Common Vulnerabilities and Exposures (CVE)

CVE-2021-29005

Jul 4, 2026 23:33:59 UTC

Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server.

CVE-2020-23546

Jul 4, 2026 23:33:50 UTC

IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted XBM file, related to a "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at F...

CVE-2022-33009

Jul 4, 2026 23:33:47 UTC

A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file.

CVE-2021-31721

Jul 4, 2026 23:33:42 UTC

Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an image title at the image upload stage.

CVE-2021-40904

Jul 4, 2026 23:33:36 UTC

The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. As a result, remote code execution is achieved. Successful...

CVE-2020-21814

Jul 4, 2026 23:33:32 UTC

A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlwescape ../../programs/escape.c:97.

CVE-2021-35503

Jul 4, 2026 23:33:24 UTC

Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs.

CVE-2021-29045

Jul 4, 2026 23:33:19 UTC

Cross-site scripting (XSS) vulnerability in the Redirect module's redirection administration page in Liferay Portal 7.3.2 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML vi...

CVE-2020-22168

Jul 4, 2026 23:33:15 UTC

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-emaild.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

CVE-2021-31659

Jul 4, 2026 23:33:03 UTC

TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is vulnerable to Cross Site Request Forgery (CSRF). All configuration information is placed in the URL, without any additional token authentication information. A malicious l...

CVE-2021-31673

Jul 4, 2026 23:32:54 UTC

A Dom-based Cross-site scripting (XSS) vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter.

CVE-2022-34530

Jul 4, 2026 23:32:50 UTC

An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames.

CVE-2020-25367

Jul 4, 2026 23:32:46 UTC

A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login.

CVE-2021-38268

Jul 4, 2026 23:32:42 UTC

The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.6, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 2 incorrectly sets default permissions for site members, ...

CVE-2022-23350

Jul 4, 2026 23:32:34 UTC

BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnerability.