6.7
CVE-2020-37121 - CODE::BLOCKS 16.01 - Buffer Overflow (SEH) UNICODE
CODE::BLOCKS 16.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler with crafted Unicode characters. Attackers can create a malicious M3U playlist file with 536 bytes of buffer and shellcode to trigger remote code eโฆ
8.4
CVE-2020-37120 - Rubo DICOM Viewer 2.0 - Buffer Overflow (SEH)
Rubo DICOM Viewer 2.0 contains a buffer overflow vulnerability in the DICOM server name input field that allows attackers to overwrite Structured Exception Handler (SEH). Attackers can craft a malicious text file with carefully constructed payload to execute arbitrary code by overwriting SEH and trโฆ
8.4
CVE-2020-37119 - Nsauditor 3.2.1.0 - Buffer Overflow (SEH+ASLR bypass (3 bytes overwrite))
Nsauditor 3.0.28 and 3.2.1.0 contains a buffer overflow vulnerability in the DNS Lookup tool that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious DNS query payload to trigger a three-byte overwrite, bypass ASLR, and execute shellcode through a carefโฆ
5.1
CVE-2020-37118 - P5 FNIP-8x16A FNIP-4xSH 1.0.20 - Cross-Site Request Forgery (Add Admin)
P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking authentโฆ
8.6
CVE-2020-37117 - jizhiCMS 1.6.7 - Arbitrary File Download
jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated administrators to download arbitrary files. Attackers can exploit the vulnerability by sending crafted POST requests with malicious filepath and download_url parameters to trigger unโฆ
8.8
CVE-2020-37151 - phpMyChat Plus 1.98 'deluser.php' SQL Injection
phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmc_username parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to extract sensitive database iโฆ
6.5
CVE-2025-14150 - IBM webMethods Integration Sever is affected by
IBM webMethods Integration (on prem) - Integration Server 10.15 through IS_10.15_Core_Fix2411.1 to IS_11.1_Core_Fix8 IBM webMethods Integration could disclose sensitive user information in server responses.
5.1
CVE-2025-13491 - IBM App Connect Enterprise Certified Container Information Disclosure
IBM App Connect Enterprise Certified Containerย CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0ย andย 12.0 LTS: 12.0.0 through 12.0.19ย could allow an attacker to access sensitive files or modify configurations due to an untrusted search path.
8.6
CVE-2025-13379 - A SQL Injection vulnerability has been addressed in IBM Aspera Console
IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.
5.4
CVE-2026-1927 - GreenShift - Animation and Page Builder Blocks <= 12.6 - Missing Authorization to Authenticated (Suโฆ
The Greenshift โ animation and page builder blocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the greenshift_app_pass_validation() function in all versions up to, and including, 12.6. This makes it possible for authenticated attackers, witโฆ