Common Vulnerabilities and Exposures (CVE)

CVE-2022-37145

Jul 5, 2026 00:00:52 UTC

The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configured to use the PlexTrac authentication provider. An unauthenticated remote attacker could perform a bruteforce attack on t...

CVE-2021-25680

Jul 5, 2026 00:00:48 UTC

The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not pre...

CVE-2020-25493

Jul 5, 2026 00:00:44 UTC

Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. The content of HTTP payload is encrypted using XOR with a hardcoded key, which allows for the possibility t...

CVE-2021-42877

Jul 5, 2026 00:00:36 UTC

TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system.

CVE-2021-27132

Jul 5, 2026 00:00:28 UTC

SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.

CVE-2021-42631

Jul 5, 2026 00:00:16 UTC

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes attacker controlled leading to pre-auth remote code execution.

CVE-2022-28977

Jul 5, 2026 00:00:07 UTC

HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be circumvented by using multiple forward s...

CVE-2020-19961

Jul 5, 2026 00:00:00 UTC

A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php.

CVE-2021-46116

Jul 4, 2026 23:59:56 UTC

jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall. The admin panel provides a function through which attackers can install templates and inject some malicious code.

CVE-2021-38269

Jul 4, 2026 23:59:52 UTC

Cross-site scripting (XSS) vulnerability in the Gogo Shell module in Liferay Portal 7.1.0 through 7.3.6 and 7.4.0, and Liferay DXP 7.1 before fix pack 23, 7.2 before fix pack 13, and 7.3 before fix pack 2 allows remote attackers to inject a...

CVE-2020-27518

Jul 4, 2026 23:59:43 UTC

All versions of Windscribe VPN for Mac and Windows <= v2.02.10 contain a local privilege escalation vulnerability in the WindscribeService component. A low privilege user could leverage several openvpn options to execute code as root/SYSTEM...

CVE-2020-21827

Jul 4, 2026 23:59:40 UTC

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2379.

CVE-2022-23347

Jul 4, 2026 23:59:36 UTC

BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks.

CVE-2021-43162

Jul 4, 2026 23:59:31 UTC

A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the runPackDiagnose function in /cgi-bin/luci/api/diagnose.

CVE-2022-25018

Jul 4, 2026 23:59:23 UTC

Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages.