Unknown · CVSS Not scored
Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API
Published Sep 22, 2020 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Microweber v1.1.18 is affected by no session expiry after log-out.
Published Nov 9, 2020 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task.
Published May 12, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task.
Published May 12, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task.
Published May 12, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig task.
Published May 12, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task.
Published May 13, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Directory traversal vulnerability in Jinfornet Jreport 15.6 allows unauthenticated attackers to gain sensitive information.
Published Jul 27, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
The Snap7 server component in version 1.4.1, when an attacker sends a crafted packet with COTP protocol the last-data-unit flag set to No and S7 writes a var function, the Snap7 server will be crashed.
Published Oct 28, 2020 · Updated Jul 9, 2026
Critical · CVSS 9.8
SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.
Published Jan 26, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-emaild.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
Published Jun 22, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a cross-site request forgery (CSRF) vulnerability in /tools/network-trace, /list_users, /list_byod?usertype=raduser, /dhcp_leases, /go?rid=202 in which a specially crafted HTTP request may reconfigure the device.
Published Apr 9, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover.
Published Apr 9, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. The impact is: execute arbitrary code (remote). The component is: read_2004_section_header ../../src/decode.c:2580.
Published May 17, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_RC ../../src/bits.c:318.
Published May 17, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_revhistory ../../src/decode.c:3051.
Published May 17, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_B ../../src/bits.c:135.
Published May 17, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_search_sentinel ../../src/bits.c:1985.
Published May 17, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
An issue was discovered in GNU LibreDWG 0.10. Crafted input will lead to an memory leak in dwg_decode_eed ../../src/decode.c:3638.
Published May 17, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_appinfo ../../src/decode.c:2842.
Published May 17, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_preview ../../src/decode.c:3175.
Published May 17, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A null pointer deference issue exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2337.
Published May 17, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A null pointer deference issue exists in GNU LibreDWG 0.10 via get_bmp ../../programs/dwgbmp.c:164.
Published May 17, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_classes ../../src/decode.c:2440.
Published May 17, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2417.
Published May 17, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_handles ../../src/decode.c:2637.
Published May 17, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A heap based buffer overflow vulneraibility exists in GNU LibreDWG 0.10 via bit_calc_CRC ../../src/bits.c:2213.
Published May 17, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2379.
Published May 17, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641via htmlescape ../../programs/escape.c:51.
Published May 17, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:48.
Published May 17, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A null pointer dereference issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:29. which causes a denial of service (application crash).
Published May 17, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A heab based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:46.
Published May 17, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A null pointer deference issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114, which causes a denial of service (application crash).
Published May 17, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlwescape ../../programs/escape.c:97.
Published May 17, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114.
Published May 17, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdns.asp, RgFirewallEL.asp, RgVpnL2tpPptp.asp.
Published Sep 14, 2020 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). An attacker can add JavaScript code to the filename.
Published Sep 14, 2020 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Gazie 7.29 is affected by: Cross Site Scripting (XSS) via http://192.168.100.7/gazie/modules/config/admin_utente.php?user_name=amministratore&Update. An attacker can inject JavaScript code, and the webapplication stores the injected code.
Published Sep 14, 2020 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the gourl parameter in login.php.
Published Jun 21, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot reproduce this issue in a released version, such as 5.0.7.
Published Sep 20, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie.
Published Oct 1, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Cross Site Scripting (XSS) vulnerability in Ruckus Wireless ZoneDirector 9.8.3.0.
Published Jun 27, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A local privilege escalation vulnerability was identified within the "luminati_net_updater_win_eagleget_com" service in EagleGet Downloader version 2.1.5.20 Stable. This issue allows authenticated non-administrative user to escalate their privilege and conduct code execution as a SYSTEM privilege.
Published Jun 24, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.
Published Jan 19, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924). The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.
Published Jan 20, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password.
Published Jul 8, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A blind SQL injection in /admin/?n=logs&c=index&a=dode of Metinfo 7.0 beta allows attackers to access sensitive database information.
Published Jul 8, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A cross site scripting vulnerability in baigo CMS v4.0-beta-1 allows attackers to execute arbitrary web scripts or HTML via the form parameter post to /public/console/profile/info-submit/.
Published Jul 8, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php.
Published Dec 22, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function.
Published Dec 22, 2021 · Updated Jul 9, 2026