Common Vulnerabilities and Exposures (CVE)

CVE-2022-24644

Jul 4, 2026 23:44:23 UTC

ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code execution vulnerability during an unauthenticated update. To exploit this vulnerability, a user must trigger an update of an affected installation of KeyMouse.

CVE-2020-28858

Jul 4, 2026 23:44:19 UTC

OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly verify whether a request made to the application was intentionally made by the user, allowing for cross-site request forgery attacks on all user functions.

CVE-2021-41945

Jul 4, 2026 23:44:15 UTC

Encode OSS httpx < 0.23.0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`.

CVE-2022-38553

Jul 4, 2026 23:44:07 UTC

Academy Learning Management System before v5.9.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter.

CVE-2020-21819

Jul 4, 2026 23:43:58 UTC

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641via htmlescape ../../programs/escape.c:51.

CVE-2022-30078

Jul 4, 2026 23:43:53 UTC

NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.1.11 and R6300_V2 firmware versions through R6300v2-V1.0.4.52_10.0.93 allow remote authenticated attackers to execute arbitrary command via shell metacharacters in the ipv6_fix...

CVE-2020-24914

Jul 4, 2026 23:43:49 UTC

A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request.

CVE-2020-35274

Jul 4, 2026 23:43:41 UTC

DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges. An attacker could compromise the security of a website or web application through a stored XSS attack and stealing cookies using...

CVE-2020-29477

Jul 4, 2026 23:43:37 UTC

Invision Community 4.5.4 is affected by cross-site scripting (XSS) in the Field Name field. This vulnerability can allow an attacker to inject the XSS payload in Field Name and each time any user will open that, the XSS triggers and the att...

CVE-2020-21732

Jul 4, 2026 23:43:33 UTC

Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). An attacker can add JavaScript code to the filename.

CVE-2022-28077

Jul 4, 2026 23:43:29 UTC

Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['s'] parameter.

CVE-2021-36668

Jul 4, 2026 23:43:25 UTC

URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary url via the port parameter to the Electron App.

CVE-2022-24992

Jul 4, 2026 23:43:21 UTC

A vulnerability in the component process.php of QR Code Generator v5.2.7 allows attackers to perform directory traversal.

CVE-2020-21818

Jul 4, 2026 23:43:08 UTC

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:48.

CVE-2021-42216

Jul 4, 2026 23:43:04 UTC

A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php.