Common Vulnerabilities and Exposures (CVE)

CVE-2021-36668

Jul 4, 2026 23:43:25 UTC

URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary url via the port parameter to the Electron App.

CVE-2022-24992

Jul 4, 2026 23:43:21 UTC

A vulnerability in the component process.php of QR Code Generator v5.2.7 allows attackers to perform directory traversal.

CVE-2020-21818

Jul 4, 2026 23:43:08 UTC

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:48.

CVE-2021-42216

Jul 4, 2026 23:43:04 UTC

A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php.

CVE-2021-43159

Jul 4, 2026 23:43:00 UTC

A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the setSessionTime function in /cgi-bin/luci/api/common..

CVE-2021-42638

Jul 4, 2026 23:42:56 UTC

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitize user input resulting in pre-auth remote code execution.

CVE-2020-26679

Jul 4, 2026 23:42:51 UTC

vFairs 3.3 is affected by Insecure Permissions. Any user logged in to a vFairs virtual conference or event can modify any other users profile information or profile picture. After receiving any user's unique identification number and their ...

CVE-2020-24913

Jul 4, 2026 23:42:43 UTC

A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.

CVE-2021-44087

Jul 4, 2026 23:42:38 UTC

A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows an unauthenticated remote attacker to upload a maliciously crafted PHP via photo upload.

CVE-2021-36582

Jul 4, 2026 23:42:30 UTC

In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., aspx) to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can b...

CVE-2022-37146

Jul 4, 2026 23:42:22 UTC

The PlexTrac platform prior to version 1.28.0 allows for username enumeration via HTTP response times on invalid login attempts for users configured to use the PlexTrac authentication provider. Login attempts for valid, unlocked users confi...

CVE-2020-23630

Jul 4, 2026 23:42:10 UTC

A blind SQL injection vulnerability exists in zzcms ver201910 based on time (cookie injection).

CVE-2021-38265

Jul 4, 2026 23:42:06 UTC

Cross-site scripting (XSS) vulnerability in the Asset module in Liferay Portal 7.3.4 through 7.3.6 allow remote attackers to inject arbitrary web script or HTML when creating a collection page via the _com_liferay_asset_list_web_portlet_Ass...

CVE-2021-36666

Jul 4, 2026 23:42:01 UTC

An issue was discovered in Druva 6.9.0 for MacOS, allows attackers to gain escalated local privileges via the inSyncDecommission.

CVE-2021-45783

Jul 4, 2026 23:41:53 UTC

Bookeen Notea Firmware BK_R_1.0.5_20210608 is affected by a directory traversal vulnerability that allows an attacker to obtain sensitive information.