Common Vulnerabilities and Exposures (CVE)

CVE-2018-5354

Jul 4, 2026 23:35:56 UTC

The custom GINA/CP module in ANIXIS Password Reset Client before version 3.22 allows remote attackers to execute code and escalate privileges via spoofing. When the client is configured to use HTTP, it does not authenticate the intended ser...

CVE-2021-29041

Jul 4, 2026 23:35:52 UTC

Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by (1) enabling Time-based One-time password ...

CVE-2017-15681

Jul 4, 2026 23:35:48 UTC

In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerability exists which allows unauthenticated attackers to overwrite files from the operating system which can lead to RCE.

CVE-2021-36665

Jul 4, 2026 23:35:44 UTC

An issue was discovered in Druva 6.9.0 for macOS, allows attackers to gain escalated local privileges via the inSyncUpgradeDaemon.

CVE-2021-26216

Jul 4, 2026 23:35:39 UTC

SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php.

CVE-2021-41435

Jul 4, 2026 23:35:26 UTC

A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX...

CVE-2021-25874

Jul 4, 2026 23:35:21 UTC

AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases information such as application passwords hashes.

CVE-2022-33047

Jul 4, 2026 23:35:13 UTC

OTFCC v0.10.4 was discovered to contain a heap buffer overflow after free via otfccbuild.c.

CVE-2022-29704

Jul 4, 2026 23:35:09 UTC

BrowsBox CMS v4.0 was discovered to contain a SQL injection vulnerability.

CVE-2021-42635

Jul 4, 2026 23:35:05 UTC

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APP_KEY value, leading to pre-auth remote code execution.

CVE-2022-40123

Jul 4, 2026 23:35:01 UTC

mojoPortal v2.7 was discovered to contain a path traversal vulnerability via the "f" parameter at /DesignTools/CssEditor.aspx. This vulnerability allows authenticated attackers to read arbitrary files in the system.

CVE-2020-23450

Jul 4, 2026 23:34:57 UTC

Spiceworks Version <= 7.5.00107 is affected by XSS. Any name typed on Custom Groups function is vulnerable to stored XSS as they displayed on http://127.0.0.1/inventory/groups/ without output sanitization.

CVE-2022-34026

Jul 4, 2026 23:34:53 UTC

ICEcoder v8.1 allows attackers to execute a directory traversal.

CVE-2021-45806

Jul 4, 2026 23:34:48 UTC

jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code.

CVE-2022-37700

Jul 4, 2026 23:34:44 UTC

Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: URL : view-source:https://demo15.zentao.pm/user-login.html/zentao/index.php?mode=getconfig.