Export limit exceeded: 355183 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (355183 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-7071 | 2 Brain Information Technologies, Brainlowcode | 2 Brain Low-code, Brain Low-code | 2026-06-03 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in Brain Information Technologies Inc. Brain Low-Code allows SQL Injection. This issue affects Brain Low-Code: before 2.1.0. | ||||
| CVE-2024-7076 | 2 Semtek, Semtekyazilim | 2 Sempos, Semtek Sempos | 2026-06-03 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows Blind SQL Injection. This issue affects Semtek Sempos: through 31072024. | ||||
| CVE-2024-7077 | 1 Semtekyazilim | 1 Semtek Sempos | 2026-06-03 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows Reflected XSS. This issue affects Semtek Sempos: through 31072024. | ||||
| CVE-2024-7078 | 2 Semtek, Semtekyazilim | 2 Sempos, Semtek Sempos | 2026-06-03 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows SQL Injection. This issue affects Semtek Sempos: through 31072024. | ||||
| CVE-2024-7098 | 2 Sfs, Sfs Consulting | 2 Winsure, Wwwinsure | 2026-06-03 | 9.8 Critical |
| Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection. This issue affects ww.Winsure: before 4.6.2. | ||||
| CVE-2024-7104 | 2 Sfs, Sfs Consulting | 2 Winsure, Wwwinsure | 2026-06-03 | 9.8 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection. This issue affects ww.Winsure: before 4.6.2. | ||||
| CVE-2024-7107 | 1 Nationalkeep | 1 Cybermath | 2026-06-03 | 7.5 High |
| Files or Directories Accessible to External Parties vulnerability in National Keep Cyber Security Services CyberMath allows Collect Data from Common Resource Locations. This issue affects CyberMath: before CYBM.240816253. | ||||
| CVE-2024-7108 | 1 Nationalkeep | 1 Cybermath | 2026-06-03 | 9.8 Critical |
| Incorrect Authorization vulnerability in National Keep Cyber Security Services CyberMath allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects CyberMath: before CYBM.240816253. | ||||
| CVE-2024-7130 | 2026-06-03 | 5.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kion Computer KION Exchange Programs Software allows Reflected XSS. This issue affects KION Exchange Programs Software: before 1.21.9092.29966. | ||||
| CVE-2024-7488 | 1 Restapp | 1 Online Ordering System | 2026-06-03 | 5.3 Medium |
| Integer Overflow or Wraparound, Improper Validation of Specified Quantity in Input vulnerability in RestApp Inc. Online Ordering System allows Integer Attacks. This issue affects Online Ordering System: 8.2.1. NOTE: Vulnerability fixed in version 8.2.2 and does not exist before 8.2.1. | ||||
| CVE-2024-7609 | 1 Vidco | 1 Voc Tester | 2026-06-03 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vidco Software VOC TESTER allows Path Traversal. This issue affects VOC TESTER: before 12.34.8. | ||||
| CVE-2024-7735 | 1 Exnet Informatics Software | 1 Ferry Reservation System | 2026-06-03 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Exnet Informatics Software Ferry Reservation System allows SQL Injection. This issue affects Ferry Reservation System: before 240805-002. | ||||
| CVE-2026-5119 | 2 Gnome, Redhat | 8 Libsoup, Enterprise Linux, Enterprise Linux Eus and 5 more | 2026-06-03 | 5.9 Medium |
| A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation. | ||||
| CVE-2024-7785 | 2026-06-03 | N/A | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ece Software Electronic Ticket System allows Reflected XSS, Cross-Site Scripting (XSS). This issue affects Electronic Ticket System: before 2024.08. | ||||
| CVE-2024-7787 | 2026-06-03 | N/A | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ITG Computer Technology vSRM Supplier Relationship Management System allows Reflected XSS, Cross-Site Scripting (XSS). This issue affects vSRM Supplier Relationship Management System: before 28.08.2024. | ||||
| CVE-2024-7835 | 1 Exnet Informatics Software | 1 Ferry Reservation System | 2026-06-03 | N/A |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Exnet Informatics Software Ferry Reservation System allows Reflected XSS. This issue affects Ferry Reservation System: before 240805-002. | ||||
| CVE-2026-5076 | 2 Armember, Wordpress | 2 Armember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User Signup, Wordpress | 2026-06-03 | 9.8 Critical |
| The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the `arm_reset_password_key` user meta field when a user requests a password reset. This is in addition to the hashed key that WordPress core stores securely in `wp_users.user_activation_key`. The plaintext key stored in `wp_usermeta` can be used with the plugin's custom `armrp` reset action to set a new password for any user. Combined with another vulnerability such as SQL Injection (CVE-2026-5073, CVE-2026-5074), this makes it possible for unauthenticated attackers to extract the plaintext reset key and take over any user account, including administrators. | ||||
| CVE-2026-5074 | 2 Armember, Wordpress | 2 Armember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User Signup, Wordpress | 2026-06-03 | 6.5 Medium |
| The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'sSortDir_0' parameter of the `get_private_content_data` AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient sanitization of the user-supplied parameter which is concatenated directly into the ORDER BY clause of an SQL query without a whitelist check. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Note: The vulnerability can only be exploited if the "User Private Content" addon is enabled, which is disabled by default.. | ||||
| CVE-2026-5073 | 2 Armember, Wordpress | 2 Armember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User Signup, Wordpress | 2026-06-03 | 7.5 High |
| The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'arm_directory_paging_action' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of sufficient preparation on the existing SQL query in the `arm_get_directory_members()` function. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2026-4480 | 2 Redhat, Samba | 4 Enterprise Linux, Openshift, Openshift Container Platform and 1 more | 2026-06-03 | 9 Critical |
| A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by sending a specially crafted print job description that contains unescaped shell characters. This could lead to remote code execution on the affected system. | ||||