Export limit exceeded: 356981 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 356981 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (356981 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-9342 | 2026-06-05 | 6.5 Medium | ||
| Authorization Bypass Through User-Controlled Key vulnerability in Anadolu Hayat Emeklilik Inc. AHE Mobile allows Privilege Abuse. This issue affects AHE Mobile: from 1.9.7 before 1.9.9. | ||||
| CVE-2025-9588 | 2 Ironmountain, Linux | 2 Envision, Linux Kernel | 2026-06-05 | 10 Critical |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Iron Mountain Archiving Services Inc. EnVision allows Command Injection. This issue affects enVision: before 250563. | ||||
| CVE-2025-9798 | 1 Netcad | 1 Netigma | 2026-06-05 | 8.9 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Netcad Software Inc. Netigma allows Stored XSS. This issue affects Netigma: from 6.3.3 before 6.3.5 V8. | ||||
| CVE-2025-9846 | 1 Talentsys | 1 Inka Net | 2026-06-05 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in TalentSys Consulting Information Technology Industry Inc. Inka.Net allows Command Injection. This issue affects Inka.Net: before 6.7.1. | ||||
| CVE-2025-9902 | 2026-06-05 | 7.5 High | ||
| Authorization Bypass Through User-Controlled Key vulnerability in AKIN Software Computer Import Export Industry and Trade Co. Ltd. QRMenu allows Privilege Abuse. This issue affects QRMenu: from 1.05.12 before Version dated 05.09.2025. | ||||
| CVE-2025-9953 | 1 Database Software Training Consulting Ltd. | 1 Databank Accreditation Software | 2026-06-05 | 9.8 Critical |
| Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in DATABASE Software Training Consulting Ltd. Databank Accreditation Software allows SQL Injection. This issue affects Databank Accreditation Software: through 19022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-9969 | 2026-06-05 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vizly Web Design Real Estate Packages allows Content Spoofing, CAPEC - 593 - Session Hijacking, CAPEC - 591 - Reflected XSS. This issue affects Real Estate Packages: before 5.1. | ||||
| CVE-2025-9986 | 1 Vadi Corporate Information Systems | 1 Digikent | 2026-06-05 | 8.2 High |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation. This issue affects DIGIKENT: through 13092025. | ||||
| CVE-2025-10024 | 1 Exert | 1 Education Management System | 2026-06-05 | 7.5 High |
| Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection. This issue affects Education Management System: through 23.09.2025. | ||||
| CVE-2025-10161 | 1 Turkguven | 1 Perfektive | 2026-06-05 | 7.3 High |
| Improper Restriction of Excessive Authentication Attempts, Client-Side Enforcement of Server-Side Security, Reliance on Untrusted Inputs in a Security Decision vulnerability in Turkguven Software Technologies Inc. Perfektive allows Brute Force, Authentication Bypass, Functionality Bypass. This issue affects Perfektive: before Version: 12574 Build: 2701. | ||||
| CVE-2026-42250 | 1 Bzip | 1 Bzip2 | 2026-06-05 | 5.0 Medium |
| bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corruption and a crash (denial of service). This issue was fixed in bzip2 patch 35d122a3df8b0cc4082a4d89fdc6ee99f375fe67 | ||||
| CVE-2025-10174 | 1 Pan Software & Information Technologies | 1 Pancafe Pro | 2026-06-05 | 8.3 High |
| Cleartext Transmission of Sensitive Information vulnerability in Pan Software & Information Technologies Ltd. PanCafe Pro allows Flooding. This issue affects PanCafe Pro: from < 3.3.2 through 23092025. | ||||
| CVE-2025-10228 | 1 Rolantis Information Technologies | 1 Agentis | 2026-06-05 | 8.8 High |
| Session Fixation vulnerability in Rolantis Information Technologies Agentis allows Session Hijacking. This issue affects Agentis: before 4.44. | ||||
| CVE-2025-10437 | 1 Eksagate | 1 Webpack Management System | 2026-06-05 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. Webpack Management System allows SQL Injection. This issue affects Webpack Management System: through 20251119. | ||||
| CVE-2025-10438 | 2026-06-05 | 8.6 High | ||
| Path Traversal: 'dir/../../filename' vulnerability in Yordam Information Technology Consulting Education and Electrical Systems Industry Trade Inc. Yordam Katalog allows Path Traversal. This issue affects Yordam Katalog: before 21.7. | ||||
| CVE-2026-36576 | 1 Openlabs | 1 Docker-wkhtmltopdf-aas | 2026-06-05 | 9.8 Critical |
| An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request. | ||||
| CVE-2026-36748 | 1 Sparkdevnetwork | 1 Rock Rms | 2026-06-05 | 9 Critical |
| RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profile. | ||||
| CVE-2026-36602 | 1 Mercusys | 1 Ac12g | 2026-06-05 | 4.3 Medium |
| Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 discloses kernel memory layout via the UPnP GetStatusInfo action. An unauthenticated attacker on the adjacent network can obtain a raw MIPS KSEG0 kernel pointer, revealing kernel memory layout and aiding further exploitation. | ||||
| CVE-2026-36603 | 1 Mercusys | 1 Ac12g | 2026-06-05 | 8.1 High |
| Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 exposes 15 of 18 UPnP IGD actions without authentication on port 1900, including AddPortMapping and GetExternalIPAddress. UPnP is enabled by default through the admin interface, allowing any unauthenticated LAN device to create arbitrary port forwarding rules and access WAN traffic statistics. | ||||
| CVE-2026-36604 | 1 Mercusys | 1 Ac12g | 2026-06-05 | 6.5 Medium |
| Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 does not validate the HTTP Host header, enabling DNS rebinding attacks. An external attacker can rebind a domain to the router's internal IP address, extending the CORS wildcard vulnerability (Access-Control-Allow-Origin: *) to internet-originated attacks. | ||||