Common Vulnerabilities and Exposures (CVE)

CVE-2021-26787

Jul 5, 2026 00:07:08 UTC

A cross site scripting (XSS) vulnerability in Genesys Workforce Management 8.5.214.20 can occur (during record deletion) via the Time-off parameter.

CVE-2022-23352

Jul 5, 2026 00:06:58 UTC

An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS).

CVE-2022-26646

Jul 5, 2026 00:06:50 UTC

Online Banking System Protect v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the pages parameter.

CVE-2021-46117

Jul 5, 2026 00:06:39 UTC

jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.

CVE-2021-42875

Jul 5, 2026 00:06:34 UTC

TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function setDiagnosisCfg of the file lib/cste_modules/system.so to control the ipDoamin.

CVE-2020-21831

Jul 5, 2026 00:06:31 UTC

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_handles ../../src/decode.c:2637.

CVE-2020-20425

Jul 5, 2026 00:06:27 UTC

S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function.

CVE-2022-23383

Jul 5, 2026 00:06:23 UTC

YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user's personal home page can be realized. It is necessary to judge the user's login status before accessing the personal home page, but the vulnera...

CVE-2022-25590

Jul 5, 2026 00:06:13 UTC

SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the application.

CVE-2022-27260

Jul 5, 2026 00:06:05 UTC

An arbitrary file upload vulnerability in the file upload component of ButterCMS v1.2.8 allows attackers to execute arbitrary code via a crafted SVG file.

CVE-2022-27262

Jul 5, 2026 00:05:59 UTC

An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows attackers to execute arbitrary code via a crafted file.

CVE-2020-20586

Jul 5, 2026 00:05:51 UTC

A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password.

CVE-2021-42951

Jul 5, 2026 00:05:47 UTC

A Remote Code Execution (RCE) vulnerability exists in Algorithmia MSOL all versions before October 10 2021 of SaaS. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, the...

CVE-2020-28861

Jul 5, 2026 00:05:43 UTC

OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated attackers to gain access to potentially sensitive project information stored by the a...

CVE-2021-41672

Jul 5, 2026 00:05:35 UTC

PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection in utilisateurs.php. A user that belongs to the administrator group can inject a malicious SQL query in order to affect the execution logic of the application and retrive ...