Common Vulnerabilities and Exposures (CVE)

CVE-2020-19964

Jul 4, 2026 23:41:49 UTC

A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication.

CVE-2021-35504

Jul 4, 2026 23:41:45 UTC

Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary.

CVE-2022-40030

Jul 4, 2026 23:41:37 UTC

SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at changeStatus.php.

CVE-2022-37775

Jul 4, 2026 23:41:33 UTC

Genesys PureConnect Interaction Web Tools Chat Service (up to at least 26- September- 2019) allows XSS within the Printable Chat History via the participant -> name JSON POST parameter.

CVE-2020-28856

Jul 4, 2026 23:41:29 UTC

OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing attackers to spoof it using X-Forwarded-For in the header, by supplying localhost address such as 127....

CVE-2022-36262

Jul 4, 2026 23:41:21 UTC

An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php.

CVE-2022-26197

Jul 4, 2026 23:41:17 UTC

Joget DX 7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Datalist table.

CVE-2022-28978

Jul 4, 2026 23:41:12 UTC

Stored cross-site scripting (XSS) vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3...

CVE-2021-42872

Jul 4, 2026 23:41:00 UTC

TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely execute arbitrary code.

CVE-2022-28118

Jul 4, 2026 23:40:56 UTC

SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in.

CVE-2022-28102

Jul 4, 2026 23:40:52 UTC

A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel Generator v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected at /edit-db.php.

CVE-2020-21834

Jul 4, 2026 23:40:48 UTC

A null pointer deference issue exists in GNU LibreDWG 0.10 via get_bmp ../../programs/dwgbmp.c:164.

CVE-2022-29004

Jul 4, 2026 23:40:44 UTC

Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php.

CVE-2022-32450

Jul 4, 2026 23:40:40 UTC

AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own %APPDATA% folder (used for ad.trace and chat) but the product runs as SYSTEM when writing chat-room data there.

CVE-2021-36460

Jul 4, 2026 23:40:36 UTC

VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account's password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration and changing of passwords. This allows a...