2020-19964

Jul 4, 2026 23:41:49 UTC

A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication.