CVE-2021-25921

In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting XSS due to user input not being validated properly in the Allergies section. An attacker could lure an admin to enter a malicious payload and by that initiate the exploit...

CVE-2021-38171

adtsdecodeextradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the initgetbits return value, which is a necessary step because the second argument to initgetbits can be crafted...

CVE-2021-24282

In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the various AJAX actions in the plugin to do a variety of things. For example, an attacker could use wpcf7rresetsettings to reset the plugin’s settings, wpcf7raddaction to...

CVE-2021-36531

ngiflib 0.4 has a heap overflow in GetByte at ngiflib.c:70 in NGIFLIBNOFILE mode, GetByte reads memory buffer without checking the boundary...

CVE-2020-25879

A stored cross site scripting XSS vulnerability in the 'Manage Users' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Username' parameter...

CVE-2020-19264

A cross-site request forgery CSRF in MipCMS v5.0.1 allows attackers to arbitrarily add users via index.php?s=/user/ApiAdminUser/itemAdd...

CVE-2018-20841

HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow remote command execution via shell metacharacters in the mac parameter of a protocol.csp?function=set=security=mactable request...

CVE-2019-5220

There is a Factory Reset Protection FRP bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker could do a certain operation on certain step of setup wizard. Successful exploit could allow the attacker bypass the FRP protection. Affected...

CVE-2019-13924

A vulnerability has been identified in SCALANCE S602 All versions V4.1, SCALANCE S612 All versions V4.1, SCALANCE S623 All versions V4.1, SCALANCE S627-2M All versions V4.1, SCALANCE X-200 switch family incl. SIPLUS NET variants All versions 5.2.4, SCALANCE X-200IRT switch family incl. SIPLUS NET...

CVE-2019-19663

A CSRF vulnerability exists in the Folder Sets Settings of Web File Manager in Rumpus FTP 8.2.9.1. This allows an attacker to Create/Delete Folders after exploiting it at RAPR/FolderSetsSet.html...

CVE-2017-8101

There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request...

CVE-2018-20941

cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin SEC-349...

CVE-2009-5076

CRE Loaded before 6.2.14, and possibly other versions before 6.3.x, allows remote attackers to bypass authentication and gain administrator privileges via a request with 1 login.php or 2 passwordforgotten.php appended as the PATHINFO, which bypasses a check that uses PHPSELF, which is not properl...

CVE-2006-4084

Unspecified vulnerability in phpAutoMembersArea phpAMA before 3.2.4 has unknown impact and attack vectors, related to "a potential security exploit which is critical."...

CVE-2023-7229

The illi Link Party! WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

Exploit for Incorrect Privilege Assignment in Themewinter Eventin

🚨 CVE-2025-47539 – WordPress Eventin Plugin Critical Exploit...

Exploit for Unrestricted Upload of File with Dangerous Type in Webfulcreations Computer_Repair_Shop

Wordpress Computer Repair Shop = 3.8115 - Unauthenticated Arb...

WordPress Advanced File Manager plugin missing license vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A lack of authorization vulnerability exists in the WordPress Advanced File Manager plugin that stems from a lack of authorization and can be exploited by an attacker to modify...

NETGEAR RAX5 vif_disable function command injection vulnerability

The NETGEAR RAX5 is a wireless router from NETGEAR. NETGEAR RAX5 suffers from a command injection vulnerability that stems from the iface parameter in the vifdisable function failing to correctly filter constructed command special characters, commands, and so on. An attacker can exploit this...

Tenda RX2 Pro Access Control Error Vulnerability

Tenda RX2 Pro is a high performance WiFi 6 signal amplifier from Tenda China. The Tenda RX2 Pro suffers from an access control error vulnerability that can be exploited by an attacker to enable ate management binary...