|
71
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Cookie Law Bar 1.2.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting unsanitized input to the Bar Message field. Att…
New
|
CWE-79
Cross-site Scripting
|
CVE-2021-47957
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
72
|
8.2 |
HIGH
Network
|
-
|
-
|
EgavilanMedia PHPCRUD 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the firstname parameter. Attackers…
New
|
CWE-89
SQL Injection
|
CVE-2021-47956
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
73
|
5.4 |
MEDIUM
Network
|
-
|
-
|
CouchCMS 2.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript by uploading malicious SVG files through the file upload functionality…
New
|
CWE-79
Cross-site Scripting
|
CVE-2021-47955
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
74
|
8.2 |
HIGH
Network
|
-
|
-
|
LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the search_query parameter. Attackers can send…
New
|
CWE-89
SQL Injection
|
CVE-2021-47954
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
75
|
9.8 |
CRITICAL
Network
|
-
|
-
|
python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. …
New
|
CWE-94
Code Injection
|
CVE-2021-47952
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
76
|
7.5 |
HIGH
Network
|
-
|
-
|
Home Assistant Community Store (HACS) 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to read sensitive files by traversing directories via the /hacsfiles/ endpoi…
New
|
CWE-22
Path Traversal
|
CVE-2021-47942
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
77
|
5.3 |
MEDIUM
Network
|
-
|
-
|
MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through thread titles, post content, and user profile fields like Location and …
New
|
CWE-79
Cross-site Scripting
|
CVE-2021-47934
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
78
|
7.8 |
HIGH
Local
|
-
|
-
|
Kite 4.2.0.1 U1 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers …
New
|
CWE-428
Unquoted Search Path or Element
|
CVE-2020-37247
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
79
|
6.2 |
MEDIUM
Local
|
-
|
-
|
Supsystic Backup 2.3.9 contains a local file inclusion vulnerability that allows unauthenticated attackers to read and delete arbitrary files by manipulating the download path parameter. Attackers ca…
New
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2020-37246
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
80
|
7.5 |
HIGH
Network
|
-
|
-
|
Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attackers to access files outside the web root by injecting directory traversal sequ…
New
|
CWE-79
Cross-site Scripting
|
CVE-2020-37245
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
