Export limit exceeded: 355932 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (355932 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-4383 | 2026-06-05 | 9.3 Critical | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in Art-in Bilişim Teknolojileri ve Yazılım Hizm. Tic. Ltd. Şti. Wi-Fi Cloud Hotspot allows Authentication Abuse, Authentication Bypass. This issue affects Wi-Fi Cloud Hotspot: before 30.05.2025. | ||||
| CVE-2026-9270 | 2026-06-05 | N/A | ||
| DataDog::DogStatsd versions through 0.07 for Perl allow metric injections. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources. The send_stats method does not remove newlines from metric names ($stat variable), allowing attackers to change the metric name prefix. The send_stats method does not validate the content of the value ($delta variable), allowing attackers to inject metrics, especially from methods that do not restrict the data type for the value, such as set, gauge, count and histogram. The send_stats method does not validate the content of the tags, which may contain newlines, pipes and colons that allow metric injections. Note that the SYNOPSIS shows an example of passing a website form "loginName" parameter as a tag, which is unsafe. | ||||
| CVE-2025-4411 | 2026-06-05 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dataprom Informatics PACS-ACSS allows Cross-Site Scripting (XSS). This issue affects PACS-ACSS: before 16.05.2025. | ||||
| CVE-2025-4686 | 1 Kodmatic | 1 Online Exam And Assessment | 2026-06-05 | 8.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kodmatic Computer Software Tourism Construction Industry and Trade Ltd. Co. Online Exam and Assessment allows SQL Injection. This issue affects Online Exam and Assessment: through 30012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-4688 | 1 Bgs Interactive | 1 Sinav.link | 2026-06-05 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BGS Interactive SINAV.LINK Exam Result Module allows SQL Injection. This issue affects SINAV.LINK Exam Result Module: before 1.2. | ||||
| CVE-2026-10973 | 1 Google | 1 Chrome | 2026-06-05 | N/A |
| Uninitialized Use in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-11369 | 1 Linqi | 1 Linqi | 2026-06-05 | N/A |
| The Comment API (GET /api/Comment and POST /api/Comment) in the affected application fails to perform authorization checks to verify that the requesting user has access to the object identified by the relatedObjectId. This Insecure Direct Object Reference (IDOR) vulnerability allows any authenticated user to read and write comments on any process across all business units by supplying an arbitrary object GUID. | ||||
| CVE-2025-4738 | 2026-06-05 | 9.8 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yirmibes Software MY ERP allows SQL Injection. This issue affects MY ERP: before 1.170. | ||||
| CVE-2025-4763 | 1 Aida | 1 Hotel Guest Hotspot | 2026-06-05 | 5.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows Reflected XSS. This issue affects Hotel Guest Hotspot: through 22012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-4764 | 1 Aida | 1 Hotel Guest Hotspot | 2026-06-05 | 8 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows SQL Injection. This issue affects Hotel Guest Hotspot: through 22012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-4784 | 1 Moderec | 1 Tourtella | 2026-06-05 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Moderec Tourtella allows SQL Injection. This issue affects Tourtella: before 26.05.2025. | ||||
| CVE-2025-4822 | 2026-06-05 | 9.8 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bayraktar Solar Energies ScadaWatt Otopilot allows SQL Injection. This issue affects ScadaWatt Otopilot: before 27.05.2025. | ||||
| CVE-2025-5243 | 2026-06-05 | 10 Critical | ||
| Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SMG Software Information Portal allows Code Injection, Upload a Web Shell to a Web Server, Code Inclusion. This issue affects Information Portal: before 13.06.2025. | ||||
| CVE-2025-5253 | 2026-06-05 | 6.5 Medium | ||
| Allocation of Resources Without Limits or Throttling vulnerability in Kron Technologies Kron PAM allows HTTP DoS. This issue affects Kron PAM: before 3.7. | ||||
| CVE-2025-5254 | 2026-06-05 | 6.1 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kron Technologies Kron PAM allows Stored XSS. This issue affects Kron PAM: before 3.7. | ||||
| CVE-2026-26832 | 1 Zapolnoch | 2 Node-tesseract-ocr, Tesseract Ocr | 2026-06-05 | 9.8 Critical |
| node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize() function in src/index.js is vulnerable to OS Command Injection. The file path parameter is concatenated into a shell command string and passed to child_process.exec() without proper sanitization | ||||
| CVE-2025-5260 | 2026-06-05 | 8.6 High | ||
| Server-Side Request Forgery (SSRF) vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Server Side Request Forgery. This issue affects Pik Online: before 3.1.5. | ||||
| CVE-2026-10879 | 2026-06-05 | N/A | ||
| DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. Placeholders 10-99 require four characters, 100-999 require five characters, et cetera. | ||||
| CVE-2026-21026 | 1 Samsung | 1 Mobile Devices | 2026-06-05 | N/A |
| Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information. | ||||
| CVE-2025-5261 | 2026-06-05 | 7.5 High | ||
| Authorization Bypass Through User-Controlled Key vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Exploitation of Trusted Identifiers. This issue affects Pik Online: before 3.1.5. | ||||