Export limit exceeded: 356046 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (356046 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-6830 | 1 Xpoda Turkiye Information Technology | 1 Xpoda Studio | 2026-06-05 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xpoda Türkiye Information Technology Inc. Password Module allows SQL Injection. This issue affects Password Module: through 11022026. | ||||
| CVE-2025-6918 | 1 Ncvav | 1 Virtual Pbx Software | 2026-06-05 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ncvav Virtual PBX Software allows SQL Injection. This issue affects Virtual PBX Software: before 09.07.2025. | ||||
| CVE-2025-6919 | 2026-06-05 | 9.8 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cats Information Technology Software Development Technologies Aykome License Tracking System allows SQL Injection. This issue affects Aykome License Tracking System: before Version dated 06.10.2025. | ||||
| CVE-2025-6923 | 1 Talentsoft | 1 Unis | 2026-06-05 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Talent Software UNIS allows Reflected XSS. This issue affects UNIS: before 42957. | ||||
| CVE-2025-6924 | 1 Talentsoftware | 1 Bap Automation | 2026-06-05 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Talent Software e-BAP Automation allows Reflected XSS. This issue affects e-BAP Automation: before 42957. | ||||
| CVE-2025-6967 | 1 Sarman Soft Software And Technology Services Industry And Trade Ltd. Co. | 1 Cms | 2026-06-05 | 8.7 High |
| Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking (aka JavaScript Hijacking), Authentication Bypass. This issue affects CMS: through 10022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-5525 | 2 Notepad++, Notepad-plus-plus | 3 Notepad++, Notepad++, Notepad\+\+ | 2026-06-05 | 6 Medium |
| A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trailing backslash, the application appends a backslash and null terminator without proper bounds checking, resulting in a stack buffer overflow and application crash (STATUS_STACK_BUFFER_OVERRUN). | ||||
| CVE-2025-7013 | 2 Qr Menu Pro Smart Menu Systems, Qrmenumpro | 2 Menu Panel, Menu Panel | 2026-06-05 | 5.7 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Exploitation of Trusted Identifiers. This issue affects Menu Panel: through 29012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-46579 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2026-06-05 | 7.4 High |
| A flaw was found in the OpenShift Router. When a Route has `insecureEdgeTerminationPolicy` set to Allow, the HTTP frontend does not remove `X-SSL-Client-*` headers from incoming requests. This allows an unauthenticated attacker to send plain HTTP requests with crafted `X-SSL-Client-*` headers. As a result, backends relying on these headers for mutual TLS (Transport Layer Security) authentication can be bypassed, enabling the attacker to impersonate client certificate identities. | ||||
| CVE-2026-42965 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2026-06-05 | 7.7 High |
| A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN (Fully Qualified Domain Name) EndpointSlice that resolves to a cloud metadata endpoint. This allows the router to proxy requests to the cloud metadata endpoint, leading to the disclosure of instance credentials and other sensitive metadata. This bypasses previous security measures for validating IP addresses. | ||||
| CVE-2025-7014 | 2 Qr Menu Pro Smart Menu Systems, Qrmenumpro | 2 Menu Panel, Menu Panel | 2026-06-05 | 5.7 Medium |
| Session Fixation vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Session Hijacking. This issue affects Menu Panel: through 29012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-7015 | 1 Akinsoft | 1 Qr Menu | 2026-06-05 | 5.7 Medium |
| Session Fixation vulnerability in Akın Software Computer Import Export Industry and Trade Ltd. QR Menu allows Session Fixation. This issue affects QR Menu: before s1.05.12. | ||||
| CVE-2025-7016 | 1 Akinsoft | 1 Qr Menu | 2026-06-05 | 8 High |
| Improper Access Control vulnerability in Akın Software Computer Import Export Industry and Trade Ltd. QR Menu allows Authentication Abuse. This issue affects QR Menu: before s1.05.12. | ||||
| CVE-2026-40989 | 2 Spring, Vmware | 2 Spring Cloud Function, Spring Cloud Function | 2026-06-05 | 5.7 Medium |
| Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6 Spring Cloud Function 4.3.x: versions prior to 4.3.3 Spring Cloud Function 5.0.x: versions prior to 5.0.2 Older, unsupported versions are also affected. | ||||
| CVE-2025-7047 | 1 Utarit | 1 Soliclub | 2026-06-05 | 4.3 Medium |
| Missing Authorization vulnerability in Utarit Informatics Services Inc. SoliClub allows Privilege Abuse. This issue affects SoliClub: before 5.3.7. | ||||
| CVE-2025-7347 | 1 Dinibh Puzzle Software Solutions | 1 Dinibh Patrol Tracking System | 2026-06-05 | 8.8 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Dinibh Puzzle Software Solutions Dinibh Patrol Tracking System allows Exploitation of Trusted Identifiers. This issue affects Dinibh Patrol Tracking System: through 10022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-7355 | 1 Beefull Energy | 1 Beefull App | 2026-06-05 | 6.5 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Beefull Energy Technologies Beefull App allows Exploitation of Trusted Identifiers. This issue affects Beefull App: before 24.07.2025. | ||||
| CVE-2026-40990 | 2 Spring, Vmware | 2 Spring Cloud Function, Spring Cloud Function | 2026-06-05 | 5.7 Medium |
| OOM error is possible while attempting to add infinite amount of functions to Function Registry. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6 Spring Cloud Function 4.3.x: versions prior to 4.3.3 Spring Cloud Function 5.0.x: versions prior to 5.0.2 Older, unsupported versions are also affected. | ||||
| CVE-2025-7358 | 1 Utarit | 1 Soliclub | 2026-06-05 | 7.5 High |
| Use of Hard-coded Credentials vulnerability in Utarit Informatics Services Inc. SoliClub allows Authentication Abuse. This issue affects SoliClub: before 5.3.7. | ||||
| CVE-2025-7630 | 1 Doruk Communication And Automation Industry And Trade Inc. | 1 Wispotter | 2026-06-05 | 5.3 Medium |
| Improper Restriction of Excessive Authentication Attempts, Improper Authentication vulnerability in Doruk Communication and Automation Industry and Trade Inc. Wispotter allows Password Brute Forcing, Brute Force. This issue affects Wispotter: from 1.0 before v2025.10.08.1. | ||||