Common Vulnerabilities and Exposures (CVE)

CVE-2021-35504

Jul 4, 2026 23:41:45 UTC

Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary.

CVE-2022-36552

Jul 4, 2026 23:41:41 UTC

Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an issue in the component /cgi-bin/DownloadFlash which allows attackers to steal all data such as source code and system files via a crafted GET request.

CVE-2022-40030

Jul 4, 2026 23:41:37 UTC

SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at changeStatus.php.

CVE-2022-37775

Jul 4, 2026 23:41:33 UTC

Genesys PureConnect Interaction Web Tools Chat Service (up to at least 26- September- 2019) allows XSS within the Printable Chat History via the participant -> name JSON POST parameter.

CVE-2020-28856

Jul 4, 2026 23:41:29 UTC

OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing attackers to spoof it using X-Forwarded-For in the header, by supplying localhost address such as 127....

CVE-2021-46010

Jul 4, 2026 23:41:25 UTC

Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuration. The SESSION_ID is predictable. An attacker can hijack a valid session and conduct further malicious operations.

CVE-2022-36262

Jul 4, 2026 23:41:21 UTC

An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php.

CVE-2022-26197

Jul 4, 2026 23:41:17 UTC

Joget DX 7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Datalist table.

CVE-2022-28978

Jul 4, 2026 23:41:12 UTC

Stored cross-site scripting (XSS) vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3...

CVE-2022-26643

Jul 4, 2026 23:41:07 UTC

An issue in EasyIO CPT Graphics v0.8 allows attackers to discover valid users in the application.

CVE-2021-42872

Jul 4, 2026 23:41:00 UTC

TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely execute arbitrary code.

CVE-2022-28118

Jul 4, 2026 23:40:56 UTC

SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in.

CVE-2022-28102

Jul 4, 2026 23:40:52 UTC

A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel Generator v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected at /edit-db.php.

CVE-2020-21834

Jul 4, 2026 23:40:48 UTC

A null pointer deference issue exists in GNU LibreDWG 0.10 via get_bmp ../../programs/dwgbmp.c:164.

CVE-2022-29004

Jul 4, 2026 23:40:44 UTC

Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php.