Common Vulnerabilities and Exposures (CVE)

CVE-2020-21046

Jul 4, 2026 23:59:14 UTC

A local privilege escalation vulnerability was identified within the "luminati_net_updater_win_eagleget_com" service in EagleGet Downloader version 2.1.5.20 Stable. This issue allows authenticated non-administrative user to escalate their p...

CVE-2020-28727

Jul 4, 2026 23:59:09 UTC

Cross-site scripting (XSS) exists in SeedDMS 6.0.13 via the folderid parameter to views/bootstrap/class.DropFolderChooser.php.

CVE-2020-29231

Jul 4, 2026 23:59:05 UTC

EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by cross-site scripting (XSS) in the Admin Profile Page. This vulnerability can result in the attacker injecting the XSS payload in Admin Full Name and each t...

CVE-2021-30109

Jul 4, 2026 23:59:00 UTC

Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting (XSS) vulnerability within the hyperlink creation module.

CVE-2021-36581

Jul 4, 2026 23:58:56 UTC

Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possible to upload any file extension to the server. The server does not verify the extension of the file and the tester was able to upload an aspx to the server.

CVE-2021-33425

Jul 4, 2026 23:58:53 UTC

A stored cross-site scripting (XSS) vulnerability was discovered in the Web Interface for OpenWRT LuCI version 19.07 which allows attackers to inject arbitrary Javascript in the OpenWRT Hostname via the Hostname Change operation.

CVE-2022-38512

Jul 4, 2026 23:58:36 UTC

The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web co...

CVE-2021-35505

Jul 4, 2026 23:58:32 UTC

Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary.

CVE-2020-29247

Jul 4, 2026 23:58:28 UTC

WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin Panel. An attacker can inject the XSS payload in Page keywords and each time any user will visit the website, the XSS triggers, and the attacker can able to steal the co...

CVE-2020-22986

Jul 4, 2026 23:58:20 UTC

Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task.

CVE-2021-29047

Jul 4, 2026 23:58:16 UTC

The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA c...

CVE-2021-42642

Jul 4, 2026 23:58:08 UTC

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the plaintext console username and password for a printer...

CVE-2021-29004

Jul 4, 2026 23:58:03 UTC

rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a websh...

CVE-2022-23346

Jul 4, 2026 23:57:58 UTC

BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues.

CVE-2021-26215

Jul 4, 2026 23:57:54 UTC

SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditDocument.php.