Export limit exceeded: 84517 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (84517 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-25399 | 1 Open Ises | 1 Open Ises Project | 2026-06-02 | 8.2 High |
| The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tick_lat and tick_lng parameters. Attackers can send GET requests to nearby.php with crafted SQL payloads to extract sensitive database information including usernames, database names, and version details. | ||||
| CVE-2018-25392 | 2 Maxonerp, Talagasoft | 2 Maxon, Maxon Erp | 2026-06-02 | 7.1 High |
| MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries through the nomor, user, and jenis parameters in the log_activity function. Attackers can send POST requests to /index.php/user/log_activity with malicious SQL code in these parameters to extract sensitive database information including version and database names. | ||||
| CVE-2018-25382 | 2 Bylancer, Zechat Project | 2 Zechat, Zechat | 2026-06-02 | 8.2 High |
| Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Attackers can send crafted requests to profile.php with UNION-based SQL injection payloads to retrieve table names, column names, and sensitive data from the information_schema database. | ||||
| CVE-2026-46510 | 1 Kaspernj | 1 Form-data-objectizer | 2026-06-02 | 8.2 High |
| form-data-objectizer converts FormData to object. Prior to 1.0.1, form-data-objectizer walks bracket-notation form keys (e.g. name[sub]) into nested objects without filtering __proto__, constructor, or prototype. A single HTTP form field whose name starts with __proto__[...] causes the library to mutate Object.prototype, which is a prototype pollution primitive of the entire Node.js process. This vulnerability is fixed in 1.0.1. | ||||
| CVE-2026-28764 | 1 Mediaarea | 2 Mediainfo, Mediainfolib | 2026-06-02 | 7.8 High |
| MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability | ||||
| CVE-2026-24425 | 2 Symfony, Twigphp | 2 Twig, Twig | 2026-06-02 | 8.8 High |
| Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that fails to use the current template source to bypass sandbox restrictions and execute arbitrary code when the sandbox is enabled through a source policy rather than globally. | ||||
| CVE-2026-42184 | 1 Tauri | 1 Tauri | 2026-06-02 | 8.8 High |
| Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's is_local_url() function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to http://<scheme>.localhost/ because those platforms' WebView implementations cannot serve custom URI schemes directly. The issue is that Tauri's check to see if the origin is local, only checks the first subdomain of the URL. An attacker can abuse this by hosting a page on a domain whose subdomain matches the custom scheme of the application. This vulnerability is fixed in 2.10.3. | ||||
| CVE-2026-37579 | 1 Smsgate | 1 Sms-core | 2026-06-02 | 7.3 High |
| An issue in SMSGate sms-core<=2.1.13.6 allows a remote attacker to execute arbitrary code via the Cmpp7FDeliverRequestMessageCodec.java component | ||||
| CVE-2026-28955 | 1 Apple | 7 Ios And Ipados, Ipados, Iphone Os and 4 more | 2026-06-02 | 8.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2026-28953 | 1 Apple | 7 Ios And Ipados, Ipados, Iphone Os and 4 more | 2026-06-02 | 7.5 High |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2026-43658 | 1 Apple | 7 Ios And Ipados, Ipados, Iphone Os and 4 more | 2026-06-02 | 7.5 High |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash. | ||||
| CVE-2026-28947 | 1 Apple | 7 Ios And Ipados, Ipados, Iphone Os and 4 more | 2026-06-02 | 8.8 High |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash. | ||||
| CVE-2026-28907 | 1 Apple | 7 Ios And Ipados, Ipados, Iphone Os and 4 more | 2026-06-02 | 8.1 High |
| The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. | ||||
| CVE-2026-43660 | 1 Apple | 7 Ios And Ipados, Ipados, Iphone Os and 4 more | 2026-06-02 | 7.5 High |
| A validation issue was addressed with improved logic. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. | ||||
| CVE-2026-28904 | 1 Apple | 7 Ios And Ipados, Ipados, Iphone Os and 4 more | 2026-06-02 | 7.5 High |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2026-28905 | 1 Apple | 6 Ios And Ipados, Ipados, Iphone Os and 3 more | 2026-06-02 | 7.5 High |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2026-28883 | 1 Apple | 7 Ios And Ipados, Ipados, Iphone Os and 4 more | 2026-06-02 | 7.5 High |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2026-28847 | 1 Apple | 7 Ios And Ipados, Ipados, Iphone Os and 4 more | 2026-06-02 | 8.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2025-48615 | 1 Google | 1 Android | 2026-06-01 | 7.8 High |
| In getComponentName of MediaButtonReceiverHolder.java, there is a possible desync in persistence due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-48612 | 1 Google | 1 Android | 2026-06-01 | 7.8 High |
| In setDefaultKey of DefaultPaymentSettings.java, there is a possible way for an application to set the main user's default NFC payment setting due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||