Common Vulnerabilities and Exposures (CVE)

CVE-2021-28937

Jul 9, 2026 00:12:57 UTC

The /password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) contains the administrator account password in plaintext. The page can be intercepted on HTTP.

CVE-2021-28936

Jul 9, 2026 00:12:56 UTC

The Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Web management administrator password can be changed by sending a specially crafted HTTP GET request. The administrator username has to be known (default:admin) whereas no previous aut...

CVE-2021-28927

Jul 9, 2026 00:12:55 UTC

The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that...

CVE-2021-28860

Jul 9, 2026 00:12:54 UTC

In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties of an object via '__proto__' through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will p...

CVE-2021-28235

Jul 9, 2026 00:12:52 UTC

Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.

CVE-2021-27990

Jul 9, 2026 00:12:51 UTC

Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities.

CVE-2021-27821

Jul 9, 2026 00:12:50 UTC

The Web Interface for OpenWRT LuCI version 19.07 and lower has been discovered to have a cross-site scripting vulnerability.

CVE-2021-27715

Jul 9, 2026 00:12:49 UTC

An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass the authentication and execute arbitrary code via crafted HTTP request.

CVE-2021-27695

Jul 9, 2026 00:12:47 UTC

Multiple stored cross-site scripting (XSS) vulnerabilities in openMAINT 2.1-3.3-b allow remote attackers to inject arbitrary web script or HTML via any "Add" sections, such as Add Card Building & Floor, or others in the Name and Code Parame...

CVE-2021-27676

Jul 9, 2026 00:12:46 UTC

Centreon version 20.10.2 is affected by a cross-site scripting (XSS) vulnerability. The dep_description (Dependency Description) and dep_name (Dependency Name) parameters are vulnerable to stored XSS. A user has to log in and go to the Conf...

CVE-2021-27332

Jul 9, 2026 00:12:45 UTC

Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the class_name parameter to update_class.php.

CVE-2021-27328

Jul 9, 2026 00:12:44 UTC

Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Traversal. An authenticated user can decrypt firmware and can read sensitive information, such as a password or decryption key.

CVE-2021-27132

Jul 9, 2026 00:12:42 UTC

SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.

CVE-2021-26787

Jul 9, 2026 00:12:41 UTC

A cross site scripting (XSS) vulnerability in Genesys Workforce Management 8.5.214.20 can occur (during record deletion) via the Time-off parameter.

CVE-2021-26216

Jul 9, 2026 00:12:40 UTC

SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php.