Export limit exceeded: 356024 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (356024 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-5319 | 1 Emit | 1 Efficiency Management System | 2026-06-05 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Emit Informatics and Communication Technologies Industry and Trade Ltd. Co. DIGITA Efficiency Management System allows SQL Injection. This issue affects DIGITA Efficiency Management System: through 03022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-5329 | 1 Martcode | 1 Delta Course Automation | 2026-06-05 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Martcode Software Inc. Delta Course Automation allows SQL Injection. This issue affects Delta Course Automation: through 04022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-5518 | 1 Argustech | 1 Bilger | 2026-06-05 | 6.5 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability with user privileges in ArgusTech BILGER allows Exploitation of Trusted Identifiers. This issue affects BILGER: before 2.4.6. | ||||
| CVE-2025-5519 | 1 Argustech | 1 Bilger | 2026-06-05 | 6.5 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in ArgusTech BILGER allows Choosing Message Identifier. This issue affects BILGER: before 2.4.6. | ||||
| CVE-2025-5681 | 2026-06-05 | 6.5 Medium | ||
| Authorization Bypass Through User-Controlled Key vulnerability in Turtek Software Eyotek allows Exploitation of Trusted Identifiers. This issue affects Eyotek: before 23.06.2025. | ||||
| CVE-2025-5997 | 1 Beamsec | 1 Phishpro | 2026-06-05 | 8.8 High |
| Incorrect Use of Privileged APIs vulnerability in Beamsec PhishPro allows Privilege Abuse. This issue affects PhishPro: before 7.5.4.2. | ||||
| CVE-2025-6060 | 1 Decesoftware | 1 Geodi | 2026-06-05 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in DECE Software Geodi allows Cross-Site Scripting (XSS). This issue affects Geodi: before GEODI Setup 9.0.146. | ||||
| CVE-2025-6175 | 1 Decesoftware | 1 Geodi | 2026-06-05 | 7.2 High |
| Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in DECE Software Geodi allows HTTP Request Splitting. This issue affects Geodi: before GEODI Setup 9.0.146. | ||||
| CVE-2025-6396 | 1 Webbeyaz Website Design | 1 Website Software | 2026-06-05 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webbeyaz Website Design Website Software allows Cross-Site Scripting (XSS). This issue affects Website Software: through 2025.07.14. | ||||
| CVE-2025-6397 | 1 Ankara Hosting Website Design | 1 Website Software | 2026-06-05 | 8.6 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ankara Hosting Website Design Website Software allows Reflected XSS. This issue affects Website Software: through 03022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-22750 | 1 Vmware | 1 Spring Cloud Gateway | 2026-06-05 | 7.5 High |
| When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud Gateway 4.2.0 and are not an enterprise customer, you can upgrade to any Spring Cloud Gateway 4.2.x release newer than 4.2.0 available on Maven Centeral https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-gateway/ . Ideally if you are not an enterprise customer, you should be upgrading to 5.0.2 or 5.1.1 which are the current supported open source releases. | ||||
| CVE-2025-6520 | 1 Abis Technology | 1 Bapsis | 2026-06-05 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Abis Technology BAPSIS allows Blind SQL Injection. This issue affects BAPSIS: before 202510271606. | ||||
| CVE-2025-6575 | 1 Dolusoft | 1 Omaspot | 2026-06-05 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dolusoft Omaspot allows Reflected XSS. This issue affects Omaspot: before 12.09.2025. | ||||
| CVE-2025-6830 | 1 Xpoda Turkiye Information Technology | 1 Xpoda Studio | 2026-06-05 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xpoda Türkiye Information Technology Inc. Password Module allows SQL Injection. This issue affects Password Module: through 11022026. | ||||
| CVE-2025-6918 | 1 Ncvav | 1 Virtual Pbx Software | 2026-06-05 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ncvav Virtual PBX Software allows SQL Injection. This issue affects Virtual PBX Software: before 09.07.2025. | ||||
| CVE-2025-6919 | 2026-06-05 | 9.8 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cats Information Technology Software Development Technologies Aykome License Tracking System allows SQL Injection. This issue affects Aykome License Tracking System: before Version dated 06.10.2025. | ||||
| CVE-2025-6923 | 1 Talentsoft | 1 Unis | 2026-06-05 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Talent Software UNIS allows Reflected XSS. This issue affects UNIS: before 42957. | ||||
| CVE-2026-48095 | 2026-06-05 | 8.8 High | ||
| 7-Zip is a file archiver with a high compression ratio. Versions 26.00 and prior contain a heap buffer overflow vulnerability caused by an under-allocation in the NTFS compressed stream buffer (GetCuSize shift UB), potentially allowing attackers to cause arbitrary code execution or application crashes. CInStream::GetCuSize() in the NTFS handler computes the compression-unit buffer size as (UInt32)1 << (BlockSizeLog + CompressionUnit), and a crafted image with ClusterSizeLog >= 28 and CompressionUnit == 4 drives the exponent to 32, which is undefined behavior and collapses on x86/x64 so _inBuf is allocated as 1 byte. ReadStream_FALSE then writes up to 256 MB of attacker-controlled data into that 1-byte buffer in 64 KB iterations, and because the CInStream object sits only 304 bytes after _inBuf, its vtable pointer is overwritten and the next dispatched call achieves a vtable hijack. On 32-bit builds the overflow is unconditionally reached; on 64-bit it requires the parallel 8 GB _outBuf allocation to succeed, otherwise failing closed to denial of service. The NTFS handler is enabled by default in stock 7z.dll and, via signature-based fallback matching "NTFS " at offset 3, will open a crafted image regardless of file extension during extraction or testing. Version 26.01 fixes the issue. | ||||
| CVE-2025-6924 | 1 Talentsoftware | 1 Bap Automation | 2026-06-05 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Talent Software e-BAP Automation allows Reflected XSS. This issue affects e-BAP Automation: before 42957. | ||||
| CVE-2025-6967 | 1 Sarman Soft Software And Technology Services Industry And Trade Ltd. Co. | 1 Cms | 2026-06-05 | 8.7 High |
| Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking (aka JavaScript Hijacking), Authentication Bypass. This issue affects CMS: through 10022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||