Common Vulnerabilities and Exposures (CVE)

CVE-2020-21831

Jul 5, 2026 00:06:31 UTC

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_handles ../../src/decode.c:2637.

CVE-2020-20425

Jul 5, 2026 00:06:27 UTC

S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function.

CVE-2022-23383

Jul 5, 2026 00:06:23 UTC

YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user's personal home page can be realized. It is necessary to judge the user's login status before accessing the personal home page, but the vulnera...

CVE-2022-25590

Jul 5, 2026 00:06:13 UTC

SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the application.

CVE-2022-27260

Jul 5, 2026 00:06:05 UTC

An arbitrary file upload vulnerability in the file upload component of ButterCMS v1.2.8 allows attackers to execute arbitrary code via a crafted SVG file.

CVE-2022-27262

Jul 5, 2026 00:05:59 UTC

An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows attackers to execute arbitrary code via a crafted file.

CVE-2020-20586

Jul 5, 2026 00:05:51 UTC

A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password.

CVE-2021-42951

Jul 5, 2026 00:05:47 UTC

A Remote Code Execution (RCE) vulnerability exists in Algorithmia MSOL all versions before October 10 2021 of SaaS. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, the...

CVE-2020-28861

Jul 5, 2026 00:05:43 UTC

OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated attackers to gain access to potentially sensitive project information stored by the a...

CVE-2021-41672

Jul 5, 2026 00:05:35 UTC

PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection in utilisateurs.php. A user that belongs to the administrator group can inject a malicious SQL query in order to affect the execution logic of the application and retrive ...

CVE-2022-25090

Jul 5, 2026 00:05:30 UTC

Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation because of a race condition.

CVE-2022-35201

Jul 5, 2026 00:05:27 UTC

Tenda-AC18 V15.03.05.05 was discovered to contain a remote command execution (RCE) vulnerability.

CVE-2021-29048

Jul 5, 2026 00:05:22 UTC

Cross-site scripting (XSS) vulnerability in the Layout module's page administration page in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.2 before fix pack 11 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script ...

CVE-2021-46354

Jul 5, 2026 00:05:18 UTC

Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to other systems can allow the vulnerable se...

CVE-2022-35131

Jul 5, 2026 00:05:13 UTC

Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles.