Common Vulnerabilities and Exposures (CVE)

CVE-2026-14688

Jul 5, 2026 01:00:12 UTC

A vulnerability was identified in itsourcecode Online Hotel Management System 1.0. The affected element is an unknown function of the file /admin/login.php. The manipulation of the argument email leads to sql injection. The attack may be in...

CVE-2024-41503

Jul 5, 2026 01:00:10 UTC

Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) in the field "Ttulo" (title) inside the filter Save option in the "Busca" (search) function.

CVE-2024-41502

Jul 5, 2026 01:00:06 UTC

Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) via the form field "Observaces" (observances) in the "Pessoas" (persons) section when creating or editing either a legal or a natural person.

CVE-2023-51142

Jul 5, 2026 01:00:00 UTC

An issue in ZKTeco BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information.

CVE-2023-47310

Jul 5, 2026 00:59:56 UTC

A misconfiguration in the default settings of MikroTik RouterOS 7 and fixed in v7.14 allows incoming IPv6 UDP traceroute packets.

CVE-2023-47031

Jul 5, 2026 00:59:52 UTC

An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization SOAP API component.

CVE-2023-44915

Jul 5, 2026 00:59:48 UTC

A cross-site scripting (XSS) vulnerability in the component /Login.php of c3crm up to v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the login_error parameter.

CVE-2025-45343

Jul 5, 2026 00:59:44 UTC

An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the editing functionality of the account module in the goform/setmodules route.

CVE-2025-44619

Jul 5, 2026 00:59:40 UTC

Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi network, allowing attackers to join the network without authentication.

CVE-2024-57529

Jul 5, 2026 00:59:36 UTC

Cross Site Scripting vulnerability in Jeppesen JetPlanner Pro v.1.6.2.20 allows a remote attacker to execute arbitrary code.

CVE-2023-38952

Jul 5, 2026 00:59:32 UTC

Insecure access control in ZKTeco BioTime through 9.0.1 allows authenticated attackers to escalate their privileges due to the fact that session ids are not validated for the type of user accessing the application by default. Privilege rest...

CVE-2025-45242

Jul 5, 2026 00:59:28 UTC

Rhymix v2.1.22 was discovered to contain an arbitrary file deletion vulnerability via the procFileAdminEditImage method in /file/file.admin.controller.php.

CVE-2025-45236

Jul 5, 2026 00:59:24 UTC

A stored cross-site scripting (XSS) vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter.

CVE-2025-28200

Jul 5, 2026 00:59:20 UTC

Victure RX1800 EN_V1.0.0_r12_110933 was discovered to utilize a weak default password which includes the last 8 digits of the Mac address.

CVE-2025-25504

Jul 5, 2026 00:59:15 UTC

An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC (In AV over IP products) v1.85h, v1.86v, and v1.70 allows attackers with network access to connect to the device over TCP port 4444 without authentication and execute arbitrary c...