Export limit exceeded: 352181 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 352181 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (352181 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2889 | 1 Veom | 1 Service Tracking | 2026-05-22 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veon Computer Service Tracking Software allows SQL Injection. This issue affects Service Tracking Software: before crm 2.0. | ||||
| CVE-2023-2907 | 1 Marksoft | 1 Marksoft | 2026-05-22 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Marksoft allows SQL Injection. This issue affects Marksoft: through Mobile:v.7.1.7 ; Login:1.4 ; API:20230605. | ||||
| CVE-2013-2566 | 4 Canonical, Fujitsu, Mozilla and 1 more | 24 Ubuntu Linux, M10-1, M10-1 Firmware and 21 more | 2026-05-22 | 5.9 Medium |
| The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. | ||||
| CVE-2023-2957 | 1 Lisayazilim | 1 Florist Site | 2026-05-22 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lisa Software Florist Site allows SQL Injection. This issue affects Florist Site: before 3.0. | ||||
| CVE-2023-2958 | 1 Orjinyazilim | 1 Ats Pro | 2026-05-22 | 9.8 Critical |
| Authorization Bypass Through User-Controlled Key vulnerability in Origin Software ATS Pro allows Authentication Abuse, Authentication Bypass. This issue affects ATS Pro: before 20230714. | ||||
| CVE-2005-1794 | 1 Microsoft | 2 Remote Desktop Connection, Windows Terminal Services Using Rdp | 2026-05-22 | 7.4 High |
| Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks. | ||||
| CVE-2012-0814 | 1 Openbsd | 1 Openssh | 2026-05-22 | 6.5 Medium |
| The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory. | ||||
| CVE-2026-3473 | 2026-05-22 | 5.9 Medium | ||
| Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate file ownership and access control, which allows an authenticated user to access and download files belonging to other users or teams via crafted Boards API requests using valid file IDs.. Mattermost Advisory ID: MMSA-2026-00620 | ||||
| CVE-2026-5740 | 2026-05-22 | 7.5 High | ||
| Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to properly validate msgpack-encoded WebSocket frames before memory allocation which allows an unauthenticated remote attacker to crash the server process and cause a full service outage for all users via a crafted binary WebSocket message sent to the public WebSocket endpoint.. Mattermost Advisory ID: MMSA-2026-00647 | ||||
| CVE-2026-7509 | 2026-05-22 | 6.4 Medium | ||
| The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `the-subtitle` shortcode `before` and `after` attributes in all versions up to, and including, 4.0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-8679 | 2026-05-22 | 7.5 High | ||
| The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handle_playlist_endpoint() function (hooked to template_redirect) accepting a user-controlled playlist ID via the audioigniter_playlist_id query var or the /audioigniter/playlist/{id}/ rewrite rule and returning playlist track data without performing any authentication, capability, or post_status check — only the post_type is validated. This makes it possible for unauthenticated attackers to view track metadata (titles, artists, audio URLs, buy links, download URLs, and cover images) of any playlist on the site, including those in draft, private, pending, or trash status. | ||||
| CVE-2023-2959 | 1 Olivaekspertiz | 1 Oliva Ekspertiz | 2026-05-22 | 7.5 High |
| Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS allows Collect Data as Provided by Users. This issue affects Oliva Expertise EKS: before 1.2. | ||||
| CVE-2023-2960 | 1 Olivaekspertiz | 1 Oliva Ekspertiz | 2026-05-22 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliva Expertise Oliva Expertise EKS allows Cross-Site Scripting (XSS). This issue affects Oliva Expertise EKS: before 1.2. | ||||
| CVE-2023-2963 | 1 Olivaekspertiz | 1 Oliva Ekspertiz | 2026-05-22 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oliva Expertise Oliva Expertise EKS allows SQL Injection. This issue affects Oliva Expertise EKS: before 1.2. | ||||
| CVE-2023-3000 | 1 Erikogluteknoloji | 1 Energy Monitoring | 2026-05-22 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Erikoglu Technology ErMon allows Command Line Execution through SQL Injection, Authentication Bypass. This issue affects ErMon: before 230602. | ||||
| CVE-2023-3045 | 1 Tise | 1 Parking Web Report | 2026-05-22 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tise Technology Parking Web Report allows SQL Injection. This issue affects Parking Web Report: before 2.1. | ||||
| CVE-2023-3046 | 1 Biltay | 1 Scienta | 2026-05-22 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Scienta allows SQL Injection. This issue affects Scienta: before 20230630.1953. | ||||
| CVE-2023-3047 | 1 Tmtmakine | 2 Lockcell, Lockcell Firmware | 2026-05-22 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TMT Lockcell allows SQL Injection. This issue affects Lockcell: before 15. | ||||
| CVE-2023-3048 | 1 Tmtmakine | 2 Lockcell, Lockcell Firmware | 2026-05-22 | 9.8 Critical |
| Authorization Bypass Through User-Controlled Key vulnerability in TMT Lockcell allows Authentication Abuse, Authentication Bypass. This issue affects Lockcell: before 15. | ||||
| CVE-2023-3049 | 1 Tmtmakine | 2 Lockcell, Lockcell Firmware | 2026-05-22 | 9.8 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in TMT Lockcell allows Command Injection. This issue affects Lockcell: before 15. | ||||