Common Vulnerabilities and Exposures (CVE)

CVE-2020-22168

Jul 4, 2026 23:33:15 UTC

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-emaild.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

CVE-2021-31659

Jul 4, 2026 23:33:03 UTC

TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is vulnerable to Cross Site Request Forgery (CSRF). All configuration information is placed in the URL, without any additional token authentication information. A malicious l...

CVE-2021-31673

Jul 4, 2026 23:32:54 UTC

A Dom-based Cross-site scripting (XSS) vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter.

CVE-2022-34530

Jul 4, 2026 23:32:50 UTC

An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames.

CVE-2020-25367

Jul 4, 2026 23:32:46 UTC

A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login.

CVE-2021-38268

Jul 4, 2026 23:32:42 UTC

The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.6, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 2 incorrectly sets default permissions for site members, ...

CVE-2022-23350

Jul 4, 2026 23:32:34 UTC

BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnerability.

CVE-2020-22552

Jul 4, 2026 23:32:30 UTC

The Snap7 server component in version 1.4.1, when an attacker sends a crafted packet with COTP protocol the last-data-unit flag set to No and S7 writes a var function, the Snap7 server will be crashed.

CVE-2022-26173

Jul 4, 2026 23:32:26 UTC

JForum v2.8.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via http://target_host:port/jforum-2.8.0/jforum.page, which allows attackers to arbitrarily add admin accounts.

CVE-2020-21731

Jul 4, 2026 23:32:22 UTC

Gazie 7.29 is affected by: Cross Site Scripting (XSS) via http://192.168.100.7/gazie/modules/config/admin_utente.php?user_name=amministratore&Update. An attacker can inject JavaScript code, and the webapplication stores the injected code.

CVE-2020-28707

Jul 4, 2026 23:32:14 UTC

The Stockdio Historical Chart plugin before 2.8.1 for WordPress is affected by Cross Site Scripting (XSS) via stockdio_chart_historical-wp.js in wp-content/plugins/stockdio-historical-chart/assets/ because the origin of a postMessage() even...

CVE-2022-25521

Jul 4, 2026 23:32:10 UTC

NUUO v03.11.00 was discovered to contain access control issue.

CVE-2022-38901

Jul 4, 2026 23:32:05 UTC

A Cross-site scripting (XSS) vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description fie...

CVE-2022-42116

Jul 4, 2026 23:31:57 UTC

A Cross-site scripting (XSS) vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject a...

CVE-2022-42113

Jul 4, 2026 23:31:53 UTC

A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the `redir...