Common Vulnerabilities and Exposures (CVE)

CVE-2022-33047

Jul 4, 2026 23:35:13 UTC

OTFCC v0.10.4 was discovered to contain a heap buffer overflow after free via otfccbuild.c.

CVE-2022-29704

Jul 4, 2026 23:35:09 UTC

BrowsBox CMS v4.0 was discovered to contain a SQL injection vulnerability.

CVE-2021-42635

Jul 4, 2026 23:35:05 UTC

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APP_KEY value, leading to pre-auth remote code execution.

CVE-2022-40123

Jul 4, 2026 23:35:01 UTC

mojoPortal v2.7 was discovered to contain a path traversal vulnerability via the "f" parameter at /DesignTools/CssEditor.aspx. This vulnerability allows authenticated attackers to read arbitrary files in the system.

CVE-2020-23450

Jul 4, 2026 23:34:57 UTC

Spiceworks Version <= 7.5.00107 is affected by XSS. Any name typed on Custom Groups function is vulnerable to stored XSS as they displayed on http://127.0.0.1/inventory/groups/ without output sanitization.

CVE-2022-34026

Jul 4, 2026 23:34:53 UTC

ICEcoder v8.1 allows attackers to execute a directory traversal.

CVE-2021-45806

Jul 4, 2026 23:34:48 UTC

jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code.

CVE-2022-37700

Jul 4, 2026 23:34:44 UTC

Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: URL : view-source:https://demo15.zentao.pm/user-login.html/zentao/index.php?mode=getconfig.

CVE-2020-26678

Jul 4, 2026 23:34:40 UTC

vFairs 3.3 is affected by Remote Code Execution. Any user logged in to a vFairs virtual conference or event can abuse the functionality to upload a profile picture in order to place a malicious PHP file on the server and gain code execution...

CVE-2022-22901

Jul 4, 2026 23:34:36 UTC

There is an Assertion in 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at parser_parse_function_arguments in /js/js-parser.c of JerryScript commit a6ab5e9.

CVE-2021-42633

Jul 4, 2026 23:34:32 UTC

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to SQL Injection, which may allow an attacker to access additional audit records.

CVE-2020-22983

Jul 4, 2026 23:34:28 UTC

A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL tas...

CVE-2020-26680

Jul 4, 2026 23:34:24 UTC

In vFairs 3.3, any user logged in to a vFairs virtual conference or event can modify any other users profile information to include a cross-site scripting payload. The user data stored by the database includes HTML tags that are intentional...

CVE-2021-31624

Jul 4, 2026 23:34:19 UTC

Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the urls parameter.

CVE-2020-28874

Jul 4, 2026 23:34:04 UTC

reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter).