Common Vulnerabilities and Exposures (CVE)

CVE-2020-26678

Jul 4, 2026 23:34:40 UTC

vFairs 3.3 is affected by Remote Code Execution. Any user logged in to a vFairs virtual conference or event can abuse the functionality to upload a profile picture in order to place a malicious PHP file on the server and gain code execution...

CVE-2022-22901

Jul 4, 2026 23:34:36 UTC

There is an Assertion in 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at parser_parse_function_arguments in /js/js-parser.c of JerryScript commit a6ab5e9.

CVE-2021-42633

Jul 4, 2026 23:34:32 UTC

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to SQL Injection, which may allow an attacker to access additional audit records.

CVE-2020-22983

Jul 4, 2026 23:34:28 UTC

A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL tas...

CVE-2020-26680

Jul 4, 2026 23:34:24 UTC

In vFairs 3.3, any user logged in to a vFairs virtual conference or event can modify any other users profile information to include a cross-site scripting payload. The user data stored by the database includes HTML tags that are intentional...

CVE-2021-31624

Jul 4, 2026 23:34:19 UTC

Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the urls parameter.

CVE-2020-28874

Jul 4, 2026 23:34:04 UTC

reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter).

CVE-2021-29005

Jul 4, 2026 23:33:59 UTC

Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server.

CVE-2020-23546

Jul 4, 2026 23:33:50 UTC

IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted XBM file, related to a "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at F...

CVE-2022-33009

Jul 4, 2026 23:33:47 UTC

A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file.

CVE-2021-31721

Jul 4, 2026 23:33:42 UTC

Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an image title at the image upload stage.

CVE-2021-40904

Jul 4, 2026 23:33:36 UTC

The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. As a result, remote code execution is achieved. Successful...

CVE-2020-21814

Jul 4, 2026 23:33:32 UTC

A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlwescape ../../programs/escape.c:97.

CVE-2021-35503

Jul 4, 2026 23:33:24 UTC

Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs.

CVE-2021-29045

Jul 4, 2026 23:33:19 UTC

Cross-site scripting (XSS) vulnerability in the Redirect module's redirection administration page in Liferay Portal 7.3.2 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML vi...