Export limit exceeded: 357188 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 357188 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 83208 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (83208 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4993 | 1 Utarit | 2 Solipay Mobile, Solipay Mobile App | 2026-05-20 | 7.5 High |
| Incorrect Use of Privileged APIs vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users. This issue affects SoliPay Mobile App: before 5.0.8. | ||||
| CVE-2023-6515 | 1 Miateknoloji | 1 Mia-med | 2026-05-20 | 8.8 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. MİA-MED allows Authentication Abuse. This issue affects MİA-MED: before 1.0.7. | ||||
| CVE-2023-6517 | 1 Miateknoloji | 1 Mia-med | 2026-05-20 | 7.5 High |
| Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. MİA-MED allows Collect Data as Provided by Users. This issue affects MİA-MED: before 1.0.7. | ||||
| CVE-2023-6518 | 1 Miateknoloji | 1 Mia-med | 2026-05-20 | 7.5 High |
| Plaintext Storage of a Password vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable. This issue affects MİA-MED: before 1.0.7. | ||||
| CVE-2023-6519 | 1 Miateknoloji | 1 Mia-med | 2026-05-20 | 7.5 High |
| Exposure of Data Element to Wrong Session vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable. This issue affects MİA-MED: before 1.0.7. | ||||
| CVE-2023-6522 | 1 Extremepacs | 1 Extreme Xds | 2026-05-20 | 7.2 High |
| Incorrect Use of Privileged APIs vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users. This issue affects Extreme XDS: before 3914. | ||||
| CVE-2023-6523 | 1 Extremepacs | 1 Extreme Xds | 2026-05-20 | 8.8 High |
| Authorization Bypass Through User-Controlled Key vulnerability in ExtremePacs Extreme XDS allows Authentication Abuse. This issue affects Extreme XDS: before 3914. | ||||
| CVE-2025-51427 | 1 Modelscope | 1 Modelscope | 2026-05-20 | 7.3 High |
| An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file (dey_mini.yaml) under the key ['nnet']['module']. | ||||
| CVE-2025-70950 | 1 Itang | 1 Gohttp | 2026-05-20 | 7.3 High |
| An issue in gohttp commit 34ea51 allows attackers to execute a directory traversal via supplying a crafted request. | ||||
| CVE-2026-36828 | 1 Panabit | 1 Pap-xm320 | 2026-05-20 | 8.8 High |
| A command injection vulnerability exists in the /cgi-bin/tools/ajax_cmd endpoint of Panabit PAP-XM320 up to and including v7.7. The CGI component allows authenticated users to execute arbitrary shell commands with root privileges via the action=runcmd parameter. | ||||
| CVE-2026-47100 | 2 Funnelkit, Wordpress | 2 Funnel Builder For Woocommerce Checkout, Wordpress | 2026-05-20 | 7.5 High |
| Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and write arbitrary data to the plugin's External Scripts global setting. Attackers can inject malicious JavaScript through the External Scripts setting that executes in the browsers of all checkout page visitors. | ||||
| CVE-2026-8073 | 2 Themeum, Wordpress | 2 Kirki – Freeform Page Builder, Website Builder & Customizer, Wordpress | 2026-05-20 | 7.5 High |
| The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation and missing capability check in the 'downloadZIP' function in all versions up to, and including, 6.0.6. This makes it possible for unauthenticated attackers to read and delete arbitrary files limited in the WordPress uploads base directory. | ||||
| CVE-2025-68065 | 2 Liquidthemes, Wordpress | 2 Hub, Wordpress | 2026-05-20 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LiquidThemes Hub Core allows PHP Local File Inclusion. This issue affects Hub Core: from n/a before 6.0.2. | ||||
| CVE-2026-27173 | 1 Apache | 1 Airflow Cncf Kubernetes | 2026-05-20 | 8.7 High |
| JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods. This could allow users with just read-only access to perform actions that were only available to running tasks via Task SDK and potentially allow to modify state of Airflow Database for tasks. | ||||
| CVE-2026-7467 | 2 Edmonsoft, Wordpress | 2 Read More & Accordion, Wordpress | 2026-05-20 | 8.8 High |
| The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.7. This is due to the 'RadMoreAjax::importData' function not restricting which database tables can be written to during import and not properly validating the imported data. This makes it possible for authenticated attackers, with permission granted by the site owner through the plugin's role settings, to insert arbitrary rows into the 'wp_users' and 'wp_usermeta' tables, including the 'wp_capabilities' field, allowing them to create a new administrator account and gain administrator access to the site. | ||||
| CVE-2023-6676 | 1 Nationalkeep | 1 Cybermath | 2026-05-20 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in National Keep Cyber Security Services CyberMath allows Cross Site Request Forgery. This issue affects CyberMath: from v1.4 before v1.5. | ||||
| CVE-2023-6724 | 1 Simgesel | 1 Hearing Tracking System | 2026-05-20 | 8.8 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System allows Authentication Abuse. This issue affects Hearing Tracking System: before for IOS 7.0, for Android Latest release 1.0. | ||||
| CVE-2023-6919 | 1 Biges | 18 Vg-255-bv, Vg-255-bv Firmware, Vg-255-df and 15 more | 2026-05-20 | 7.5 High |
| Path Traversal: '/../filedir' vulnerability in Biges Safe Life Technologies Electronics Inc. VGuard allows Absolute Path Traversal. This issue affects VGuard: before V500.0003.R008.4011.C0012.B351.C. | ||||
| CVE-2022-24036 | 1 Karmasis | 1 Infraskope Siem\+ | 2026-05-20 | 8.6 High |
| Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to modificate logs. | ||||
| CVE-2022-24037 | 1 Karmasis | 1 Infraskope Siem\+ | 2026-05-20 | 8.2 High |
| Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to obtain critical information. | ||||