Common Vulnerabilities and Exposures (CVE)

CVE-2022-25523

Jul 4, 2026 23:38:32 UTC

TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is exploited via a crafted POST request.

CVE-2021-29052

Jul 4, 2026 23:38:28 UTC

The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 does not check permissions in DataDefinitionResourceImpl.getSiteDataDefinitionByContentTypeByDataDefinitionKey, which allows remote authenti...

CVE-2021-29053

Jul 4, 2026 23:38:15 UTC

Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1 allow remote authenticated users to execute arbitrary SQL commands via the classPKField parameter to (1) CommerceChannelRelFinder.countByC_...

CVE-2022-37144

Jul 4, 2026 23:38:11 UTC

The PlexTrac platform prior to API version 1.17.0 does not restrict excessive MFA TOTP submission attempts. An unauthenticated remote attacker in possession of a valid username and password can bruteforce their way past MFA protections to l...

CVE-2020-25466

Jul 4, 2026 23:38:07 UTC

A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code.

CVE-2017-15685

Jul 4, 2026 23:37:53 UTC

Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.

CVE-2020-23446

Jul 4, 2026 23:37:41 UTC

Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API

CVE-2021-42639

Jul 4, 2026 23:37:37 UTC

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to multiple reflected cross site scripting vulnerabilities. Attacker controlled input is reflected back in the page without sanitization.

CVE-2022-24611

Jul 4, 2026 23:37:33 UTC

Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specification in Silicon Labs Z-Wave 500 series allows local attackers to block S0/S2 protected Z-Wave network via crafted S0 NonceGet Z-Wave packages, utilizing included but absent...

CVE-2021-27332

Jul 4, 2026 23:37:29 UTC

Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the class_name parameter to update_class.php.

CVE-2020-21815

Jul 4, 2026 23:37:13 UTC

A null pointer deference issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114, which causes a denial of service (application crash).

CVE-2022-26644

Jul 4, 2026 23:37:05 UTC

Online Banking System Protect v1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via parameters on user profile, system_info and accounts management.

CVE-2022-28979

Jul 4, 2026 23:37:00 UTC

Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a cross-site scripting (XSS) vulnerability in the Portal Search module's Custom Fac...

CVE-2020-24036

Jul 4, 2026 23:36:56 UTC

PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code.

CVE-2022-26281

Jul 4, 2026 23:36:48 UTC

BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue.