CVE-2021-38415

Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code...

CVE-2025-30169

CVE-2025-30169 affects ABB ASPECT product line (ASPECT-Enterprise, NEXUS Series, MATRIX Series) up to version 3.08.03. The issue is a file upload and execute vulnerability enabling PHP script injection if session administrator credentials are compromised. Connected sources corroborate vulnerabili...

CVE-2020-29139

A SQL injection vulnerability in interface/main/finder/patientselect.php from library/patient.inc in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the searchFields parameter...

CVE-2020-5722

The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions befo...

CVE-2020-36034

SQL Injection vulnerability in oretnom23 School Faculty Scheduling System version 1.0, allows remote attacker to execute arbitrary code, escalate privilieges, and gain sensitive information via crafted payload to id parameter in manageuser.php...

CVE-2020-9520

A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled...

CVE-2020-11498

Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tundarwin.go or tunwindows.go. A user can also use Nebula to execute arbitrary code in the user's own context, e.g., for user-level persisten...

CVE-2020-19287

A stored cross-site scripting XSS vulnerability in the /group/post component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title...

CVE-2020-19290

A stored cross-site scripting XSS vulnerability in the /weibo/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Weibo comment section...

CVE-2020-19907

A command injection vulnerability in the sandcat plugin of Caldera 2.3.1 and earlier allows authenticated attackers to execute any command or service...

CVE-2020-36396

A stored cross site scripting XSS vulnerability in the /admin/roles/role component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter...

CVE-2025-33138 IBM Aspera Faspex HTML injection

IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

CVE-2020-24985

An issue was discovered in Quadbase EspressReports ES 7 Update 9. An authenticated user is able to navigate to the MenuPage section of the application, and change the frmsrc parameter value to retrieve and execute external files or payloads...

CVE-2020-19288

A stored cross-site scripting XSS vulnerability in the /localhost/u component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a private message...

CVE-2020-17429

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

CVE-2020-17411

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2020-27406

Cross Site Scripting XSS vulnerability in DynPG 4.9.1, allows authenticated attackers to execute arbitrary code via the groupname...

CVE-2020-13640

A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the order parameter of a wpdLoadMoreComments request. No 7.x versions are affected...

CVE-2020-21930

A stored cross site scripting XSS vulnerability in the webattr2 field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML...

CVE-2020-11708

An issue was discovered in ProVide formerly zFTPServer through 13.1. Privilege escalation can occur via the /ajax/SetUserInfo messages parameter because of the EXECUTE feature, which is for executing programs when certain events are triggered...