8.8
CVE-2026-1580 - ingress-nginx auth-method nginx configuration injection
A security issue was discovered in ingress-nginxย where the `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to tโฆ
3.3
CVE-2025-33081 - Multiple Vulnerabilities in IBM Concert Software.
IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive information in log files that could be read by a local user.
5.4
CVE-2025-36033 - IBM Engineering Lifecycle Management - Global Configuration Management is vulnerable to cross-site โฆ
IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScripโฆ
5.1
CVE-2020-37087 - Easy Transfer 1.7 for iOS - Persistent Cross-Site Scripting
Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts by manipulating the oldPath, newPath, and path parameters in Create Folder and Move/Edit functions. Attackers can exploit improper input validatโฆ
8.6
CVE-2020-37084 - School ERP Pro 1.0 Admin Profile Photo Upload Remote Code Execution Vulnerability
School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the servโฆ
5.4
CVE-2025-36094 - Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes fโฆ
IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 could allow an authenticated user to cause a denial of service or corrupt existing data due to the improper validation of input length.
8.7
CVE-2020-37097 - Edimax EW-7438RPn 1.13 - Information Disclosure (WiFi Password)
Edimax EW-7438RPn 1.13 contains an information disclosure vulnerability that exposes WiFi network configuration details through the wlencrypt_wiz.asp file. Attackers can access the script to retrieve sensitive information including WiFi network name and plaintext password stored in device configuraโฆ
5.1
CVE-2020-37096 - Edimax EW-7438RPn - Cross-Site Request Forgery (MAC Filtering)
Edimax EW-7438RPn 1.13 contains a cross-site request forgery vulnerability in the MAC filtering configuration interface. Attackers can craft malicious web pages to trick users into adding unauthorized MAC addresses to the device's filtering rules without their consent.
8.7
CVE-2020-37094 - EspoCRM 5.8.5 - Privilege Escalation
EspoCRM 5.8.5 contains an authentication vulnerability that allows attackers to access other user accounts by manipulating authorization headers. Attackers can decode and modify Basic Authorization and Espo-Authorization tokens to gain unauthorized access to administrative user information and privโฆ
8.7
CVE-2020-37093 - Netis E1+ 1.2.32533 - Unauthenticated WiFi Password Leak
Netis E1+ 1.2.32533 contains an information disclosure vulnerability that allows unauthenticated attackers to retrieve WiFi passwords through the netcore_get.cgi endpoint. Attackers can send a GET request to the endpoint to extract sensitive network credentials including SSID and WiFi passwords in โฆ