4.6
CVE-2019-25350 - XMedia Recode 3.4.8.6 - '.m3u' Denial Of Service
XMedia Recode 3.4.8.6 contains a denial of service vulnerability that allows attackers to crash the application by loading a specially crafted .m3u playlist file. Attackers can create a malicious .m3u file with an oversized buffer to trigger an application crash when the file is opened.
4.6
CVE-2019-25349 - scadaApp for iOS 1.1.4.0 - 'Servername' Denial of Service
ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer in the Servername field. Attackers can paste a 257-character buffer during login to trigger an application crash on iOS devices.
4.6
CVE-2019-25326 - ipPulse 1.92 - 'Enter Key' Denial of Service
ipPulse 1.92 contains a denial of service vulnerability that allows local attackers to crash the application by providing an oversized input in the Enter Key field. Attackers can generate a 256-byte buffer of repeated 'A' characters to trigger an application crash when pasting the malicious content.
5.3
CVE-2026-2672 - Tsinghua Unigroup Electronic Archives System downLoad download path traversal
A security flaw has been discovered in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this vulnerability is the function Download of the file /Search/Subject/downLoad. Performing a manipulation of the argument path results in path traversal. The attack is possible to beβ¦
8.7
CVE-2026-27181 - MajorDoMo Unauthenticated Module Uninstall via Market Endpoint
MajorDoMo (aka Major Domestic Module) allows unauthenticated arbitrary module uninstallation through the market module. The market module's admin() method reads gr('mode') from $_REQUEST and assigns it to $this->mode at the start of execution, making all mode-gated code paths reachable without authβ¦
9.3
CVE-2026-27180 - MajorDoMo Supply Chain Remote Code Execution via Update URL Poisoning
MajorDoMo (aka Major Domestic Module) is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin() method through the /objects/?module=saverestore endpoint without authentication because it uses gr('mode'β¦
8.8
CVE-2026-27179 - MajorDoMo Unauthenticated SQL Injection in Commands Module
MajorDoMo (aka Major Domestic Module) contains an unauthenticated SQL injection vulnerability in the commands module. The commands_search.inc.php file directly interpolates the $_GET['parent'] parameter into multiple SQL queries without sanitization or parameterized queries. The commands module is β¦
5.3
CVE-2026-27178 - MajorDoMo Stored Cross-Site Scripting via Method Parameters to Shoutbox
MajorDoMo (aka Major Domestic Module) contains a stored cross-site scripting (XSS) vulnerability through method parameter injection into the shoutbox. The /objects/?method= endpoint allows unauthenticated execution of stored methods with attacker-controlled parameters. Default methods such as ThisCβ¦
5.3
CVE-2026-27177 - MajorDoMo Stored Cross-Site Scripting via Property Set Endpoint
MajorDoMo (aka Major Domestic Module) contains a stored cross-site scripting (XSS) vulnerability via the /objects/?op=set endpoint, which is intentionally unauthenticated for IoT device integration. User-supplied property values are stored raw in the database without sanitization. When an administrβ¦
5.1
CVE-2026-27176 - MajorDoMo Reflected Cross-Site Scripting in command.php
MajorDoMo (aka Major Domestic Module) contains a reflected cross-site scripting (XSS) vulnerability in command.php. The $qry parameter is rendered directly into the HTML page without sanitization via htmlspecialchars(), both in an input field value attribute and in a paragraph element. An attacker β¦