Export limit exceeded: 82394 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (82394 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-23375 | 1 Microsoft | 6 Odbc, Odbc Driver 17 For Sql Server, Odbc Driver 18 For Sql Server and 3 more | 2026-06-02 | 7.8 High |
| Microsoft ODBC and OLE DB Remote Code Execution Vulnerability | ||||
| CVE-2026-10226 | 1 Raisulislamg4 | 1 Student Management System By Php | 2026-06-02 | 7.3 High |
| A flaw has been found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. Impacted is an unknown function of the file delete.php. Executing a manipulation of the argument user_id/course_id/teacher_id/student_id/application_id can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-10220 | 1 Nousresearch | 1 Hermes-agent | 2026-06-02 | 7.3 High |
| A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Affected is the function _serve_plugin_skill/skill_view of the file tools/skills_tool.py. Executing a manipulation can lead to injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-25276 | 1 Qualcomm | 115 Cq8750m, Cq8750m Firmware, Fastconnect 6700 and 112 more | 2026-06-02 | 8.8 High |
| Memory corruption while using Strongbox due to missing bounds check. | ||||
| CVE-2026-10208 | 1 Code-projects | 1 Online Hospital Management System | 2026-06-02 | 7.3 High |
| A flaw has been found in code-projects Online Hospital Management System 1.php. This impacts the function login_user of the file login_1.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used. | ||||
| CVE-2026-25277 | 1 Qualcomm | 115 Cq8750m, Cq8750m Firmware, Fastconnect 6700 and 112 more | 2026-06-02 | 8.8 High |
| Memory corruption while using Strongbox due to buffer overflow. | ||||
| CVE-2026-8671 | 4 Avantra, Linux, Microsoft and 1 more | 4 Avantra, Linux Kernel, Windows and 1 more | 2026-06-02 | 7.5 High |
| Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Exposure. This issue affects Avantra: before 25.3.0. | ||||
| CVE-2026-10188 | 1 Tenda | 2 W12, W12 Firmware | 2026-06-02 | 8.8 High |
| A flaw has been found in Tenda W12 3.0.0.7(4763). This affects the function cgistaKickOff of the file /bin/httpd. Executing a manipulation of the argument staMac can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used. | ||||
| CVE-2019-25718 | 1 Draeger | 1 Infinity Explorer C700 | 2026-06-02 | 8.4 High |
| Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog interaction. Attackers can exploit this kiosk escape to take control of the operating system and cause the device to display incorrect or no information from the connected Delta Family patient monitor. | ||||
| CVE-2026-10181 | 1 Trendnet | 1 Tew-432brp | 2026-06-02 | 8.8 High |
| A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSysCmd of the file /goform/formSysCmd. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2023-42344 | 1 Alkacon | 1 Opencms | 2026-06-02 | 7.3 High |
| Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet. | ||||
| CVE-2026-8293 | 2 Really-simple-plugins, Wordpress | 2 Really Simple Security, Wordpress | 2026-06-02 | 7.5 High |
| The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor authentication REST endpoints, allowing an attacker who knows a user's password to obtain a WordPress authentication session for that user without completing the email OTP challenge. | ||||
| CVE-2026-1784 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2026-06-02 | 8.8 High |
| The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration. | ||||
| CVE-2026-42669 | 2 Theeventprime, Wordpress | 2 Eventprime, Wordpress | 2026-06-02 | 7.5 High |
| Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventPrime: from n/a through 4.3.2.0. | ||||
| CVE-2022-37398 | 1 Asustor | 1 Adm | 2026-06-02 | 7.1 High |
| A stack-based buffer overflow vulnerability was found inside ADM when using WebDAV due to the lack of data size validation. An attacker can exploit this vulnerability to run arbitrary code. Affected ADM versions include: 3.5.9.RUE3 and below, 4.0.5.RVI1 and below as well as 4.1.0.RJD1 and below. | ||||
| CVE-2022-34871 | 1 Centreon | 1 Centreon | 2026-06-02 | 7.2 High |
| This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of poller resources. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-16335. | ||||
| CVE-2026-6957 | 1 Mattermost | 2 Legal Hold, Mattermost | 2026-06-02 | 8 High |
| Mattermost Plugins versions <=1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federated Mattermost server to write files to arbitrary locations within the target server's filestore via a malicious filename delivered through the shared-channel attachment sync protocol. Mattermost Advisory ID: MMSA-2026-00659 | ||||
| CVE-2026-42010 | 2 Gnu, Redhat | 6 Gnutls, Enterprise Linux, Hardened Images and 3 more | 2026-06-02 | 7.1 High |
| A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process. | ||||
| CVE-2026-42009 | 1 Redhat | 5 Enterprise Linux, Hardened Images, Hummingbird and 2 more | 2026-06-02 | 7.5 High |
| A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service. | ||||
| CVE-2025-15623 | 1 Sparxsystems | 2 Pro Cloud Server, Sparx Pro Cloud Server | 2026-06-02 | 7.5 High |
| Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. Unauthenticated user can retrieve database password in plaintext in certain situations | ||||