5.4
CVE-2025-36033 - IBM Engineering Lifecycle Management - Global Configuration Management is vulnerable to cross-site β¦
IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScripβ¦
5.1
CVE-2020-37087 - Easy Transfer 1.7 for iOS - Persistent Cross-Site Scripting
Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts by manipulating the oldPath, newPath, and path parameters in Create Folder and Move/Edit functions. Attackers can exploit improper input validatβ¦
8.6
CVE-2020-37084 - School ERP Pro 1.0 Admin Profile Photo Upload Remote Code Execution Vulnerability
School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the servβ¦
5.4
CVE-2025-36094 - Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes fβ¦
IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 could allow an authenticated user to cause a denial of service or corrupt existing data due to the improper validation of input length.
8.7
CVE-2020-37097 - Edimax EW-7438RPn 1.13 - Information Disclosure (WiFi Password)
Edimax EW-7438RPn 1.13 contains an information disclosure vulnerability that exposes WiFi network configuration details through the wlencrypt_wiz.asp file. Attackers can access the script to retrieve sensitive information including WiFi network name and plaintext password stored in device configuraβ¦
5.1
CVE-2020-37096 - Edimax EW-7438RPn - Cross-Site Request Forgery (MAC Filtering)
Edimax EW-7438RPn 1.13 contains a cross-site request forgery vulnerability in the MAC filtering configuration interface. Attackers can craft malicious web pages to trick users into adding unauthorized MAC addresses to the device's filtering rules without their consent.
8.7
CVE-2020-37094 - EspoCRM 5.8.5 - Privilege Escalation
EspoCRM 5.8.5 contains an authentication vulnerability that allows attackers to access other user accounts by manipulating authorization headers. Attackers can decode and modify Basic Authorization and Espo-Authorization tokens to gain unauthorized access to administrative user information and privβ¦
8.7
CVE-2020-37093 - Netis E1+ 1.2.32533 - Unauthenticated WiFi Password Leak
Netis E1+ 1.2.32533 contains an information disclosure vulnerability that allows unauthenticated attackers to retrieve WiFi passwords through the netcore_get.cgi endpoint. Attackers can send a GET request to the endpoint to extract sensitive network credentials including SSID and WiFi passwords in β¦
9.3
CVE-2020-37092 - Netis E1+ 1.2.32533 - Backdoor Account (root)
Netis E1+ version 1.2.32533 contains a hardcoded root account vulnerability that allows unauthenticated attackers to access the device with predefined credentials. Attackers can leverage the embedded root account with a crackable password to gain full administrative access to the network device.
5.1
CVE-2020-37091 - Maian Support Helpdesk 4.3 - Cross-Site Request Forgery (Add Admin)
Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms to add admin users and upload PHP files with unrestricted file upload capabilities through the FAQ β¦