8.8
CVE-2025-14929 - Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Codβ¦
Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulβ¦
9.3
CVE-2025-15045 - Tenda WH450 HTTP Request Natlimit stack-based overflow
A flaw has been found in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/Natlimit of the component HTTP Request Handler. This manipulation of the argument page causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has bβ¦
9.3
CVE-2025-15044 - Tenda WH450 NatStaticSetting stack-based overflow
A vulnerability was detected in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/NatStaticSetting. The manipulation of the argument page results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used.
5.1
CVE-2021-47737 - CSZ CMS 1.2.7 HTML Injection Vulnerability via Member Dashboard
CSZ CMS 1.2.7 contains an HTML injection vulnerability that allows authenticated users to insert malicious hyperlinks in message titles. Attackers can craft POST requests to the member messaging system with HTML-based links to potentially conduct phishing or social engineering attacks.
5.1
CVE-2021-47733 - CMSimple 5.4 Cross-Site Scripting via HTML Unicode Encoding
CMSimple 5.4 contains a cross-site scripting vulnerability that allows attackers to bypass input filtering by using HTML to Unicode encoding. Attackers can inject malicious scripts by encoding payloads like ')-alert(1)// and execute arbitrary JavaScript when victims interact with delete buttons.
5.1
CVE-2021-47716 - Orangescrum 1.8.0 Cross-Site Scripting via Authenticated Endpoints
Orangescrum 1.8.0 contains multiple cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through various input parameters. Attackers can exploit parameters like 'projid', 'CS_message', and 'name' to execute arbitrary JavaScript code in victim's browserβ¦
9.3
CVE-2023-53982 - PMB 7.4.6 SQL Injection Vulnerability via Unsanitized Storage Parameter
PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote attackers to manipulate database queries. Attackers can exploit the unsanitized 'id' parameter by injecting conditional sleep statements to extract information or perform time-basedβ¦
8.5
CVE-2021-47739 - Epic Games Easy Anti-Cheat 4.0 Local Privilege Escalation via Unquoted Service Path
Epic Games Easy Anti-Cheat 4.0 contains an unquoted service path vulnerability that allows local non-privileged users to execute arbitrary code with elevated system privileges. Attackers can exploit the service configuration by inserting malicious code in the system root path that would execute witβ¦
5.1
CVE-2021-47738 - CSZ CMS 1.2.7 Persistent Cross-Site Scripting via Private Messaging
CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend dashbβ¦
8.6
CVE-2021-47736 - CMSimple_XH 1.7.4 Authenticated Remote Code Execution via Content Editing
CMSimple_XH 1.7.4 contains an authenticated remote code execution vulnerability in the content editing functionality that allows administrative users to upload malicious PHP files. Attackers with valid credentials can exploit the CSRF token mechanism to create a PHP shell file that enables arbitrarβ¦