Common Vulnerabilities and Exposures (CVE)

CVE-2020-35275

Jul 4, 2026 23:47:23 UTC

Coastercms v5.8.18 is affected by cross-site Scripting (XSS). A user can steal a cookie and make the user redirect to any malicious website because it is trigged on the main home page of the product/application.

CVE-2022-40027

Jul 4, 2026 23:47:14 UTC

SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newTask.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted p...

CVE-2020-29238

Jul 4, 2026 23:47:10 UTC

An integer buffer overflow in the Nginx webserver of ExpressVPN Router version 1 allows remote attackers to obtain sensitive information when the server running as reverse proxy via specially crafted request.

CVE-2020-29228

Jul 4, 2026 23:47:01 UTC

EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by SQL injection in the User Login Page.

CVE-2021-43161

Jul 4, 2026 23:46:57 UTC

A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the doSwitchApi function in /cgi-bin/luci/api/switch.

CVE-2020-20950

Jul 4, 2026 23:46:45 UTC

Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by mak...

CVE-2021-40650

Jul 4, 2026 23:46:41 UTC

In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the secure flag set.

CVE-2020-21228

Jul 4, 2026 23:46:36 UTC

JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie.

CVE-2020-21844

Jul 4, 2026 23:46:28 UTC

GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. The impact is: execute arbitrary code (remote). The component is: read_2004_section_header ../../src/decode.c:2580.

CVE-2022-36526

Jul 4, 2026 23:46:19 UTC

D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Authentication Bypass via function phpcgi_main in cgibin.

CVE-2020-20585

Jul 4, 2026 23:46:15 UTC

A blind SQL injection in /admin/?n=logs&c=index&a=dode of Metinfo 7.0 beta allows attackers to access sensitive database information.

CVE-2021-25878

Jul 4, 2026 23:46:06 UTC

AVideo/YouPHPTube 10.0 and prior is affected by multiple reflected Cross Script Scripting vulnerabilities via the videoName parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administr...

CVE-2020-21842

Jul 4, 2026 23:45:55 UTC

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_revhistory ../../src/decode.c:3051.

CVE-2020-35273

Jul 4, 2026 23:45:51 UTC

EgavilanMedia User Registration & Login System with Admin Panel 1.0 is affected by Cross Site Request Forgery (CSRF) to remotely gain privileges in the User Profile panel. An attacker can update any user's account.

CVE-2022-36530

Jul 4, 2026 23:45:46 UTC

An issue was discovered in rageframe2 2.6.37. There is a XSS vulnerability in the user agent related parameters of the info.php page.