Export limit exceeded: 349886 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349886 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-26522 | 1 Avast | 2 Antivurus, Avg Antivirus | 2026-05-12 | 7.8 High |
| The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) due to a double fetch vulnerability at aswArPot+0xc4a3. | ||||
| CVE-2024-33722 | 1 Soplanning | 1 Soplanning | 2026-05-12 | 6.3 Medium |
| SOPlanning 1.52.00 is vulnerable to SQL Injection by an authenticated user via projets.php with statut[]. | ||||
| CVE-2024-33724 | 1 Soplanning | 1 Soplanning | 2026-05-12 | 5.4 Medium |
| SOPlanning 1.52.00 is vulnerable to Cross Site Scripting (XSS) via the groupe_id parameter to process/groupe_save.php. | ||||
| CVE-2025-61305 | 1 Docuform | 1 Docuform | 2026-05-12 | 6.1 Medium |
| A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_firmware.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value. | ||||
| CVE-2025-61306 | 1 Docuform | 1 Docuform | 2026-05-12 | 6.1 Medium |
| A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_coveragealerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value. | ||||
| CVE-2025-61307 | 1 Docuform | 1 Docuform | 2026-05-12 | 6.1 Medium |
| A reflected cross-site scripted (XSS) vulnerability in the acc-menu_papers.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value. | ||||
| CVE-2025-61308 | 1 Docuform | 1 Docuform | 2026-05-12 | 6.1 Medium |
| A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_maintenance.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value. | ||||
| CVE-2025-61309 | 1 Docuform | 1 Docuform | 2026-05-12 | 6.1 Medium |
| A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_departments.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value. | ||||
| CVE-2025-61310 | 1 Docuform | 1 Docuform | 2026-05-12 | 6.1 Medium |
| A reflected cross-site scripted (XSS) vulnerability in the acc-menu_billings.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value. | ||||
| CVE-2025-61311 | 1 Docuform | 1 Docuform | 2026-05-12 | 7.3 High |
| A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_alerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value. | ||||
| CVE-2025-61312 | 1 Docuform | 1 Docuform | 2026-05-12 | 7.3 High |
| A reflected cross-site scripted (XSS) vulnerability in the acc-menu_pricess.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value. | ||||
| CVE-2025-61313 | 1 Docuform | 1 Docuform | 2026-05-12 | 7.3 High |
| A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_markeralerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value. | ||||
| CVE-2025-61314 | 1 Docuform | 1 Docuform | 2026-05-12 | 7.3 High |
| A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_orderopt.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value. | ||||
| CVE-2025-65415 | 1 Docuform | 1 Docuform | 2026-05-12 | 5.4 Medium |
| docuFORM Managed Print Service Client 11.11c is vulnerable to a session fixation attack via the login page of the application. | ||||
| CVE-2025-65416 | 1 Docuform | 1 Docuform | 2026-05-12 | 6.3 Medium |
| docuFORM Managed Print Service Client 11.11c is vulnerable to arbitrary file upload via pmupdate.php. | ||||
| CVE-2025-65417 | 1 Docuform | 1 Docuform | 2026-05-12 | 6.1 Medium |
| docuFORM Managed Print Service Client 11.11c is vulnerable to a reflected cross site scripting attack via the login page of the application. | ||||
| CVE-2025-65418 | 1 Docuform | 1 Docuform | 2026-05-12 | N/A |
| docuFORM Managed Print Service Client 11.11c is vulnerable to a directory traversal allowing attackers to read arbitrary files via crafted url. | ||||
| CVE-2026-31246 | 1 Pythagora-io | 1 Gpt-pilot | 2026-05-12 | N/A |
| GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 (2025-09-03) contains a command injection vulnerability (CWE-78) in the Executor.run() method. During project execution, when the system prompts the user to confirm or modify a command to be run, it accepts free-text input without proper validation. The user-supplied input is directly passed to asyncio.create_subprocess_shell() for execution. This allows an attacker to replace the intended command with arbitrary shell commands, leading to remote code execution with the privileges of the GPT-Pilot process. | ||||
| CVE-2026-31247 | 1 Docling-project | 1 Docling | 2026-05-12 | N/A |
| Docling's JATS XML backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend uses etree.parse() to parse XML files without disabling entity resolution. An attacker can craft a malicious XML file containing a nested entity expansion payload (XML Bomb). When processed by Docling, the exponential expansion of entities leads to excessive resource consumption, resulting in a denial of service (DoS) condition on the system running the Docling parser. | ||||
| CVE-2026-31248 | 1 Docling-project | 1 Docling | 2026-05-12 | N/A |
| Docling's METS GBS backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend extracts and validates XML files from .tar.gz archives using etree.fromstring() without disabling entity resolution. An attacker can craft a malicious XML file with nested entity definitions (XML Bomb) and package it into a .tar.gz archive. When processed by Docling, the exponential expansion of entities during XML parsing leads to excessive resource consumption, resulting in a denial of service (DoS) condition on the system running the Docling parser. | ||||