Common Vulnerabilities and Exposures (CVE)

CVE-2021-45808

Jul 4, 2026 23:54:54 UTC

jpress v4.2.0 allows users to register an account by default. With the account, user can upload arbitrary files to the server.

CVE-2021-35506

Jul 4, 2026 23:54:50 UTC

Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action.

CVE-2022-27461

Jul 4, 2026 23:54:46 UTC

In nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authenticate to a nopCommerce page by clicking on a crafted link.

CVE-2020-21839

Jul 4, 2026 23:54:42 UTC

An issue was discovered in GNU LibreDWG 0.10. Crafted input will lead to an memory leak in dwg_decode_eed ../../src/decode.c:3638.

CVE-2020-24841

Jul 4, 2026 23:54:38 UTC

PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in /browse.jsp. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying data...

CVE-2022-29649

Jul 4, 2026 23:54:34 UTC

Qsmart Next v4.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability.

CVE-2021-31674

Jul 4, 2026 23:54:30 UTC

Cyclos 4 PRO 4.14.7 and before does not validate user input at error inform, which allows remote unauthenticated attacker to execute javascript code via undefine enum constant.

CVE-2022-30023

Jul 4, 2026 23:54:26 UTC

Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function.

CVE-2021-29049

Jul 4, 2026 23:54:21 UTC

Cross-site scripting (XSS) vulnerability in the Portal Workflow module's edit process page in Liferay DXP 7.0 before fix pack 99, 7.1 before fix pack 23, 7.2 before fix pack 12 and 7.3 before fix pack 1, allows remote attackers to inject ar...

CVE-2020-24285

Jul 4, 2026 23:54:17 UTC

INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx.

CVE-2020-35276

Jul 4, 2026 23:54:13 UTC

EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. An attacker can bypass the Admin Login panel through SQLi and get Admin access and add or remove any user.

CVE-2020-27388

Jul 4, 2026 23:54:08 UTC

Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issue...

CVE-2020-21843

Jul 4, 2026 23:54:04 UTC

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_RC ../../src/bits.c:318.

CVE-2021-28993

Jul 4, 2026 23:53:59 UTC

Plixer Scrutinizer 19.0.2 is affected by: SQL Injection. The impact is: obtain sensitive information (remote).

CVE-2021-37345

Jul 4, 2026 23:53:55 UTC

Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions.