Export limit exceeded: 363415 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363415 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-31674 1 Cyclos 1 Cyclos 2026-07-04 6.1 Medium
Cyclos 4 PRO 4.14.7 and before does not validate user input at error inform, which allows remote unauthenticated attacker to execute javascript code via undefine enum constant.
CVE-2020-22984 1 Microstrategy 1 Microstrategy Web Sdk 2026-07-04 6.1 Medium
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig task.
CVE-2020-21884 1 Indionetworks 10 Unibox U1000, Unibox U1000 Firmware, Unibox U2500 and 7 more 2026-07-04 8.8 High
Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a cross-site request forgery (CSRF) vulnerability in /tools/network-trace, /list_users, /list_byod?usertype=raduser, /dhcp_leases, /go?rid=202 in which a specially crafted HTTP request may reconfigure the device.
CVE-2021-46355 1 Factorfx 1 Ocs Inventory 2026-07-04 5.4 Medium
OCS Inventory 2.9.1 is affected by Cross Site Scripting (XSS). To exploit the vulnerability, the attacker needs to manipulate the name of some device on your computer, such as a printer, replacing the device name with some malicious code that allows the execution of Stored Cross-site Scripting (XSS).
CVE-2021-36450 1 Verint 1 Workforce Optimization 2026-07-04 6.1 Medium
Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter.
CVE-2022-24562 1 Iobit 1 Iotransfer 2026-07-04 9.8 Critical
In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system (with admin privileges) on the victim's endpoint, which can result in data theft and remote code execution.
CVE-2021-25681 1 Adtran 3 Netvanta 7060, Netvanta 7100, Personal Phone Manager 2026-07-04 7.5 High
AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS. NOTE: The affected appliances NetVanta 7060 and NetVanta 7100 are considered End of Life and as such this issue will not be patched.
CVE-2021-44596 1 Wondershare 1 Dr.fone 2026-07-04 9.8 Critical
Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the "InstallAssistService.exe" service(the service is running under SYSTEM privileges) and manipulate it to execute malicious executable without any validation from a remote location and gain SYSTEM privileges
CVE-2020-22985 1 Microstrategy 1 Microstrategy Web Sdk 2026-07-04 6.1 Medium
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task.
CVE-2021-45421 1 Emerson 2 Dixell Xweb-500, Dixell Xweb-500 Firmware 2026-07-04 7.5 High
Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. A potential attacker can use this misconfiguration to access all the files in the remote directories. Note: the product has not been supported since 2018 and should be removed or replaced.
CVE-2026-14685 1 Hdrhistogram 1 Hdrhistogram 2026-07-04 3.3 Low
A vulnerability has been found in HdrHistogram up to 2.2.2. This vulnerability affects the function recordValueWithCount of the file src/main/java/org/HdrHistogram/AbstractHistogram.java of the component AbstractHistogram. Such manipulation of the argument Count leads to state issue. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVE-2020-24914 1 Qcubed 1 Qcubed 2026-07-04 9.8 Critical
A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request.
CVE-2021-45420 1 Emerson 2 Dixell Xweb-500, Dixell Xweb-500 Firmware 2026-07-04 9.8 Critical
Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to denial of service and potentially remote code execution. Note: the product has not been supported since 2018 and should be removed or replaced.
CVE-2020-24913 1 Qcubed 1 Qcubed 2026-07-04 9.8 Critical
A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.
CVE-2020-24036 1 Fork-cms 1 Fork Cms 2026-07-04 8.8 High
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code.
CVE-2020-27509 1 Galaxkey 1 Galaxkey 2026-07-04 5.4 Medium
Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to 5.6.11.5 allows an attacker to perform an account takeover by intercepting the HTTP Post request when sending an email and injecting a specially crafted XSS payload in the 'subject' field. The payload executes when the recipient logs into their mailbox.
CVE-2021-42912 1 Fiberhome 12 Aan5506-04-g2g Firmware, An5506-01-a, An5506-01-a Firmware and 9 more 2026-07-04 8.8 High
FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands with a semicolon.
CVE-2022-37700 1 Easycorp 1 Zentao 2026-07-04 7.5 High
Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: URL : view-source:https://demo15.zentao.pm/user-login.html/zentao/index.php?mode=getconfig.
CVE-2020-22983 1 Microstrategy 1 Microstrategy Web 2026-07-04 8.1 High
A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task.
CVE-2022-25521 1 Nuuo 1 Network Video Recorder Firmware 2026-07-04 9.8 Critical
NUUO v03.11.00 was discovered to contain access control issue.