Skip to main content
CVE-2021-47813 HIGH POC This Week

Backup Key Recovery 2.2.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the registration code input field. [CVSS 7.5 HIGH]

Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2021-47797 HIGH POC This Week

Leawo Prof. Media 11.0.0.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized payload in the activation keycode field. [CVSS 7.5 HIGH]

Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2021-47789 HIGH POC This Week

Yenkee Hornet Gaming Mouse driver GM312Fltr.sys contains a buffer overrun vulnerability that allows attackers to crash the system by sending oversized input. Attackers can exploit the driver by sending a 2000-byte buffer through DeviceIoControl to trigger a kernel-level system crash. [CVSS 7.5 HIGH]

Linux Denial Of Service Yms 3029 Firmware
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2021-47786 HIGH POC This Week

Redragon Gaming Mouse driver contains a kernel-level vulnerability that allows attackers to trigger a denial of service by sending malformed IOCTL requests. Attackers can send a crafted 2000-byte buffer with specific byte patterns to the REDRAGON_MOUSE device to crash the kernel driver. [CVSS 7.5 HIGH]

Linux Denial Of Service M725 Lit Firmware M801p Rgb Firmware Bm 4091 Firmware +11
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2021-47821 HIGH POC This Week

RarmaRadio 2.72.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing network configuration fields with large character buffers. [CVSS 7.5 HIGH]

Denial Of Service
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2021-47842 HIGH POC This Week

StudyMD 0.3.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. [CVSS 7.2 HIGH]

RCE XSS
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2021-47840 HIGH POC This Week

Moeditor 0.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. [CVSS 7.2 HIGH]

RCE XSS
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2021-47838 HIGH POC This Week

Markright 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to embed malicious payloads in markdown files. [CVSS 7.2 HIGH]

RCE XSS
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2021-47837 HIGH POC This Week

Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution. [CVSS 7.2 HIGH]

RCE XSS
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2021-47835 HIGH POC This Week

Freeter 1.2.1 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads in custom widget titles and files. [CVSS 7.2 HIGH]

RCE XSS
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-23723 HIGH POC PATCH This Week

SQL injection in WeGIA's Atendido_ocorrenciaControle endpoint allows authenticated attackers to manipulate the id_memorando parameter and extract entire databases, exposing sensitive personal information and potentially reading arbitrary files on misconfigured systems. Public exploit code exists for this vulnerability affecting WeGIA versions prior to 3.6.2. A patch is available in version 3.6.2 and should be deployed immediately to affected charitable institution management systems.

SQLi Wegia
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2021-47815 MEDIUM POC This Month

Nsauditor 3.2.3 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can paste a large buffer of 256 repeated characters into the 'Key' field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Buffer Overflow Nsauditor
NVD Exploit-DB VulDB
CVSS 4.0
6.7
EPSS
0.0%
CVE-2021-47814 MEDIUM POC This Month

NBMonitor 1.6.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the registration code input field. Attackers can paste a 256-character buffer into the registration key field to trigger an application crash and potential system instability. [CVSS 7.5 HIGH]

Denial Of Service Nbmonitor Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
6.7
EPSS
0.0%
CVE-2021-47834 MEDIUM POC This Month

Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into category titles. Attackers can create a new contact category with a script payload that will execute when the page is viewed by other users. [CVSS 6.4 MEDIUM]

XSS
NVD Exploit-DB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2021-47795 MEDIUM POC This Month

GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion, cross-site scripting, and remote code execution through improper input sanitization. [CVSS 6.2 MEDIUM]

RCE XSS LFI Path Traversal
NVD Exploit-DB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-56451 MEDIUM POC This Month

A8\+ Collaborative Management versions up to 7.0 is affected by cross-site scripting (xss) (CVSS 6.1).

XSS A8 Collaborative Management
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-23727 MEDIUM POC PATCH This Month

WeGIA versions prior to 3.6.2 contain an open redirect vulnerability in the control.php endpoint that fails to validate the nextPage parameter, allowing unauthenticated attackers to redirect users to arbitrary external websites. Public exploit code exists for this vulnerability, which can be leveraged for phishing, credential harvesting, and malware distribution attacks that abuse the trusted WeGIA domain. The vulnerability is resolved in version 3.6.2.

PHP Open Redirect Wegia
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2021-47841 MEDIUM POC This Month

SnipCommand 0.1.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into command snippets. Attackers can execute arbitrary code by embedding malicious JavaScript that triggers remote command execution through file or title inputs. [CVSS 6.1 MEDIUM]

XSS
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2021-47844 MEDIUM POC This Month

Xmind 2020 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into mind mapping files or custom headers. [CVSS 6.1 MEDIUM]

RCE XSS
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-23645 MEDIUM POC PATCH This Month

SiYuan prior to version 3.5.4-dev2 fails to sanitize SVG file uploads, allowing authenticated attackers to embed malicious JavaScript that executes when other users view the files. Public exploit code exists for this stored XSS vulnerability, which can compromise user sessions and access sensitive knowledge management data. The vulnerability affects self-hosted instances where users can upload SVG content from untrusted sources.

XSS Siyuan Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-23768 MEDIUM POC This Month

Lucy XSS Filter with ObjectSecurityListener or EmbedSecurityListener enabled is vulnerable to server-side request forgery (SSRF) via malformed embed or object tags lacking file extensions in src attributes, allowing remote attackers to trigger arbitrary HEAD requests to internal or external URLs. Public exploit code exists for this vulnerability, and no patch is currently available.

SSRF XSS Lucy Xss Filter
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-23730 MEDIUM POC PATCH This Month

WeGIA charitable institution management software versions prior to 3.6.2 contain an open redirect vulnerability in the control.php endpoint that fails to validate the nextPage parameter, allowing unauthenticated attackers to redirect users to arbitrary external sites for phishing and credential theft. Public exploit code exists for this vulnerability. The flaw is resolved in version 3.6.2 and later.

PHP Open Redirect Wegia
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-23729 MEDIUM POC PATCH This Month

WeGIA charitable institution management software versions prior to 3.6.2 contain an open redirect vulnerability in the control.php endpoint that fails to validate the nextPage parameter, allowing attackers to redirect authenticated users to malicious external sites. Public exploit code exists for this vulnerability, which can be leveraged for phishing, credential harvesting, and malware distribution attacks while maintaining the appearance of a trusted WeGIA domain. The vulnerability is resolved in WeGIA 3.6.2 and later versions.

PHP Open Redirect Wegia
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-23728 MEDIUM POC PATCH This Month

WeGIA versions prior to 3.6.2 contain an open redirect vulnerability in the control.php endpoint that fails to properly validate the nextPage parameter, allowing attackers to redirect authenticated users to malicious external sites. Public exploit code exists for this vulnerability, enabling attackers to conduct phishing campaigns and credential harvesting attacks while leveraging the trust associated with the legitimate WeGIA domain. Update to version 3.6.2 or later to remediate this issue.

PHP Open Redirect Wegia
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-23726 MEDIUM POC PATCH This Month

WeGIA prior to version 3.6.2 contains an open redirect vulnerability in the control.php endpoint that fails to validate the nextPage parameter, allowing attackers to craft malicious links redirecting users to arbitrary external sites for phishing and credential theft. Public exploit code exists for this vulnerability, which affects all users who click attacker-controlled links within the application. The vulnerability is resolved in version 3.6.2.

PHP Open Redirect Wegia
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-61937 CRITICAL Act Now

A CVSS 10.0 code injection vulnerability allows unauthenticated attackers to achieve remote code execution with OS-level system privileges on the affected product.

RCE Process Optimization
NVD GitHub
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-23800 CRITICAL Act Now

Modular DS modular-connector has a CVSS 10.0 privilege escalation vulnerability through incorrect privilege assignment, allowing unauthenticated attackers to gain full administrative access to WordPress sites.

Privilege Escalation
NVD
CVSS 3.1
10.0
EPSS
0.0%
CVE-2025-60021 CRITICAL Act Now

Apache bRPC versions before 1.15.0 contain a remote command injection vulnerability in the heap profiler built-in service, allowing attackers to execute arbitrary OS commands.

Apache Github Command Injection Brpc
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-1019 CRITICAL Act Now

The Police Statistics Database System by Gotac has a missing authentication vulnerability allowing unauthenticated remote access to law enforcement statistical data.

Industrial Police Statistics Database System
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-1021 CRITICAL Act Now

Gotac Police Statistics Database System allows unauthenticated arbitrary file upload, enabling remote attackers to upload web shells and achieve full server compromise.

Industrial Police Statistics Database System
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-14233 CRITICAL Act Now

Canon printers contain an invalid free vulnerability in CPCA file deletion processing that allows network-based attackers to execute arbitrary code or crash the device.

RCE Mf452dw Firmware Mf656cdw Firmware Mf1238 Ii Firmware Mf451dw Firmware +12
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-14237 CRITICAL Act Now

Canon printers contain a buffer overflow in XPS font parsing that allows remote code execution through crafted print jobs with malicious font data.

Buffer Overflow Lbp236dw Firmware Mf654cdw Firmware Lbp633cdw Firmware Mf452dw Firmware +12
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-14236 CRITICAL Act Now

Canon Multifunction Printers have a buffer overflow in Address Book attribute tag processing that allows remote attackers to execute code by exploiting the printer's management interface.

Buffer Overflow Mf1643if Ii Firmware Mf1643i Ii Firmware Mf451dw Firmware Mf1238 Ii Firmware +12
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-14235 CRITICAL Act Now

Canon printers contain a buffer overflow in XPS font fpgm table processing, enabling remote code execution when processing crafted print jobs with malicious font data.

Buffer Overflow Mf653cdw Firmware Mf1643if Ii Firmware Lbp632cdw Firmware Mf652cw Firmware +12
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-14234 CRITICAL Act Now

Canon printers have a buffer overflow in CPCA list processing that allows remote attackers to execute arbitrary code through the printer's network protocol handler.

Buffer Overflow Mf656cdw Firmware Mf1643i Ii Firmware Mf452dw Firmware Mf652cw Firmware +12
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-14232 CRITICAL Act Now

Canon printers have a buffer overflow in XML processing of XPS files that allows network-adjacent attackers to execute arbitrary code by sending crafted print jobs.

Buffer Overflow Mf455dw Firmware Mf653cdw Firmware Lbp237dw Firmware Mf452dw Firmware +12
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-14231 CRITICAL Act Now

Canon Small Office Multifunction Printers and Laser Printers are vulnerable to a buffer overflow in WSD print job processing that allows remote attackers to execute arbitrary code or cause denial of service.

Buffer Overflow Lbp236dw Firmware Lbp1238 Ii Firmware Mf1643i Ii Firmware Mf656cdw Firmware +12
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-62582 CRITICAL Act Now

Delta Electronics DIAView has a missing authentication vulnerability that allows remote attackers to access critical functionality without credentials, potentially compromising SCADA monitoring.

Authentication Bypass Diaview
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-62581 CRITICAL Act Now

Delta Electronics DIAView uses hard-coded cryptographic keys, allowing attackers to forge authentication tokens, decrypt sensitive data, or bypass security controls entirely.

Information Disclosure Diaview
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-14894 CRITICAL Act Now

Livewire Filemanager for Laravel contains an unrestricted file upload vulnerability allowing unauthenticated attackers to upload and execute arbitrary files on the server.

PHP Laravel RCE Filemanager
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-69581 MEDIUM POC This Month

An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personal_data endpoint exposes full sensitive user information even after logout because proper cache-control is missing. [CVSS 5.5 MEDIUM]

Information Disclosure Chamilo Lms
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2021-47779 MEDIUM POC This Month

Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. [CVSS 5.4 MEDIUM]

XSS Privilege Escalation Dolibarr Erp Crm
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-23725 MEDIUM POC PATCH This Month

Stored XSS in WeGIA before version 3.6.2 allows authenticated users to inject malicious scripts into adopter information fields that execute in the browsers of all visitors to the affected pages. Public exploit code exists for this vulnerability, which impacts the html/pet/adotantes/cadastro_adotante.php and informacao_adotantes.php endpoints. Organizations should upgrade to version 3.6.2 or later to mitigate the risk of persistent JavaScript injection attacks.

PHP XSS Wegia
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2021-47808 MEDIUM POC This Month

Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page. [CVSS 5.4 MEDIUM]

XSS Cotonti Siena
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2021-47783 MEDIUM POC This Month

Phpwcms versions up to 1.9.30 is affected by unrestricted upload of file with dangerous type (CVSS 5.4).

XSS Phpwcms
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-15528 MEDIUM POC PATCH This Month

A vulnerability has been found in Open5GS up to 2.7.6. Affected by this vulnerability is an unknown functionality of the component GTPv2 Bearer Response Handler. [CVSS 5.3 MEDIUM]

Denial Of Service Open5gs
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-15529 MEDIUM POC PATCH This Month

A vulnerability was found in Open5GS up to 2.7.6. Affected by this issue is the function sgwc_s5c_handle_create_session_response of the file src/sgwc/s5c-handler.c. [CVSS 5.3 MEDIUM]

Denial Of Service Open5gs
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-15104 MEDIUM POC This Month

Nu Html Checker (validator.nu) contains a restriction bypass that allows remote attackers to make the server perform arbitrary HTTP/HTTPS requests to internal resources, including localhost services. [CVSS 5.3 MEDIUM]

DNS Validator
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2021-47800 MEDIUM POC This Month

b2evolution 7.2.2 contains a cross-site request forgery vulnerability that allows attackers to modify admin account details without authentication. Attackers can craft a malicious HTML form to submit unauthorized changes to user profiles by tricking victims into loading a specially crafted webpage. [CVSS 5.3 MEDIUM]

CSRF
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2021-47820 MEDIUM POC This Month

Ubee EVW327 contains a cross-site request forgery vulnerability that allows attackers to enable remote access without user interaction. Attackers can craft a malicious webpage that automatically submits a form to change router remote access settings to port 8080 without the user's consent. [CVSS 5.3 MEDIUM]

CSRF
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
0.0%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy