Export limit exceeded: 82422 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (82422 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-10293 | 1 Utt | 1 Hiper 1200gw | 2026-06-02 | 8.8 High |
| A flaw has been found in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/formFireWall. This manipulation of the argument Profile causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used. | ||||
| CVE-2026-10290 | 1 Code-projects | 1 Hotel And Tourism Reservation System | 2026-06-02 | 7.3 High |
| A weakness has been identified in code-projects Hotel and Tourism Reservation System 1.0. The affected element is an unknown function of the file tour.php of the component GET Parameter Handler. Executing a manipulation of the argument tour can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-7770 | 1 Ibm | 1 I Access Family | 2026-06-02 | 8.8 High |
| IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator. | ||||
| CVE-2018-25432 | 1 Armcode | 1 Arm Whois | 2026-06-02 | 8.4 High |
| Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft a malicious input file with a 672-byte offset to overwrite the nSEH and SEH pointers, enabling code execution through exception handler hijacking. | ||||
| CVE-2024-7837 | 1 Firmanet | 1 Erp | 2026-06-02 | 8.2 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Firmanet Software ERP allows SQL Injection. This issue affects ERP: through 22.11.2024. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7872 | 1 Extremepacs | 1 Extreme Xds | 2026-06-02 | 7.6 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in ExtremePACS Extreme XDS allows Retrieve Embedded Sensitive Data. This issue affects Extreme XDS: before 3933. | ||||
| CVE-2024-8261 | 1 Prolizyazilim | 1 Student Affairs Information System | 2026-06-02 | 7.5 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Proliz Software OBS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects OBS: before 24.0927. | ||||
| CVE-2024-8609 | 1 Oceanicsoft | 1 Valeapp | 2026-06-02 | 7.5 High |
| Insertion of Sensitive Information into Log File vulnerability in Oceanic Software ValeApp allows Query System for Information. This issue affects ValeApp: before v2.0.0. | ||||
| CVE-2024-8644 | 1 Oceanicsoft | 1 Valeapp | 2026-06-02 | 7.5 High |
| Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking (aka JavaScript Hijacking). This issue affects ValeApp: before v2.0.0. | ||||
| CVE-2024-9149 | 2026-06-02 | 8.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wind Media E-Commerce Website Template allows SQL Injection. This issue affects E-Commerce Website Template: before v1.5. | ||||
| CVE-2024-9334 | 2026-06-02 | 8.2 High | ||
| Use of Hard-coded Credentials, Storage of Sensitive Data in a Mechanism without Access Control vulnerability in E-Kent Pallium Vehicle Tracking allows Authentication Bypass. This issue affects Pallium Vehicle Tracking: before 17.10.2024. | ||||
| CVE-2024-11142 | 1 Proticaret | 1 Proticaret | 2026-06-02 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Gosoft Software Proticaret E-Commerce allows Cross Site Request Forgery. This issue affects Proticaret E-Commerce: before v6.0 NOTE: According to the vendor, fixing process is still ongoing for v4.05. | ||||
| CVE-2024-11216 | 2026-06-02 | 7.6 High | ||
| Authorization Bypass Through User-Controlled Key, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in PozitifIK Pik Online allows Account Footprinting, Session Hijacking. This issue affects Pik Online: before 3.1.5. | ||||
| CVE-2025-26597 | 3 Redhat, Tigervnc, X.org | 9 Enterprise Linux, Rhel Aus, Rhel E4s and 6 more | 2026-06-02 | 7.8 High |
| A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because the key actions are of the wrong size. | ||||
| CVE-2026-49372 | 1 Jetbrains | 1 Teamcity | 2026-06-02 | 7.5 High |
| In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible | ||||
| CVE-2026-49371 | 1 Jetbrains | 1 Teamcity | 2026-06-02 | 7.1 High |
| In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible | ||||
| CVE-2026-46243 | 1 Linux | 2 Kernel, Linux Kernel | 2026-06-02 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcall_target that cifs.upcall treats as kernel-originating inputs. However, userspace can also create keys of this type through request_key(2) or add_key(2), allowing those fields to be supplied without CIFS origin. Only accept cifs.spnego descriptions while CIFS is using its private spnego_cred to request the key. | ||||
| CVE-2026-45662 | 1 Dokploy | 1 Dokploy | 2026-06-02 | 8.8 High |
| Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.0 and earlier, the deleteRegistry function in Dokploy (packages/server/src/services/registry.ts) executes docker logout ${response.registryUrl} without shell escaping. In the same file, the docker login command correctly uses shEscape() to prevent command injection. This inconsistency creates a command injection vulnerability when deleting a registry with a crafted registryUrl. | ||||
| CVE-2026-10164 | 1 Edimax | 2 Br-6478ac, Br-6478ac Firmware | 2026-06-02 | 8.8 High |
| A vulnerability was found in Edimax BR-6478AC 1.23. Impacted is the function formUSBFolder of the file /goform/formUSBFolder of the component POST Request Handler. The manipulation of the argument ShareName/SelectName results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-10163 | 1 Edimax | 2 Br-6478ac, Br-6478ac Firmware | 2026-06-02 | 8.8 High |
| A vulnerability has been found in Edimax BR-6478AC 1.23. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. The manipulation of the argument UserName/Password leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | ||||