Unknown · CVSS Not scored
EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. An attacker can bypass the Admin Login panel through SQLi and get Admin access and add or remove any user.
Published Dec 21, 2020 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Coastercms v5.8.18 is affected by cross-site Scripting (XSS). A user can steal a cookie and make the user redirect to any malicious website because it is trigged on the main home page of the product/application.
Published Dec 21, 2020 · Updated Jul 9, 2026
Unknown · CVSS Not scored
DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges. An attacker could compromise the security of a website or web application through a stored XSS attack and stealing cookies using XSS.
Published Dec 21, 2020 · Updated Jul 9, 2026
Unknown · CVSS Not scored
EgavilanMedia User Registration & Login System with Admin Panel 1.0 is affected by Cross Site Request Forgery (CSRF) to remotely gain privileges in the User Profile panel. An attacker can update any user's account.
Published Dec 21, 2020 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Invision Community 4.5.4 is affected by cross-site scripting (XSS) in the Field Name field. This vulnerability can allow an attacker to inject the XSS payload in Field Name and each time any user will open that, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.
Published Dec 30, 2020 · Updated Jul 9, 2026
Unknown · CVSS Not scored
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin Panel. An attacker can inject the XSS payload in Page keywords and each time any user will visit the website, the XSS triggers, and the attacker can able to steal the cookie according to the crafted payload.
Published Dec 24, 2020 · Updated Jul 9, 2026
Unknown · CVSS Not scored
EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by cross-site scripting (XSS) in the Admin Profile Page. This vulnerability can result in the attacker injecting the XSS payload in Admin Full Name and each time admin visits the Profile page from the admin panel, the XSS triggers.
Published Dec 30, 2020 · Updated Jul 9, 2026
Unknown · CVSS Not scored
EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by cross-site scripting (XSS) in the Admin Panel - Manage User tab using the Full Name of the user. This vulnerability can result in the attacker injecting the XSS payload in the User Registration section and each time admin visits the manage user section from the admin panel, the XSS triggers and the attacker can steal the cookie according to the crafted payload.
Published Dec 30, 2020 · Updated Jul 9, 2026
Unknown · CVSS Not scored
EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by SQL injection in the User Login Page.
Published Dec 30, 2020 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Incorrect Access Control vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated attackers to bypass read-only restriction and obtain full access to any folder within the NAS
Published Dec 24, 2020 · Updated Jul 9, 2026
Unknown · CVSS Not scored
OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated attackers to gain access to potentially sensitive project information stored by the application.
Published Dec 14, 2020 · Updated Jul 9, 2026
Unknown · CVSS Not scored
OpenAssetDigital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input, incorporating it into its SQL queries, allowing for authenticated blind SQL injection.
Published Dec 14, 2020 · Updated Jul 9, 2026
Unknown · CVSS Not scored
OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for reflected cross-site scripting attacks.
Published Dec 14, 2020 · Updated Jul 9, 2026
Unknown · CVSS Not scored
OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly verify whether a request made to the application was intentionally made by the user, allowing for cross-site request forgery attacks on all user functions.
Published Dec 14, 2020 · Updated Jul 9, 2026
Unknown · CVSS Not scored
OpenAsset Digital Asset Management (DAM) through 12.0.19, does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for stored cross-site scripting attacks.
Published Dec 14, 2020 · Updated Jul 9, 2026
Unknown · CVSS Not scored
OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing attackers to spoof it using X-Forwarded-For in the header, by supplying localhost address such as 127.0.0.1, effectively bypassing all IP address based access controls.
Published Dec 14, 2020 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Cross-site scripting (XSS) exists in SeedDMS 6.0.13 via the folderid parameter to views/bootstrap/class.DropFolderChooser.php.
Published Dec 7, 2020 · Updated Jul 9, 2026
Unknown · CVSS Not scored
An issue was discovered in Mahavitaran android application 7.50 and below, allows local attackers to read cleartext username and password while the user is logged into the application.
Published Dec 7, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php.
Published Dec 22, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function.
Published Dec 22, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Cross Site Scripting (XSS) in redirect module of Racktables version 0.21.2, allows an attacker to inject arbitrary web script or HTML via the op parameter.
Published Dec 7, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
In Saibo Cyber Game Accelerator 3.7.9 there is a local privilege escalation vulnerability. Attackers can use the constructed program to increase user privileges
Published Dec 3, 2020 · Updated Jul 4, 2026
High · CVSS 7
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Published Dec 9, 2020 · Updated Jun 10, 2026
High · CVSS 7.4
Azure SDK for Java Security Feature Bypass Vulnerability
Published Dec 9, 2020 · Updated Jun 9, 2026
Medium · CVSS 4.3
Microsoft Edge for Android Spoofing Vulnerability
Published Dec 9, 2020 · Updated Jun 9, 2026
Medium · CVSS 5.4
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
Published Dec 9, 2020 · Updated Jun 9, 2026
High · CVSS 8.1
Windows SMB Information Disclosure Vulnerability
Published Dec 9, 2020 · Updated Jun 9, 2026
Medium · CVSS 6.5
Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability
Published Dec 9, 2020 · Updated Jun 9, 2026
Medium · CVSS 4.2
Chakra Scripting Engine Memory Corruption Vulnerability
Published Dec 9, 2020 · Updated Jun 9, 2026
Medium · CVSS 6.5
Microsoft Excel Security Feature Bypass Vulnerability
Published Dec 9, 2020 · Updated Jun 9, 2026
High · CVSS 7.8
Microsoft Excel Remote Code Execution Vulnerability
Published Dec 9, 2020 · Updated Jun 9, 2026
High · CVSS 7.8
Microsoft Excel Remote Code Execution Vulnerability
Published Dec 9, 2020 · Updated Jun 9, 2026
High · CVSS 7.8
Microsoft Excel Remote Code Execution Vulnerability
Published Dec 9, 2020 · Updated Jun 9, 2026
Medium · CVSS 5.5
Microsoft Excel Information Disclosure Vulnerability
Published Dec 9, 2020 · Updated Jun 9, 2026
High · CVSS 7.8
Microsoft Excel Remote Code Execution Vulnerability
Published Dec 9, 2020 · Updated Jun 9, 2026
High · CVSS 7.8
Microsoft PowerPoint Remote Code Execution Vulnerability
Published Dec 9, 2020 · Updated Jun 9, 2026
High · CVSS 7.8
Microsoft Excel Remote Code Execution Vulnerability
Published Dec 9, 2020 · Updated Jun 9, 2026
High · CVSS 7.8
Microsoft Excel Remote Code Execution Vulnerability
Published Dec 9, 2020 · Updated Jun 9, 2026
High · CVSS 8.8
Microsoft SharePoint Remote Code Execution Vulnerability
Published Dec 9, 2020 · Updated Jun 9, 2026
Medium · CVSS 5.3
Microsoft SharePoint Information Disclosure Vulnerability
Published Dec 9, 2020 · Updated Jun 9, 2026
High · CVSS 8
Microsoft SharePoint Server Spoofing Vulnerability
Published Dec 9, 2020 · Updated Jun 9, 2026
Medium · CVSS 6.5
Kerberos Security Feature Bypass Vulnerability
Published Dec 9, 2020 · Updated Jun 9, 2026
High · CVSS 7.4
Azure SDK for C Security Feature Bypass Vulnerability
Published Dec 9, 2020 · Updated Jun 9, 2026
High · CVSS 7.8
Windows Backup Engine Elevation of Privilege Vulnerability
Published Dec 9, 2020 · Updated Jun 9, 2026
High · CVSS 7.8
Windows Backup Engine Elevation of Privilege Vulnerability
Published Dec 9, 2020 · Updated Jun 9, 2026
High · CVSS 7.8
Windows Backup Engine Elevation of Privilege Vulnerability
Published Dec 9, 2020 · Updated Jun 9, 2026
High · CVSS 7.8
Windows Backup Engine Elevation of Privilege Vulnerability
Published Dec 9, 2020 · Updated Jun 9, 2026
High · CVSS 7.8
Windows Backup Engine Elevation of Privilege Vulnerability
Published Dec 9, 2020 · Updated Jun 9, 2026
High · CVSS 7.8
Windows Backup Engine Elevation of Privilege Vulnerability
Published Dec 9, 2020 · Updated Jun 9, 2026
High · CVSS 7.8
Windows Backup Engine Elevation of Privilege Vulnerability
Published Dec 9, 2020 · Updated Jun 9, 2026