Low · CVSS 3.8
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal.
Published Jan 2, 2024 · Updated Jul 9, 2026
Low · CVSS 3.8
SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal.
Published Jan 2, 2024 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Directory Traversal vulnerability in Server functionalty in Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code.
Published Aug 16, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A XML External Entity (XXE) vulnerability was discovered in symphony\lib\toolkit\class.xmlelement.php in Symphony 2.7.10 which can lead to an information disclosure or denial of service (DOS).
Published Oct 31, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http://<site>/lms/index.php?page=books.
Published Sep 22, 2020 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http://<site>/lms/admin.php.
Published Sep 22, 2020 · Updated Jul 9, 2026
High · CVSS 7.8
Cybereason EDR version 19.1.282 and above, 19.2.182 and above, 20.1.343 and above, and 20.2.X and above has a DLL hijacking vulnerability, which could allow a local attacker to execute code with elevated privileges.
Published Jan 20, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Cross Site Scripting (XSS) vulnerability in Beetel router 777VR1 can be exploited via the NTP server name in System Time and "Keyword" in URL Filter.
Published Jan 6, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. The content of HTTP payload is encrypted using XOR with a hardcoded key, which allows for the possibility to decode the traffic.
Published Feb 11, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php.
Published Sep 22, 2020 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code.
Published Oct 23, 2020 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login.
Published Nov 4, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login.
Published Nov 4, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors.
Published Nov 4, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request.
Published Mar 4, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.
Published Mar 4, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users.
Published Mar 4, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in /browse.jsp. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Published Feb 16, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal network resources or leak files from the local system via HTML containers embedded in a dossier/dashboard document. NOTE: 10.4., no fix will be released as version will reach end-of-life on 31/12/2020.
Published Nov 24, 2020 · Updated Jul 9, 2026
Unknown · CVSS Not scored
INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx.
Published Apr 12, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A Cross-site scripting (XSS) vulnerability in 'user-profile.php' in SourceCodester Daily Tracker System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'fullname' parameter.
Published Sep 9, 2020 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A SQL injection vulnerability in login in Sourcecodetester Daily Tracker System 1.0 allows unauthenticated user to execute authentication bypass with SQL injection via the email parameter.
Published Sep 3, 2020 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Buffer overflow in Yz1 0.30 and 0.32, as used in IZArc 4.4, ZipGenius 6.3.2.3116, and Explzh (extension) 8.14, allows attackers to execute arbitrary code via a crafted archive file, related to filename handling.
Published Feb 22, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code.
Published Mar 4, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramData\Ilex\S&G\Logs\000-sngWSService1.log.
Published Nov 10, 2020 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A blind SQL injection vulnerability exists in zzcms ver201910 based on time (cookie injection).
Published Jan 11, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted XBM file, related to a "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FORMATS!ReadMosaic+0x0000000000000981.
Published Oct 28, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function.
Published Sep 15, 2020 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Spiceworks Version <= 7.5.00107 is affected by XSS. Any name typed on Custom Groups function is vulnerable to stored XSS as they displayed on http://127.0.0.1/inventory/groups/ without output sanitization.
Published Sep 1, 2020 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API
Published Sep 22, 2020 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Microweber v1.1.18 is affected by no session expiry after log-out.
Published Nov 9, 2020 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task.
Published May 12, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task.
Published May 12, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task.
Published May 12, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig task.
Published May 12, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task.
Published May 13, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Directory traversal vulnerability in Jinfornet Jreport 15.6 allows unauthenticated attackers to gain sensitive information.
Published Jul 27, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
The Snap7 server component in version 1.4.1, when an attacker sends a crafted packet with COTP protocol the last-data-unit flag set to No and S7 writes a var function, the Snap7 server will be crashed.
Published Oct 28, 2020 · Updated Jul 9, 2026
Critical · CVSS 9.8
SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.
Published Jan 26, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-emaild.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
Published Jun 22, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a cross-site request forgery (CSRF) vulnerability in /tools/network-trace, /list_users, /list_byod?usertype=raduser, /dhcp_leases, /go?rid=202 in which a specially crafted HTTP request may reconfigure the device.
Published Apr 9, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover.
Published Apr 9, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. The impact is: execute arbitrary code (remote). The component is: read_2004_section_header ../../src/decode.c:2580.
Published May 17, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_RC ../../src/bits.c:318.
Published May 17, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_revhistory ../../src/decode.c:3051.
Published May 17, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_B ../../src/bits.c:135.
Published May 17, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_search_sentinel ../../src/bits.c:1985.
Published May 17, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
An issue was discovered in GNU LibreDWG 0.10. Crafted input will lead to an memory leak in dwg_decode_eed ../../src/decode.c:3638.
Published May 17, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_appinfo ../../src/decode.c:2842.
Published May 17, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_preview ../../src/decode.c:3175.
Published May 17, 2021 · Updated Jul 9, 2026