Common Vulnerabilities and Exposures (CVE)

CVE-2021-26215

Jul 9, 2026 00:12:39 UTC

SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditDocument.php.

CVE-2021-25878

Jul 9, 2026 00:12:38 UTC

AVideo/YouPHPTube 10.0 and prior is affected by multiple reflected Cross Script Scripting vulnerabilities via the videoName parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administr...

CVE-2021-25877

Jul 9, 2026 00:12:36 UTC

AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged user is able to write files on filesystem using flag and code variables in file save.php.

CVE-2021-25876

Jul 9, 2026 00:12:35 UTC

AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the u parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator.

CVE-2021-25875

Jul 9, 2026 00:12:34 UTC

AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the searchPhrase parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an...

CVE-2021-25874

Jul 9, 2026 00:12:33 UTC

AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases information such as application passwords hashes.

CVE-2021-25681

Jul 9, 2026 00:12:31 UTC

AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary ...

CVE-2021-25680

Jul 9, 2026 00:12:30 UTC

The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not pre...

CVE-2021-25679

Jul 9, 2026 00:12:29 UTC

The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have no...

CVE-2021-25299

Jul 9, 2026 00:12:28 UTC

Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when cli...

CVE-2021-25298

Jul 9, 2026 00:12:26 UTC

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled inp...

CVE-2021-25297

Jul 9, 2026 00:12:25 UTC

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input b...

CVE-2021-25296

Jul 9, 2026 00:12:24 UTC

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled...

CVE-2020-36012

Jul 9, 2026 00:12:23 UTC

Stored XSS vulnerability in BDTASK Multi-Store Inventory Management System 1.0 allows a local admin to inject arbitrary code via the Customer Name Field.

CVE-2020-36011

Jul 9, 2026 00:12:21 UTC

A cross-site scripting (XSS) issue in Add Patient Form in QDOCS Smart Hospital Management System 3.1 allows a remote attacker to inject arbitrary code via the Name, Guardian Name, Email, Address, Remarks, or Any Known Allergies field.