Common Vulnerabilities and Exposures (CVE)

CVE-2021-46354

Jul 5, 2026 00:05:18 UTC

Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to other systems can allow the vulnerable se...

CVE-2022-35131

Jul 5, 2026 00:05:13 UTC

Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles.

CVE-2022-36202

Jul 5, 2026 00:05:09 UTC

Doctor's Appointment System1.0 is vulnerable to Incorrect Access Control via edoc/patient/settings.php. The settings.php is affected by Broken Access Control (IDOR) via id= parameter.

CVE-2020-25368

Jul 5, 2026 00:05:05 UTC

A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login.

CVE-2020-21836

Jul 5, 2026 00:05:00 UTC

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_preview ../../src/decode.c:3175.

CVE-2022-38555

Jul 5, 2026 00:04:56 UTC

Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name.

CVE-2022-22899

Jul 5, 2026 00:04:52 UTC

Core FTP / SFTP Server v2 Build 725 was discovered to allow unauthenticated attackers to cause a Denial of Service (DoS) via a crafted packet through the SSH service.

CVE-2021-40906

Jul 5, 2026 00:04:48 UTC

CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdoor on the device with HTML content and i...

CVE-2020-28859

Jul 5, 2026 00:04:44 UTC

OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for reflected cross-site scripting attacks.

CVE-2020-21883

Jul 5, 2026 00:04:40 UTC

Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover.

CVE-2022-28980

Jul 5, 2026 00:04:32 UTC

Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter_ prefix.

CVE-2020-25515

Jul 5, 2026 00:04:28 UTC

Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http://<site>/lms/index.php?page=books.

CVE-2020-22987

Jul 5, 2026 00:04:20 UTC

Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task.

CVE-2021-37291

Jul 5, 2026 00:04:15 UTC

An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the input_id POST parameter in index.php.

CVE-2021-37292

Jul 5, 2026 00:04:11 UTC

An Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 due to an undocumented backdoor account. A malicious user can log in using the backdor account with admin highest privileges and obtain ...