| Stackfield Desktop App for Windows and macOS <= 1.10.1 Path Traversal Remote Code Execution |
CVE-2026-28373 |
high
|
23.03.2026 |
| Rocket Software TRUfusion Enterprise < 7.10.5 WsPortalV6UpDwAxis2Impl Path Traversal Remote Code Execution |
CVE-2025-59793 |
critical
|
16.02.2026 |
| Rocket Software TRUfusion Enterprise < 7.10.5 Full Server-Side Request Forgery Through Reverse Proxy Misconfiguration |
CVE-2025-32355 |
high
|
16.02.2026 |
| HashiCorp Consul <= 1.21.5 KVS Denial of Service |
CVE-2025-11374 |
high
|
02.11.2025 |
| HashiCorp Consul <= 1.21.5 Event Denial of Service |
CVE-2025-11375 |
high
|
02.11.2025 |
| Rocket Software TRUfusion Enterprise Use of Static Encryption Key to Create Session Cookies |
CVE-2025-27223 |
critical
|
30.09.2025 |
| Rocket Software TRUfusion Enterprise internal_admin_contact_login.jsp Unauthenticated PII Disclosure |
CVE-2025-27225 |
high
|
30.09.2025 |
| Rocket Software TRUfusion Enterprise /trufusionPortal/fileupload Unauthenticated Path Traversal and Arbitrary File Write |
CVE-2025-27224 |
critical
|
30.09.2025 |
| Rocket Software TRUfusion Enterprise "cobrandingImageName" Unauthenticated Path Traversal |
CVE-2025-27222 |
critical
|
30.09.2025 |
| Wing FTP Server Local Path Disclosure Through Overlong UID Session Cookie |
CVE-2025-47813 |
medium
|
30.06.2025 |
| Wing FTP Server Incorrect Default Permission for FTP Service Account |
CVE-2025-47811 |
high
|
30.06.2025 |
| Wing FTP Server Arbitrary Code Injection in User Session Files Leading to Remote Code Execution. |
CVE-2025-47812 |
critical
|
30.06.2025 |
| Wing FTP Server Arbitrary Link Injection Leading to Cleartext Password Disclosure |
CVE-2025-27889 |
high
|
26.04.2025 |
| SAP Emarsys SDK for Android <= 3.6.1 Sensitive Data Leak |
CVE-2023-6542 |
high
|
10.04.2025 |
| FC Red Bull Salzburg App "at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity" Arbitrary URL Loading |
CVE-2023-29459 |
medium
|
01.06.2023 |
| SecurePoint UTM <= 12.2.5 “spcgi.cgi” Remote Memory Contents Information Disclosure |
CVE-2023-22897 |
medium
|
12.04.2023 |
| SecurePoint UTM <= 12.2.5 “spcgi.cgi” sessionId Information Disclosure Allowing Device Takeover |
CVE-2023-22620 |
critical
|
11.04.2023 |
| Quiz And Survey Master <= 8.0.8 - Unauthenticated Arbitrary Media Deletion |
CVE-2023-0291 |
high
|
08.02.2023 |
| Quiz And Survey Master <= 8.0.8 - Cross-Site Request Forgery to Arbitrary Media Deletion |
CVE-2023-0292 |
medium
|
08.02.2023 |
| Intel Data Center Manager <= 5.1 Local Privileges Escalation |
N/A |
high
|
07.12.2022 |
| Intel Data Center Manager Console <= 4.1 “getRoomRackData" Authenticated SQL Injection |
CVE-2022-21225 |
critical
|
01.12.2022 |
| Intel Data Center Manager Console <= 4.1.1.45749 ”UserMgmtHandler" Authentication Logic Error Leading to Authentication Bypass |
CVE-2022-33942 |
critical
|
23.11.2022 |
| Betheme <= 26.5.1.4 - Authenticated (Contributor+) PHP Object Injection |
CVE-2022-3861 |
high
|
18.11.2022 |
| BeCustom <= 1.0.5.2 Generic Cross-Site Request Forgery |
CVE-2022-3747 |
medium
|
10.11.2022 |
| Transposh <= 1.0.8.1 “tp_translation” Authorization Bypass |
CVE-2022-2536 |
high
|
16.08.2022 |
| Transposh <= 1.0.8.1 Multiple Cross-Site Request Forgeries |
CVE-2021-24912 |
medium
|
22.07.2022 |
| Transposh <= 1.0.8.1 Improper Authorization Allowing Access to Administrative Utilities |
CVE-2022-25810 |
medium
|
22.07.2022 |
| Transposh <= 1.0.8.1 “tp_translation” Weak Default Translation Permissions |
CVE-2022-2461 |
high
|
22.07.2022 |
| Transposh <= 1.0.8.1 “tp_history” Unauthenticated Information Disclosure |
CVE-2022-2462 |
medium
|
22.07.2022 |
| Transposh <= 1.0.8.1 “tp_editor” Multiple Authenticated SQL Injections |
CVE-2022-25811 |
medium
|
22.07.2022 |
| Transposh <= 1.0.8.1 “save_transposh” Missing Logfile Extension Check Leading to Code Injection |
CVE-2022-25812 |
critical
|
22.07.2022 |
| Transposh <= 1.0.7 “tp_translation” Unauthenticated Stored Cross-Site |
CVE-2021-24911 |
medium
|
22.07.2022 |
| Transposh <= 1.0.7 “tp_tp” Unauthenticated Reflected Cross-Site Scripting |
CVE-2021-24910 |
medium
|
22.07.2022 |
| Reolink E1 Zoom Camera <= 3.0.0.716 Unauthenticated Web Server Configuration Disclosure |
CVE-2021-40150 |
medium
|
01.06.2022 |
| Reolink E1 Zoom Camera <= 3.0.0.716 Unauthenticated Private Key Disclosure |
CVE-2021-40149 |
high
|
01.06.2022 |
| User Meta “um_show_uploaded_file” Path Traversal / Local File Enumeration |
CVE-2022-0779 |
medium
|
24.05.2022 |
| SAP Knowledge Warehouse <= 7.50 “SAPIrExtHelp” Reflected XSS |
CVE-2021-42063 |
medium
|
17.03.2022 |
| God Kings "com.innogames.core.frontend.notifications.receivers.LocalNotificationBroadcastReceiver" Improper Authorization Allowing In-Game Notification Spoofing |
CVE-2020-25204 |
medium
|
25.10.2020 |
| Frame Preview "com.framer.viewer.FramerViewActivity" Arbitrary URL Loading |
CVE-2020-25203 |
medium
|
22.09.2020 |
| Acronis Cyber Backup <= v12.5 Build 16341 Full Unauthenticated SSRF |
CVE-2020-16171 |
high
|
14.09.2020 |
| o2 Business for Android "canvasm.myo2.SplashActivity" <= 1.2.0 Open Redirect |
CVE-2020-11882 |
low
|
01.07.2020 |
| MJML <= 4.6.2 mj-include "path" Path Traversal |
CVE-2020-12827 |
high
|
14.06.2020 |
| SlickQuiz for Wordpress 1.3.7.1 "/wp-admin/admin.php?page=slickquiz" Multiple Stored XSS |
CVE-2019-12517 |
medium
|
10.09.2019 |
| SlickQuiz for Wordpress 1.3.7.1 "/wp-admin/admin.php?page=slickquiz-*" Multiple Authenticated SQL Injections |
CVE-2019-12516 |
high
|
10.09.2019 |
| Quest KACE Systems Management Appliance <= 9.0 kbot_service_notsoap.php METHOD Reflected Cross-Site Scripting |
CVE-2019-11604 |
medium
|
19.05.2019 |
| Schneider Electric U.Motion Builder <= 1.3.4 track_import_export.php object_id Unauthenticated Command Injection |
CVE-2018-7841 |
critical
|
13.05.2019 |
| Ubiquiti UniFi Video v3.7.3 (Windows) Local Privileges Escalation via Insecure Directory Permissions |
CVE-2016-6914 |
high
|
20.12.2017 |
| Check_mk v1.2.8p25 save_users() Race Condition leading to Sensitive Information Disclosure |
CVE-2017-14955 |
high
|
18.10.2017 |
| AlienVault USM v5.4.2 "/ossim/report/wizard_email.php" Cross-Site Request Forgery leading to Sensitive Information |
CVE-2017-14956 |
medium
|
13.10.2017 |
| Mattermost <= 3.5.1 /error Cross-Site Scripting |
CVE-2017-14956 |
medium
|
16.01.2017 |
| XenForo ToggleME 3.1.2 "/admin.php?options/list/Add mortoggleME" Multiple Persistent Cross-Site Scriptings |
N/A |
medium
|
11.09.2016 |
| AlienVault USM/OSSIM 5.2 conf/reload.php "back" DOM-based Cross-Site Scripting |
CVE-2016-6913 |
medium
|
23.08.2016 |
| Apache Archiva 1.3.9 Multiple Cross-Site Request Forgeries |
CVE-2016-4469 |
medium
|
11.07.2016 |
| Apache Archiva 1.3.9 admin/addProxyConnector_commit.action connector.sourceRepoId Persistent Cross-Site Scripting |
CVE-2016-5005 |
medium
|
11.07.2016 |
| XenAPI v1.4.1 for XenForo Multiple Unauthenticated SQL Injections |
N/A |
high
|
23.05.2016 |
| Postfix Admin v2.93 Generic POST Cross-Site Request Forgeries |
N/A |
medium
|
21.05.2016 |
| Swagger Editor v2.9.9 "description" Key DOM-based Cross-Site Scripting |
N/A |
medium
|
03.05.2016 |
| Ubiquiti Networks UniFi v3.2.10 Generic CSRF Protection Bypass |
N/A |
medium
|
23.02.2016 |
| Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting |
CVE-2015-5956 |
medium
|
14.09.2015 |
| Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow |
CVE-2014-7216 |
medium
|
03.09.2015 |
| GetGo Download Manager HTTP Response Header Buffer Overflow Remote Code Execution |
CVE-2014-2206 |
critical
|
02.03.2014 |
| VideoCharge Studio v2.12.3.685 cc.dll CHTTPResponse::GetHttpResponse() Buffer Overflow Remote Code Execution |
N/A |
high
|
19.02.2014 |
| Free Download Manager CDownloads_Deleted::UpdateDownload() Buffer Overflow Remote Code Execution |
CVE-2014-2087 |
critical
|
13.02.2014 |
| Avira Secure Backup v1.0.0.1 Multiple Registry Key Value Parsing Local Buffer Overflow Vulnerability |
CVE-2013-6356 |
medium
|
16.11.2013 |
| Kingsoft Office Writer v2012.8.1.0.3385 Buffer Overflow |
CVE-2013-3934 |
high
|
01.11.2013 |
| Watchguard Server Center v11.7.4 Multiple Non-Persistent Cross-Site Scripting Vulnerabilities |
CVE-2013-5702 |
medium
|
21.10.2013 |
| Watchguard Server Center v11.7.4 wgpr.dll Insecure Library Loading Local Privilege Escalation Vulnerability |
CVE-2013-5701 |
medium
|
09.08.2013 |
| WinAmp v5.63 gen_jumpex.dll and ml_local.dll Multiple Buffer Overflows |
CVE-2013-4694 |
medium
|
01.07.2013 |
| WinAmp v5.63 gen_ff.dll links.xml Value Parsing Invalid Pointer Dereference |
CVE-2013-4695 |
medium
|
01.07.2013 |
| HP Intelligent Management Center v5.1 E0202 topoContent.jsf Non-Persistent Cross-Site Scripting |
CVE-2012-5200 |
medium
|
07.03.2013 |
| Serva v2.0.0 HTTP Server GET Remote Denial of Service |
N/A |
high
|
14.01.2013 |
| Serva v2.0.0 DNS Server Remote Denial of Service |
N/A |
high
|
14.01.2013 |
| NCMedia Sound Editor Pro v7.5.1 MRUList201202.dat File Handling Local Buffer Overflow |
N/A |
medium
|
16.09.2012 |
| Aoop CMS 0.3.6 SQL Injection / Cross Site Scripting |
N/A |
critical
|
24.08.2012 |
| Astaro Security Gateway <= v8.304 Persistent Cross-Site Scripting Vulnerability |
CVE-2012-3238 |
medium
|
10.06.2012 |
| LAN Messenger v1.2.28 - Denial of Service Vulnerability |
CVE-2012-3845 |
high
|
30.04.2012 |
| C4B XPhone UC Web 4.1.890S R1 - Cross Site Vulnerability |
CVE-2012-4259 |
medium
|
23.04.2012 |
| Crystal Office Suite v1.43 - Buffer Overflow Vulnerability |
N/A |
high
|
12.04.2012 |
| FileStream Turbo Browser v11.6 - Buffer Overflow |
N/A |
medium
|
10.04.2012 |
| AnvSoft Any Video Converter 4.3.6 - Multiple Buffer Overflow Vulnerabilities |
N/A |
critical
|
08.04.2012 |
| BulletProof FTP Client 2010 - Buffer Overflow Vulnerability |
N/A |
high
|
02.04.2012 |
| Bitsmith PS Knowbase 3.2.3 - Buffer Overflow Vulnerability |
N/A |
high
|
29.03.2012 |
| Pitrinec MacroToolworks 7.5 - Buffer Overflow Vulnerability |
N/A |
high
|
08.03.2012 |
| Ilient SysAid v8.5.05 - Multiple Web Vulnerabilities |
N/A |
medium
|
08.03.2012 |
| Enterasys SecureStack Switch v6.x - Multiple Vulnerabilities |
N/A |
high
|
08.03.2012 |
| Ricoh DC Software DL-10 FTP Server (SR10.exe) <= 1.1.0.6 Remote Buffer Overflow Vulnerability |
CVE-2012-5002 |
critical
|
01.03.2012 |
| GPSMapEdit 1.1.73.2 - '.lst' Denial of Service |
CVE-2012-6042 |
low
|
01.03.2012 |
| Socusoft Photo 2 Video v8.05 - Buffer Overflow Vulnerability |
N/A |
high
|
27.02.2012 |
| DAMN Hash Calculator v1.5.1 Local Heap Overflow PoC |
N/A |
medium
|
21.02.2012 |
