Search

Expected end of text, found ':' (at char 6), (line:1, col:7)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (354962 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2024-8262 1 Prolizyazilim 1 Student Affairs Information System 2026-06-02 9.8 Critical
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Proliz Software OBS allows Path Traversal. This issue affects OBS: before 24.0927.
CVE-2025-13593 1 Synology 1 Activeprotect Agent 2026-06-02 6.1 Medium
Origin validation error vulnerability in Synology ActiveProtect Agent before 1.1.0-0439 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation.
CVE-2024-8429 2026-06-02 4.3 Medium
Improper Restriction of Excessive Authentication Attempts vulnerability in Digital Operation Services WiFiBurada allows Use of Known Domain Credentials. This issue affects WiFiBurada: before 1.0.5.
CVE-2024-8475 2026-06-02 6.5 Medium
Authentication Bypass by Assumed-Immutable Data vulnerability in Digital Operation Services WiFiBurada allows Manipulating User-Controlled Variables. This issue affects WiFiBurada: before 1.0.5.
CVE-2024-8607 1 Oceanicsoft 1 Valeapp 2026-06-02 9.8 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oceanic Software ValeApp allows SQL Injection. This issue affects ValeApp: before v2.0.0.
CVE-2024-8608 1 Oceanicsoft 1 Valeapp 2026-06-02 5.4 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Oceanic Software ValeApp allows Stored XSS. This issue affects ValeApp: before v2.0.0.
CVE-2024-8609 1 Oceanicsoft 1 Valeapp 2026-06-02 7.5 High
Insertion of Sensitive Information into Log File vulnerability in Oceanic Software ValeApp allows Query System for Information. This issue affects ValeApp: before v2.0.0.
CVE-2024-8643 1 Oceanicsoft 1 Valeapp 2026-06-02 9.8 Critical
Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking. This issue affects ValeApp: before v2.0.0.
CVE-2024-8644 1 Oceanicsoft 1 Valeapp 2026-06-02 7.5 High
Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking (aka JavaScript Hijacking). This issue affects ValeApp: before v2.0.0.
CVE-2024-8781 1 Tr7cyberdefense 1 Asp 2026-06-02 N/A
Execution with Unnecessary Privileges, : Improper Protection of Alternate Path vulnerability in TR7 Application Security Platform (ASP) allows Privilege Escalation, -Privilege Abuse. This issue affects Application Security Platform (ASP): v1.4.25.188.
CVE-2024-8950 2026-06-02 9.9 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arne Informatics Piramit Automation allows Blind SQL Injection. This issue affects Piramit Automation: before 27.09.2024.
CVE-2024-8972 2026-06-02 9.8 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mobil365 Informatics Saha365 App allows SQL Injection. This issue affects Saha365 App: before 30.09.2024.
CVE-2024-8997 1 Vestel 1 Evc04 Configuration Interface 2026-06-02 9.8 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vestel EVC04 Configuration Interface allows SQL Injection. This issue affects EVC04 Configuration Interface: before V3.187, V4.53.
CVE-2024-9142 1 Olgu Computer Systems 1 E-belediye 2026-06-02 9.8 Critical
External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource vulnerability in Olgu Computer Systems e-Belediye allows Manipulating Web Input to File System Calls. This issue affects e-Belediye: before 2.0.642.
CVE-2024-9147 2 Bna, Bnabilisim 2 Pospratik, Pospratik 2026-06-02 6.1 Medium
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Bna Informatics PosPratik allows XSS Through HTTP Query Strings. This issue affects PosPratik: before v3.2.1.
CVE-2024-9286 1 Trtek Software 1 Distant Education Platform 2026-06-02 N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TRtek Software Distant Education Platform allows SQL Injection, Parameter Injection. This issue affects Distant Education Platform: before 3.2024.11.
CVE-2024-9149 2026-06-02 8.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wind Media E-Commerce Website Template allows SQL Injection. This issue affects E-Commerce Website Template: before v1.5.
CVE-2024-9334 2026-06-02 8.2 High
Use of Hard-coded Credentials, Storage of Sensitive Data in a Mechanism without Access Control vulnerability in E-Kent Pallium Vehicle Tracking allows Authentication Bypass. This issue affects Pallium Vehicle Tracking: before 17.10.2024.
CVE-2024-9477 1 Airties 2 Air4443, Air4443 Firmware 2026-06-02 6.1 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AirTies Air4443 Firmware allows Cross-Site Scripting (XSS). This issue affects Air4443 Firmware: through 14102024. NOTE: The vendor was contacted and it was learned that the product classified as End-of-Life and End-of-Support.
CVE-2024-9819 2026-06-02 6.5 Medium
Authorization Bypass Through User-Controlled Key vulnerability in NextGeography NG Analyser allows Functionality Misuse. This issue affects NG Analyser: before 2.2.711.