Export limit exceeded: 354956 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (354956 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-34000 | 2 Redhat, X.org | 10 Enterprise Linux, Enterprise Linux Eus, Rhel Aus and 7 more | 2026-06-02 | 6.1 Medium |
| A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server, either locally or remotely, can exploit this without user interaction. This could lead to the disclosure of memory contents or cause a denial of service by crashing the server. | ||||
| CVE-2026-33999 | 1 Redhat | 8 Enterprise Linux, Enterprise Linux Eus, Rhel Aus and 5 more | 2026-06-02 | 7.8 High |
| A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts. | ||||
| CVE-2024-7872 | 1 Extremepacs | 1 Extreme Xds | 2026-06-02 | 7.6 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in ExtremePACS Extreme XDS allows Retrieve Embedded Sensitive Data. This issue affects Extreme XDS: before 3933. | ||||
| CVE-2024-7873 | 1 Veribilim Software | 1 Veribase Order Management | 2026-06-02 | N/A |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Encoding or Escaping of Output, CWE - 83 Improper Neutralization of Script in Attributes in a Web Page vulnerability in Veribilim Software Veribase Order allows Stored XSS, Cross-Site Scripting (XSS), Exploit Script-Based APIs, XSS Through HTTP Headers. This issue affects Veribase Order: before v4.010.3. | ||||
| CVE-2024-7882 | 1 Special Minds | 1 E-commerce | 2026-06-02 | 6.5 Medium |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Special Minds Design and Software e-Commerce allows SQL Injection. This issue affects e-Commerce: before 22.11.2024. | ||||
| CVE-2024-8074 | 2026-06-02 | N/A | ||
| Missing Authentication for Critical Function, Missing Authorization vulnerability in Nomysoft Informatics Nomysem allows Collect Data as Provided by Users. This issue affects Nomysem: before 13.10.2024. | ||||
| CVE-2024-8259 | 1 Eryaz Information Technologies | 1 Natracar B2b Dealer Management Program | 2026-06-02 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eryaz Information Technologies NatraCar B2B Dealer Management Program allows SQL Injection. This issue affects NatraCar B2B Dealer Management Program: through 09.12.2024. NOTE: The vendor was contacted and it was learned that the product is not supported. | ||||
| CVE-2024-8261 | 1 Prolizyazilim | 1 Student Affairs Information System | 2026-06-02 | 7.5 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Proliz Software OBS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects OBS: before 24.0927. | ||||
| CVE-2024-8262 | 1 Prolizyazilim | 1 Student Affairs Information System | 2026-06-02 | 9.8 Critical |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Proliz Software OBS allows Path Traversal. This issue affects OBS: before 24.0927. | ||||
| CVE-2025-13593 | 1 Synology | 1 Activeprotect Agent | 2026-06-02 | 6.1 Medium |
| Origin validation error vulnerability in Synology ActiveProtect Agent before 1.1.0-0439 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation. | ||||
| CVE-2024-8429 | 2026-06-02 | 4.3 Medium | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in Digital Operation Services WiFiBurada allows Use of Known Domain Credentials. This issue affects WiFiBurada: before 1.0.5. | ||||
| CVE-2024-8475 | 2026-06-02 | 6.5 Medium | ||
| Authentication Bypass by Assumed-Immutable Data vulnerability in Digital Operation Services WiFiBurada allows Manipulating User-Controlled Variables. This issue affects WiFiBurada: before 1.0.5. | ||||
| CVE-2024-8607 | 1 Oceanicsoft | 1 Valeapp | 2026-06-02 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oceanic Software ValeApp allows SQL Injection. This issue affects ValeApp: before v2.0.0. | ||||
| CVE-2024-8608 | 1 Oceanicsoft | 1 Valeapp | 2026-06-02 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Oceanic Software ValeApp allows Stored XSS. This issue affects ValeApp: before v2.0.0. | ||||
| CVE-2024-8609 | 1 Oceanicsoft | 1 Valeapp | 2026-06-02 | 7.5 High |
| Insertion of Sensitive Information into Log File vulnerability in Oceanic Software ValeApp allows Query System for Information. This issue affects ValeApp: before v2.0.0. | ||||
| CVE-2024-8643 | 1 Oceanicsoft | 1 Valeapp | 2026-06-02 | 9.8 Critical |
| Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking. This issue affects ValeApp: before v2.0.0. | ||||
| CVE-2024-8644 | 1 Oceanicsoft | 1 Valeapp | 2026-06-02 | 7.5 High |
| Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking (aka JavaScript Hijacking). This issue affects ValeApp: before v2.0.0. | ||||
| CVE-2024-8781 | 1 Tr7cyberdefense | 1 Asp | 2026-06-02 | N/A |
| Execution with Unnecessary Privileges, : Improper Protection of Alternate Path vulnerability in TR7 Application Security Platform (ASP) allows Privilege Escalation, -Privilege Abuse. This issue affects Application Security Platform (ASP): v1.4.25.188. | ||||
| CVE-2024-8950 | 2026-06-02 | 9.9 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arne Informatics Piramit Automation allows Blind SQL Injection. This issue affects Piramit Automation: before 27.09.2024. | ||||
| CVE-2024-8972 | 2026-06-02 | 9.8 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mobil365 Informatics Saha365 App allows SQL Injection. This issue affects Saha365 App: before 30.09.2024. | ||||