Export limit exceeded: 351369 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351369 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-45476 | 1 Yordam | 1 Library Automation System | 2026-05-18 | 4.7 Medium |
| Yordam Library Information Document Automation product before version 19.02 has an unauthenticated reflected XSS vulnerability. | ||||
| CVE-2025-23368 | 1 Redhat | 10 Build Keycloak, Data Grid, Integration and 7 more | 2026-05-18 | 8.1 High |
| A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI. | ||||
| CVE-2021-45475 | 1 Yordam | 1 Library Automation System | 2026-05-18 | 5.3 Medium |
| Yordam Library Information Document Automation product before version 19.02 has an unauthenticated Information disclosure vulnerability. | ||||
| CVE-2021-4105 | 1 Bg-tek | 16 Coslat Bx5s1d3, Coslat Bx5s1d3 Firmware, Coslat Bx5s1d4 and 13 more | 2026-05-18 | 9.8 Critical |
| Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code Inclusion. This issue affects COSLAT Firewall: from 5.24.0.R.20180630 before 5.24.0.R.20210727. | ||||
| CVE-2021-45031 | 1 Mepsan | 1 Stawiz Usc\+\+ | 2026-05-18 | 7.7 High |
| A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords. | ||||
| CVE-2021-44793 | 1 Krontech | 1 Single Connect | 2026-05-18 | 8.6 High |
| Single Connect does not perform an authorization check when using the sc-reports-ui" module. A remote attacker could exploit this vulnerability to access the device configuration page and export the data to an external file. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information including the database credentials. Since the database runs with high privileges it is possible to execute commands with the attained credentials. | ||||
| CVE-2019-11840 | 3 Debian, Golang, Redhat | 3 Debian Linux, Crypto, Openshift | 2026-05-18 | 5.9 Medium |
| An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa packages. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystream bytes can lead to loss of confidentiality in encryption applications, or to predictability in CSPRNG applications. | ||||
| CVE-2021-44794 | 1 Krontech | 1 Single Connect | 2026-05-18 | 5.3 Medium |
| Single Connect does not perform an authorization check when using the "sc-diagnostic-ui" module. A remote attacker could exploit this vulnerability to access the device information page. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information. | ||||
| CVE-2021-44795 | 1 Krontech | 1 Single Connect | 2026-05-18 | 5.3 Medium |
| Single Connect does not perform an authorization check when using the "sc-assigned-credential-ui" module. A remote attacker could exploit this vulnerability to modify users permissions. The exploitation of this vulnerability might allow a remote attacker to delete permissions from other users without authenticating. | ||||
| CVE-2021-44792 | 1 Krontech | 1 Single Connect | 2026-05-18 | 5.3 Medium |
| Single Connect does not perform an authorization check when using the "log-monitor" module. A remote attacker could exploit this vulnerability to access the logging interface. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information. | ||||
| CVE-2026-41119 | 2026-05-18 | 6.8 Medium | ||
| Dell Live Optics Windows and Personal Edition collectors contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to loss of confidentiality and integrity. | ||||
| CVE-2021-44197 | 1 Ubit | 1 Student Information Management System | 2026-05-18 | 6.1 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System. This issue affects Student Information Management System: before 20211126. | ||||
| CVE-2021-44196 | 1 Ubit | 1 Student Information Management System | 2026-05-18 | 6.1 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System. This issue affects Student Information Management System: before 20211126. | ||||
| CVE-2021-3855 | 1 Liman | 1 Port Mys | 2026-05-18 | 8.8 High |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Liman Central Management System Liman MYS (HTTP/Controllers, CronMail, Jobs modules) allows Command Injection. This issue affects Liman Central Management System: from 1.7.0 before 1.8.3-462. | ||||
| CVE-2021-3854 | 1 Glox | 1 Useroam Hotspot | 2026-05-18 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Glox Technology Useroam Hotspot allows SQL Injection. This issue affects Useroam Hotspot: before 5.1.0.15. | ||||
| CVE-2026-28732 | 1 Mattermost | 1 Mattermost | 2026-05-18 | 4.3 Medium |
| Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 Fail to enforce slash command trigger-word uniqueness during command updates which allows an authenticated team member with Manage Own Slash Commands permission to hijack and impersonate existing system or custom slash commands via editing their own slash command trigger to an already-registered trigger through the command update API. Mattermost Advisory ID: MMSA-2026-00597 | ||||
| CVE-2026-8803 | 1 Opensourcepos | 1 Open Source Point Of Sale | 2026-05-18 | 3.7 Low |
| A flaw has been found in opensourcepos Open Source Point of Sale up to 3.4.2. Impacted is the function Login of the file app/Models/Employee.php of the component Employee Login. This manipulation causes use of weak hash. Remote exploitation of the attack is possible. The attack is considered to have high complexity. The exploitability is considered difficult. The actual existence of this vulnerability is currently in question. The vendor explains: "[T]he code is still there to allow the upgrade path to work. The default password is initially seeded with the old hash function, but then migrated to a newer one after login. [T]he hash version check might be cleaned up in the future. Currently it's not actively in use as any password change will use a newer hash function." | ||||
| CVE-2026-4320 | 2026-05-18 | N/A | ||
| Authorization Bypass vulnerability in Creartia's ICMS software could allow an attacker to gain unauthorized access to protected features by manipulating the HTTP redirect headers of the login process, causing the script to continue running and enabling privilege escalation without the need for credentials. | ||||
| CVE-2018-25319 | 1 Wende60 | 1 Redaxo Cms Addon Myevents | 2026-05-18 | 7.1 High |
| Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the myevents_id parameter. Attackers can send GET requests to the event_add.php page with malicious myevents_id values to extract or modify sensitive database information. | ||||
| CVE-2024-48519 | 1 Ardupilot | 1 Ardupilot | 2026-05-18 | 6.2 Medium |
| Buffer Overflow vulnerability in Ardupilot rover commit v.c56439b045162058df0ff136afea3081fcd06d38 allows a local attacker to cause a denial of service via the AP_InertialSensor_ADIS1647x.cpp, ArduRover, ADIS1647x Sensor component. | ||||