Common Vulnerabilities and Exposures (CVE)

CVE-2022-24611

Jul 4, 2026 23:37:33 UTC

Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specification in Silicon Labs Z-Wave 500 series allows local attackers to block S0/S2 protected Z-Wave network via crafted S0 NonceGet Z-Wave packages, utilizing included but absent...

CVE-2021-27332

Jul 4, 2026 23:37:29 UTC

Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the class_name parameter to update_class.php.

CVE-2020-21815

Jul 4, 2026 23:37:13 UTC

A null pointer deference issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114, which causes a denial of service (application crash).

CVE-2022-26644

Jul 4, 2026 23:37:05 UTC

Online Banking System Protect v1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via parameters on user profile, system_info and accounts management.

CVE-2022-28979

Jul 4, 2026 23:37:00 UTC

Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a cross-site scripting (XSS) vulnerability in the Portal Search module's Custom Fac...

CVE-2020-24036

Jul 4, 2026 23:36:56 UTC

PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code.

CVE-2022-26281

Jul 4, 2026 23:36:48 UTC

BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue.

CVE-2021-25299

Jul 4, 2026 23:36:44 UTC

Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when cli...

CVE-2022-29641

Jul 4, 2026 23:36:40 UTC

TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the startTime and endTime parameters in the function setParentalRules. This vulnerability allows attackers to cause a Denial...

CVE-2022-29005

Jul 4, 2026 23:36:36 UTC

Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname or l...

CVE-2022-25089

Jul 4, 2026 23:36:32 UTC

Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly uses Privileged APIs to modify values in HKEY_LOCAL_MACHINE via UITasks.PersistentRegistryData.

CVE-2020-21816

Jul 4, 2026 23:36:28 UTC

A heab based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:46.

CVE-2020-27509

Jul 4, 2026 23:36:19 UTC

Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to 5.6.11.5 allows an attacker to perform an account takeover by intercepting the HTTP Post request when sending an email and injecting a specially crafted XSS payload in the 'sub...

CVE-2022-30075

Jul 4, 2026 23:36:12 UTC

In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation.

CVE-2022-37251

Jul 4, 2026 23:36:00 UTC

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts.