| Rocket Software TRUfusion Enterprise < 7.10.5 WsPortalV6UpDwAxis2Impl Path Traversal Remote Code Execution |
CVE-2025-59793 |
critical
|
Feb 16, 2026 |
| Rocket Software TRUfusion Enterprise < 7.10.5 Full Server-Side Request Forgery Through Reverse Proxy Misconfiguration |
CVE-2025-32355 |
high
|
Feb 16, 2026 |
| HashiCorp Consul <= 1.21.5 KVS Denial of Service |
CVE-2025-11374 |
high
|
Nov 2, 2025 |
| HashiCorp Consul <= 1.21.5 Event Denial of Service |
CVE-2025-11375 |
high
|
Nov 2, 2025 |
| Rocket Software TRUfusion Enterprise Use of Static Encryption Key to Create Session Cookies |
CVE-2025-27223 |
critical
|
Sep 30, 2025 |
| Rocket Software TRUfusion Enterprise internal_admin_contact_login.jsp Unauthenticated PII Disclosure |
CVE-2025-27225 |
high
|
Sep 30, 2025 |
| Rocket Software TRUfusion Enterprise /trufusionPortal/fileupload Unauthenticated Path Traversal and Arbitrary File Write |
CVE-2025-27224 |
critical
|
Sep 30, 2025 |
| Rocket Software TRUfusion Enterprise "cobrandingImageName" Unauthenticated Path Traversal |
CVE-2025-27222 |
critical
|
Sep 30, 2025 |
| Wing FTP Server Local Path Disclosure Through Overlong UID Session Cookie |
CVE-2025-47813 |
medium
|
Jun 30, 2025 |
| Wing FTP Server Incorrect Default Permission for FTP Service Account |
CVE-2025-47811 |
high
|
Jun 30, 2025 |
| Wing FTP Server Arbitrary Code Injection in User Session Files Leading to Remote Code Execution. |
CVE-2025-47812 |
critical
|
Jun 30, 2025 |
| Wing FTP Server Arbitrary Link Injection Leading to Cleartext Password Disclosure |
CVE-2025-27889 |
high
|
Apr 26, 2025 |
| SAP Emarsys SDK for Android <= 3.6.1 Sensitive Data Leak |
CVE-2023-6542 |
high
|
Apr 10, 2025 |
| FC Red Bull Salzburg App "at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity" Arbitrary URL Loading |
CVE-2023-29459 |
medium
|
Jun 1, 2023 |
| SecurePoint UTM <= 12.2.5 “spcgi.cgi” Remote Memory Contents Information Disclosure |
CVE-2023-22897 |
medium
|
Apr 12, 2023 |
| SecurePoint UTM <= 12.2.5 “spcgi.cgi” sessionId Information Disclosure Allowing Device Takeover |
CVE-2023-22620 |
critical
|
Apr 11, 2023 |
| Quiz And Survey Master <= 8.0.8 - Unauthenticated Arbitrary Media Deletion |
CVE-2023-0291 |
high
|
Feb 8, 2023 |
| Quiz And Survey Master <= 8.0.8 - Cross-Site Request Forgery to Arbitrary Media Deletion |
CVE-2023-0292 |
medium
|
Feb 8, 2023 |
| Intel Data Center Manager <= 5.1 Local Privileges Escalation |
N/A |
high
|
Dec 7, 2022 |
| Intel Data Center Manager Console <= 4.1 “getRoomRackData" Authenticated SQL Injection |
CVE-2022-21225 |
critical
|
Dec 1, 2022 |
| Intel Data Center Manager Console <= 4.1.1.45749 ”UserMgmtHandler" Authentication Logic Error Leading to Authentication Bypass |
CVE-2022-33942 |
critical
|
Nov 23, 2022 |
| Betheme <= 26.5.1.4 - Authenticated (Contributor+) PHP Object Injection |
CVE-2022-3861 |
high
|
Nov 18, 2022 |
| BeCustom <= 1.0.5.2 Generic Cross-Site Request Forgery |
CVE-2022-3747 |
medium
|
Nov 10, 2022 |
| Transposh <= 1.0.8.1 “tp_translation” Authorization Bypass |
CVE-2022-2536 |
high
|
Aug 16, 2022 |
| Transposh <= 1.0.8.1 Multiple Cross-Site Request Forgeries |
CVE-2021-24912 |
medium
|
Jul 22, 2022 |
| Transposh <= 1.0.8.1 Improper Authorization Allowing Access to Administrative Utilities |
CVE-2022-25810 |
medium
|
Jul 22, 2022 |
| Transposh <= 1.0.8.1 “tp_translation” Weak Default Translation Permissions |
CVE-2022-2461 |
high
|
Jul 22, 2022 |
| Transposh <= 1.0.8.1 “tp_history” Unauthenticated Information Disclosure |
CVE-2022-2462 |
medium
|
Jul 22, 2022 |
| Transposh <= 1.0.8.1 “tp_editor” Multiple Authenticated SQL Injections |
CVE-2022-25811 |
medium
|
Jul 22, 2022 |
| Transposh <= 1.0.8.1 “save_transposh” Missing Logfile Extension Check Leading to Code Injection |
CVE-2022-25812 |
critical
|
Jul 22, 2022 |
| Transposh <= 1.0.7 “tp_translation” Unauthenticated Stored Cross-Site |
CVE-2021-24911 |
medium
|
Jul 22, 2022 |
| Transposh <= 1.0.7 “tp_tp” Unauthenticated Reflected Cross-Site Scripting |
CVE-2021-24910 |
medium
|
Jul 22, 2022 |
| Reolink E1 Zoom Camera <= 3.0.0.716 Unauthenticated Web Server Configuration Disclosure |
CVE-2021-40150 |
medium
|
Jun 1, 2022 |
| Reolink E1 Zoom Camera <= 3.0.0.716 Unauthenticated Private Key Disclosure |
CVE-2021-40149 |
high
|
Jun 1, 2022 |
| User Meta “um_show_uploaded_file” Path Traversal / Local File Enumeration |
CVE-2022-0779 |
medium
|
May 24, 2022 |
| SAP Knowledge Warehouse <= 7.50 “SAPIrExtHelp” Reflected XSS |
CVE-2021-42063 |
medium
|
Mar 17, 2022 |
| God Kings "com.innogames.core.frontend.notifications.receivers.LocalNotificationBroadcastReceiver" Improper Authorization Allowing In-Game Notification Spoofing |
CVE-2020-25204 |
medium
|
Oct 25, 2020 |
| Frame Preview "com.framer.viewer.FramerViewActivity" Arbitrary URL Loading |
CVE-2020-25203 |
medium
|
Sep 22, 2020 |
| Acronis Cyber Backup <= v12.5 Build 16341 Full Unauthenticated SSRF |
CVE-2020-16171 |
high
|
Sep 14, 2020 |
| o2 Business for Android "canvasm.myo2.SplashActivity" <= 1.2.0 Open Redirect |
CVE-2020-11882 |
low
|
Jul 1, 2020 |
| MJML <= 4.6.2 mj-include "path" Path Traversal |
CVE-2020-12827 |
high
|
Jun 14, 2020 |
| SlickQuiz for Wordpress 1.3.7.1 "/wp-admin/admin.php?page=slickquiz" Multiple Stored XSS |
CVE-2019-12517 |
medium
|
Sep 10, 2019 |
| SlickQuiz for Wordpress 1.3.7.1 "/wp-admin/admin.php?page=slickquiz-*" Multiple Authenticated SQL Injections |
CVE-2019-12516 |
high
|
Sep 10, 2019 |
| Quest KACE Systems Management Appliance <= 9.0 kbot_service_notsoap.php METHOD Reflected Cross-Site Scripting |
CVE-2019-11604 |
medium
|
May 19, 2019 |
| Schneider Electric U.Motion Builder <= 1.3.4 track_import_export.php object_id Unauthenticated Command Injection |
CVE-2018-7841 |
critical
|
May 13, 2019 |
| Ubiquiti UniFi Video v3.7.3 (Windows) Local Privileges Escalation via Insecure Directory Permissions |
CVE-2016-6914 |
high
|
Dec 20, 2017 |
| Check_mk v1.2.8p25 save_users() Race Condition leading to Sensitive Information Disclosure |
CVE-2017-14955 |
high
|
Oct 18, 2017 |
| AlienVault USM v5.4.2 "/ossim/report/wizard_email.php" Cross-Site Request Forgery leading to Sensitive Information |
CVE-2017-14956 |
medium
|
Oct 13, 2017 |
| Mattermost <= 3.5.1 /error Cross-Site Scripting |
CVE-2017-14956 |
medium
|
Jan 16, 2017 |
| XenForo ToggleME 3.1.2 "/admin.php?options/list/Add mortoggleME" Multiple Persistent Cross-Site Scriptings |
N/A |
medium
|
Sep 11, 2016 |
| AlienVault USM/OSSIM 5.2 conf/reload.php "back" DOM-based Cross-Site Scripting |
CVE-2016-6913 |
medium
|
Aug 23, 2016 |
| Apache Archiva 1.3.9 Multiple Cross-Site Request Forgeries |
CVE-2016-4469 |
medium
|
Jul 11, 2016 |
| Apache Archiva 1.3.9 admin/addProxyConnector_commit.action connector.sourceRepoId Persistent Cross-Site Scripting |
CVE-2016-5005 |
medium
|
Jul 11, 2016 |
| XenAPI v1.4.1 for XenForo Multiple Unauthenticated SQL Injections |
N/A |
high
|
May 23, 2016 |
| Postfix Admin v2.93 Generic POST Cross-Site Request Forgeries |
N/A |
medium
|
May 21, 2016 |
| Swagger Editor v2.9.9 "description" Key DOM-based Cross-Site Scripting |
N/A |
medium
|
May 3, 2016 |
| Ubiquiti Networks UniFi v3.2.10 Generic CSRF Protection Bypass |
N/A |
medium
|
Feb 23, 2016 |
| Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting |
CVE-2015-5956 |
medium
|
Sep 14, 2015 |
| Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow |
CVE-2014-7216 |
medium
|
Sep 3, 2015 |
| GetGo Download Manager HTTP Response Header Buffer Overflow Remote Code Execution |
CVE-2014-2206 |
critical
|
Mar 2, 2014 |
| VideoCharge Studio v2.12.3.685 cc.dll CHTTPResponse::GetHttpResponse() Buffer Overflow Remote Code Execution |
N/A |
high
|
Feb 19, 2014 |
| Free Download Manager CDownloads_Deleted::UpdateDownload() Buffer Overflow Remote Code Execution |
CVE-2014-2087 |
critical
|
Feb 13, 2014 |
| Avira Secure Backup v1.0.0.1 Multiple Registry Key Value Parsing Local Buffer Overflow Vulnerability |
CVE-2013-6356 |
medium
|
Nov 16, 2013 |
| Kingsoft Office Writer v2012.8.1.0.3385 Buffer Overflow |
CVE-2013-3934 |
high
|
Nov 1, 2013 |
| Watchguard Server Center v11.7.4 Multiple Non-Persistent Cross-Site Scripting Vulnerabilities |
CVE-2013-5702 |
medium
|
Oct 21, 2013 |
| Watchguard Server Center v11.7.4 wgpr.dll Insecure Library Loading Local Privilege Escalation Vulnerability |
CVE-2013-5701 |
medium
|
Aug 9, 2013 |
| WinAmp v5.63 gen_jumpex.dll and ml_local.dll Multiple Buffer Overflows |
CVE-2013-4694 |
medium
|
Jul 1, 2013 |
| WinAmp v5.63 gen_ff.dll links.xml Value Parsing Invalid Pointer Dereference |
CVE-2013-4695 |
medium
|
Jul 1, 2013 |
| HP Intelligent Management Center v5.1 E0202 topoContent.jsf Non-Persistent Cross-Site Scripting |
CVE-2012-5200 |
medium
|
Mar 7, 2013 |
| Serva v2.0.0 HTTP Server GET Remote Denial of Service |
N/A |
high
|
Jan 14, 2013 |
| Serva v2.0.0 DNS Server Remote Denial of Service |
N/A |
high
|
Jan 14, 2013 |
| NCMedia Sound Editor Pro v7.5.1 MRUList201202.dat File Handling Local Buffer Overflow |
N/A |
medium
|
Sep 16, 2012 |
| Aoop CMS 0.3.6 SQL Injection / Cross Site Scripting |
N/A |
critical
|
Aug 24, 2012 |
| Astaro Security Gateway <= v8.304 Persistent Cross-Site Scripting Vulnerability |
CVE-2012-3238 |
medium
|
Jun 10, 2012 |
| LAN Messenger v1.2.28 - Denial of Service Vulnerability |
CVE-2012-3845 |
high
|
Apr 30, 2012 |
| C4B XPhone UC Web 4.1.890S R1 - Cross Site Vulnerability |
CVE-2012-4259 |
medium
|
Apr 23, 2012 |
| Crystal Office Suite v1.43 - Buffer Overflow Vulnerability |
N/A |
high
|
Apr 12, 2012 |
| FileStream Turbo Browser v11.6 - Buffer Overflow |
N/A |
medium
|
Apr 10, 2012 |
| AnvSoft Any Video Converter 4.3.6 - Multiple Buffer Overflow Vulnerabilities |
N/A |
critical
|
Apr 8, 2012 |
| BulletProof FTP Client 2010 - Buffer Overflow Vulnerability |
N/A |
high
|
Apr 2, 2012 |
| Bitsmith PS Knowbase 3.2.3 - Buffer Overflow Vulnerability |
N/A |
high
|
Mar 29, 2012 |
| Pitrinec MacroToolworks 7.5 - Buffer Overflow Vulnerability |
N/A |
high
|
Mar 8, 2012 |
| Ilient SysAid v8.5.05 - Multiple Web Vulnerabilities |
N/A |
medium
|
Mar 8, 2012 |
| Enterasys SecureStack Switch v6.x - Multiple Vulnerabilities |
N/A |
high
|
Mar 8, 2012 |
| Ricoh DC Software DL-10 FTP Server (SR10.exe) <= 1.1.0.6 Remote Buffer Overflow Vulnerability |
CVE-2012-5002 |
critical
|
Mar 1, 2012 |
| GPSMapEdit 1.1.73.2 - '.lst' Denial of Service |
CVE-2012-6042 |
low
|
Mar 1, 2012 |
| Socusoft Photo 2 Video v8.05 - Buffer Overflow Vulnerability |
N/A |
high
|
Feb 27, 2012 |
| DAMN Hash Calculator v1.5.1 Local Heap Overflow PoC |
N/A |
medium
|
Feb 21, 2012 |
