7.5
CVE-2025-66417 - GLPI has an unauthenticated SQL injection through the inventory endpoint
GLPI is a free asset and IT management software package. From 11.0.0, < 11.0.3, an unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 11.0.3.
8.1
CVE-2025-66292 - DPanel has an arbitrary file deletion vulnerability in /api/common/attach/delete interface
DPanel is an open source server management panel written in Go. Prior to 1.9.2, DPanel has an arbitrary file deletion vulnerability in the /api/common/attach/delete interface. Authenticated users can delete arbitrary files on the server via path traversal. When a user logs into the administrative bβ¦
7.5
CVE-2025-64516 - GLPI incorrectly authorizes access to documents
GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item (ticket, asset, ...). If the public FAQ is enabled, this unauthorized access can be performed by an anonymous user. This vulnerability is fixed iβ¦
5.1
CVE-2021-47843 - Tagstoo 2.0.1 - Stored XSS to RCE
Tagstoo 2.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious payloads through files or custom tags. Attackers can execute arbitrary JavaScript code to spawn system processes, access files, and perform remote code execution on the victim's computer.
9.3
CVE-2021-47819 - ProjeQtOr Project Management 9.1.4 - Remote Code Execution
ProjeQtOr Project Management 9.1.4 contains a file upload vulnerability that allows guest users to upload malicious PHP files with arbitrary code execution capabilities. Attackers can upload a PHP script through the profile attachment section and execute system commands by accessing the uploaded fiβ¦
8.5
CVE-2021-47799 - Visual Tools DVR VX16 4.2.28 - Local Privilege Escalation
Visual Tools DVR VX16 version 4.2.28 contains a local privilege escalation vulnerability in its Sudo configuration that allows attackers to gain root access. Attackers can exploit the unsafe Sudo settings by using mount commands to bind a shell, enabling unauthorized system-level privileges.
6.7
CVE-2021-47784 - Cyberfox Web Browser 52.9.1 - Denial of Service (PoC)
Cyberfox Web Browser 52.9.1 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the search bar with excessive data. Attackers can generate a 9,000,000 byte payload and paste it into the search bar to trigger an application crash.
6.7
CVE-2021-47781 - Cmder Console Emulator 1.3.18 - 'Cmder.exe' Denial of Service (PoC)
Cmder Console Emulator 1.3.18 contains a buffer overflow vulnerability that allows attackers to trigger a denial of service condition through a maliciously crafted .cmd file. Attackers can create a specially constructed .cmd file with repeated characters to overwhelm the console emulator's buffer aβ¦
8.8
CVE-2021-47777 - Build Smart ERP 21.0817 - 'eidValue' SQL Injection (Unauthenticated)
Build Smart ERP 21.0817 contains an unauthenticated SQL injection vulnerability in the 'eidValue' parameter of the login validation endpoint. Attackers can inject stacked SQL queries using payloads like ';WAITFOR DELAY '0:0:3'-- to manipulate database queries and potentially extract or modify databβ¦
6.9
CVE-2021-47776 - Umbraco v8.14.1 - 'baseUrl' SSRF
Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and GetRemoteDashboardβ¦