Common Vulnerabilities and Exposures (CVE)

CVE-2024-3884

Jan 13, 2026 22:56:01 UTC

A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, t...

CVE-2020-36919

Jan 13, 2026 22:55:56 UTC

WPForms 1.7.8 contains a cross-site scripting vulnerability in the slider import search feature and tab parameter. Attackers can inject malicious scripts through the ListTable.php endpoint to execute arbitrary JavaScript in victim's browser...

CVE-2023-54341

Jan 13, 2026 22:52:10 UTC

Webgrind 1.1 and before contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts via the file parameter in index.php. The application does not sufficiently encode user-control...

CVE-2023-54340

Jan 13, 2026 22:52:10 UTC

WorkOrder CMS 0.1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login by manipulating username and password parameters. Attackers can inject malicious SQL queries using techniques like OR '1'='1' a...

CVE-2023-54339

Jan 13, 2026 22:52:09 UTC

Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated attackers to inject OS commands via the dataFile parameter in index.php. Attackers can execute arbitrary system commands by manipulating the dataFile...

CVE-2023-54338

Jan 13, 2026 22:52:09 UTC

Tftpd32 SE 4.60 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malic...

CVE-2023-54337

Jan 13, 2026 22:52:08 UTC

Sysax Multi Server 6.95 contains a denial of service vulnerability in the administrative password field that allows attackers to crash the application. Attackers can overwrite the password field with 800 bytes of repeated characters to trig...

CVE-2023-54336

Jan 13, 2026 22:52:08 UTC

Mediconta 3.7.27 contains an unquoted service path vulnerability in the servermedicontservice that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\me...

CVE-2023-54335

Jan 13, 2026 22:52:08 UTC

eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands ...

CVE-2023-54334

Jan 13, 2026 22:52:07 UTC

Explorer32++ 1.3.5.531 contains a buffer overflow vulnerability in Structured Exception Handler (SEH) records that allows attackers to execute arbitrary code. Attackers can exploit the vulnerability by providing a long file name argument ov...

CVE-2023-54331

Jan 13, 2026 22:52:06 UTC

Outline 1.6.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the OutlineService executabl...

CVE-2023-54330

Jan 13, 2026 22:52:05 UTC

Inbit Messenger versions 4.6.0 to 4.9.0 contain a remote stack-based buffer overflow vulnerability that allows unauthenticated attackers to execute arbitrary code by sending malformed network packets. Attackers can craft a specially designe...

CVE-2023-54329

Jan 13, 2026 22:52:05 UTC

Inbit Messenger 4.6.0 - 4.9.0 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by exploiting a stack overflow in the messenger's protocol. Attackers can send specially cra...

CVE-2023-54328

Jan 13, 2026 22:52:04 UTC

AimOne Video Converter 2.04 Build 103 contains a buffer overflow vulnerability in its registration form that causes application crashes. Attackers can generate a 7000-byte payload to trigger the denial of service and potentially exploit the...

CVE-2023-53984

Jan 13, 2026 22:52:04 UTC

Clevo HotKey Clipboard 2.1.0.6 contains an unquoted service path vulnerability in the HKClipSvc service that allows local non-privileged users to potentially execute code with system privileges. Attackers can exploit the misconfigured servi...