Medium · CVSS 6.1
A cross-site scripting (XSS) vulnerability in the check_login function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter.
Published Mar 10, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Accruent LLC Maintenance Connection 2021 (all) & 2022.2 was discovered to contain a SQL injection vulnerability via the E-Mail to Work Order function.
Published Mar 2, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
An issue was discovered in ThingsBoard 3.4.1, allows low privileged attackers (CUSTOMER_USER) to gain escalated privileges (vertically) and become an Administrator (TENANT_ADMIN) or (SYS_ADMIN) on the web application. It is important to note that in order to accomplish this, the attacker must know the corresponding API's parameter (authority : value).
Published Mar 1, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. NOTE: the vendor does not consider this a vulnerability because the report is only about use of certificates at the application layer (not the transport layer) and "Certificates are exchanged in a controlled fashion between entities within a trust relationship. This is why self-signed certificates may be used and why validating certificates isn’t as important as doing so for the transport layer certificates."
Published Mar 24, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
An issue discovered in Shenzhen Zhibotong Electronics WBT WE1626 Router v 21.06.18 allows attacker to execute arbitrary commands via serial connection to the UART port.
Published Mar 3, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to obtain sensitive information via SPI bus interface connected to pinout of the NAND flash memory.
Published Mar 3, 2023 · Updated Jul 9, 2026
Critical · CVSS 9.8
An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to escalate privileges via WGET command to the Network Diagnosis endpoint.
Published Mar 3, 2023 · Updated Jul 9, 2026
Medium · CVSS 5.4
QlikView 12.60.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the QvsViewClient functionality.
Published Mar 6, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications.
Published Mar 27, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Online Banking System Protect v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the pages parameter.
Published Mar 30, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A remote code execution (RCE) vulnerability in Online Banking System Protect v1.0 allows attackers to execute arbitrary code via a crafted PHP file uploaded through the Upload Image function.
Published Mar 30, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Online Banking System Protect v1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via parameters on user profile, system_info and accounts management.
Published Mar 30, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability via the component /u8sl/WebHelp.
Published Mar 25, 2022 · Updated Jul 9, 2026
Critical · CVSS 9.8 · CISA KEV
D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp.
Published Mar 27, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A stored cross-site scripting (XSS) vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "special" field.
Published Mar 29, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Joget DX 7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Datalist table.
Published Mar 25, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the application.
Published Mar 25, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file.
Published Mar 18, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file.
Published Mar 25, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is exploited via a crafted POST request.
Published Mar 25, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
NUUO v03.11.00 was discovered to contain access control issue.
Published Mar 29, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
The Remote App module in Liferay Portal Liferay Portal v7.4.3.4 through v7.4.3.8 and Liferay DXP 7.4 before update 5 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event message.
Published Mar 2, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation because of a race condition.
Published Mar 9, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly uses Privileged APIs to modify values in HKEY_LOCAL_MACHINE via UITasks.PersistentRegistryData.
Published Mar 2, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A cross-site scripting (XSS) vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in the content field of a blog post.
Published Mar 1, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post.
Published Mar 1, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages.
Published Mar 1, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code execution vulnerability during an unauthenticated update. To exploit this vulnerability, a user must trigger an update of an affected installation of KeyMouse.
Published Mar 7, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the "Browse For Folder" window accessible by triggering a "Repair" on the MSI package located in C:\Windows\Installer.
Published Mar 9, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A stored cross-site scripting (XSS) vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User-Agent field.
Published Mar 3, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to gain administrator privileges.
Published Mar 1, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file.
Published Mar 1, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet.
Published Mar 1, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file.
Published Mar 1, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function.
Published Mar 1, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user's personal home page can be realized. It is necessary to judge the user's login status before accessing the personal home page, but the vulnerability can access other users' home pages through the non login status because real authentication is not carried out.
Published Mar 7, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS).
Published Mar 21, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnerability.
Published Mar 21, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF).
Published Mar 21, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes.
Published Mar 21, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks.
Published Mar 21, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues.
Published Mar 21, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control.
Published Mar 21, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the full balance of the account to a victim Geth node, which can purge all of pending transactions in a victim node's memory pool and then occupy the memory pool to prevent new transactions from entering the pool, resulting in a denial of service (DoS).
Published Mar 4, 2022 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in one message, which can purge all of pending transactions in a victim node's memory pool, causing a denial of service (DoS).
Published Mar 4, 2022 · Updated Jul 9, 2026
High · CVSS 7.8 · CISA KEV
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
Published Mar 3, 2022 · Updated Jun 3, 2026
High · CVSS 7.8
HEIF Image Extensions Remote Code Execution Vulnerability
Published Mar 9, 2022 · Updated May 27, 2026
High · CVSS 7.5
.NET and Visual Studio Denial of Service Vulnerability
Published Mar 9, 2022 · Updated May 27, 2026
High · CVSS 7.8
VP9 Video Extensions Remote Code Execution Vulnerability
Published Mar 9, 2022 · Updated May 27, 2026
High · CVSS 7.8
VP9 Video Extensions Remote Code Execution Vulnerability
Published Mar 9, 2022 · Updated May 27, 2026