Common Vulnerabilities and Exposures (CVE)

CVE-2022-25020

Jul 5, 2026 00:02:40 UTC

A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post.

CVE-2022-40028

Jul 5, 2026 00:02:28 UTC

SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML vi...

CVE-2021-27328

Jul 5, 2026 00:02:24 UTC

Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Traversal. An authenticated user can decrypt firmware and can read sensitive information, such as a password or decryption key.

CVE-2022-28093

Jul 5, 2026 00:02:12 UTC

SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a local file inclusion vulnerability which allow attackers to execute arbitrary code via a crafted PHP file.

CVE-2022-27985

Jul 5, 2026 00:02:08 UTC

CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php.

CVE-2022-36271

Jul 5, 2026 00:02:04 UTC

Outbyte PC Repair Installation File 1.7.112.7856 is vulnerable to Dll Hijacking. iertutil.dll is missing so an attacker can use a malicious dll with same name and can get admin privileges.

CVE-2021-31627

Jul 5, 2026 00:01:59 UTC

Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the index parameter.

CVE-2022-40029

Jul 5, 2026 00:01:54 UTC

SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML vi...

CVE-2020-27373

Jul 5, 2026 00:01:46 UTC

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to Plain text command over BLE.

CVE-2021-41653

Jul 5, 2026 00:01:42 UTC

The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.

CVE-2020-24175

Jul 5, 2026 00:01:38 UTC

Buffer overflow in Yz1 0.30 and 0.32, as used in IZArc 4.4, ZipGenius 6.3.2.3116, and Explzh (extension) 8.14, allows attackers to execute arbitrary code via a crafted archive file, related to filename handling.

CVE-2017-15684

Jul 5, 2026 00:01:34 UTC

Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system.

CVE-2022-26595

Jul 5, 2026 00:01:30 UTC

Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the ...

CVE-2021-43687

Jul 5, 2026 00:01:22 UTC

chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability in /plugin/jcapture/applet.php if an attacker passes a message hex2bin in the cookie.

CVE-2021-34110

Jul 5, 2026 00:01:13 UTC

WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowing a local unprivileged user to replace the executable with a malicious file that will be executed with "LocalSystem" privileges.