Common Vulnerabilities and Exposures (CVE)

CVE-2022-25090

Jul 5, 2026 00:05:30 UTC

Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation because of a race condition.

CVE-2022-35201

Jul 5, 2026 00:05:27 UTC

Tenda-AC18 V15.03.05.05 was discovered to contain a remote command execution (RCE) vulnerability.

CVE-2021-29048

Jul 5, 2026 00:05:22 UTC

Cross-site scripting (XSS) vulnerability in the Layout module's page administration page in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.2 before fix pack 11 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script ...

CVE-2021-46354

Jul 5, 2026 00:05:18 UTC

Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to other systems can allow the vulnerable se...

CVE-2022-35131

Jul 5, 2026 00:05:13 UTC

Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles.

CVE-2022-36202

Jul 5, 2026 00:05:09 UTC

Doctor's Appointment System1.0 is vulnerable to Incorrect Access Control via edoc/patient/settings.php. The settings.php is affected by Broken Access Control (IDOR) via id= parameter.

CVE-2020-25368

Jul 5, 2026 00:05:05 UTC

A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login.

CVE-2020-21836

Jul 5, 2026 00:05:00 UTC

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_preview ../../src/decode.c:3175.

CVE-2022-38555

Jul 5, 2026 00:04:56 UTC

Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name.

CVE-2022-22899

Jul 5, 2026 00:04:52 UTC

Core FTP / SFTP Server v2 Build 725 was discovered to allow unauthenticated attackers to cause a Denial of Service (DoS) via a crafted packet through the SSH service.

CVE-2021-40906

Jul 5, 2026 00:04:48 UTC

CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdoor on the device with HTML content and i...

CVE-2020-28859

Jul 5, 2026 00:04:44 UTC

OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for reflected cross-site scripting attacks.

CVE-2020-21883

Jul 5, 2026 00:04:40 UTC

Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover.

CVE-2022-28980

Jul 5, 2026 00:04:32 UTC

Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter_ prefix.

CVE-2020-25515

Jul 5, 2026 00:04:28 UTC

Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http://<site>/lms/index.php?page=books.