Common Vulnerabilities and Exposures (CVE)

CVE-2022-36202

Jul 5, 2026 00:05:09 UTC

Doctor's Appointment System1.0 is vulnerable to Incorrect Access Control via edoc/patient/settings.php. The settings.php is affected by Broken Access Control (IDOR) via id= parameter.

CVE-2020-25368

Jul 5, 2026 00:05:05 UTC

A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login.

CVE-2020-21836

Jul 5, 2026 00:05:00 UTC

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_preview ../../src/decode.c:3175.

CVE-2022-38555

Jul 5, 2026 00:04:56 UTC

Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name.

CVE-2022-22899

Jul 5, 2026 00:04:52 UTC

Core FTP / SFTP Server v2 Build 725 was discovered to allow unauthenticated attackers to cause a Denial of Service (DoS) via a crafted packet through the SSH service.

CVE-2021-40906

Jul 5, 2026 00:04:48 UTC

CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdoor on the device with HTML content and i...

CVE-2020-28859

Jul 5, 2026 00:04:44 UTC

OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for reflected cross-site scripting attacks.

CVE-2020-21883

Jul 5, 2026 00:04:40 UTC

Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover.

CVE-2022-28980

Jul 5, 2026 00:04:32 UTC

Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter_ prefix.

CVE-2020-25515

Jul 5, 2026 00:04:28 UTC

Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http://<site>/lms/index.php?page=books.

CVE-2020-22987

Jul 5, 2026 00:04:20 UTC

Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task.

CVE-2021-37291

Jul 5, 2026 00:04:15 UTC

An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the input_id POST parameter in index.php.

CVE-2021-37292

Jul 5, 2026 00:04:11 UTC

An Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 due to an undocumented backdoor account. A malicious user can log in using the backdor account with admin highest privileges and obtain ...

CVE-2021-36512

Jul 5, 2026 00:04:07 UTC

An issue was discovered in function scanallsubs in src/sbbs3/scansubs.cpp in Synchronet BBS, which may allow attackers to view sensitive information due to an uninitialized value.

CVE-2021-42237

Jul 5, 2026 00:04:04 UTC

Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required ...