Export limit exceeded: 355952 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (355952 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-0876 | 2026-06-06 | 4.1 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Isin Basi Advertisement Information Technologies Trade Inc. IT's Workif allows Cross-Site Scripting (XSS). This issue affects IT's Workif: through 20251003. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-0877 | 2026-06-06 | 4.7 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AtaksAPP Reservation Management System allows Cross-Site Scripting (XSS). This issue affects Reservation Management System: before 4.2.3. | ||||
| CVE-2025-0878 | 1 Akinsoft | 1 Limondesk | 2026-06-06 | 4.7 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft LimonDesk allows Cross-Site Scripting (XSS). This issue affects LimonDesk: from s1.02.14 before v1.02.17. | ||||
| CVE-2025-0879 | 2026-06-06 | 4.7 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Shopside Software Shopside App allows Cross-Site Scripting (XSS). This issue requires high privileges. This issue affects Shopside App: before 17.02.2025. | ||||
| CVE-2025-0984 | 2026-06-06 | 8.2 High | ||
| Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Netoloji Software E-Flow allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS, File Content Injection. This issue affects E-Flow: before 3.23.00. | ||||
| CVE-2025-0987 | 1 Cb Project | 1 Cvland | 2026-06-06 | 9.9 Critical |
| Authorization Bypass Through User-Controlled Key vulnerability in CB Project Ltd. Co. CVLand allows Parameter Injection. This issue affects CVLand: from 2.1.0 through 20251103. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-1029 | 1 Utarit | 1 Soliclub | 2026-06-06 | 7.5 High |
| Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable. This issue affects SoliClub: from 5.2.4 before 5.3.7. | ||||
| CVE-2025-1030 | 1 Utarit | 1 Soliclub | 2026-06-06 | 7.5 High |
| Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Utarit Informatics Services Inc. SoliClub allows Query System for Information. This issue affects SoliClub: from 5.2.4 before 5.3.7. | ||||
| CVE-2026-11137 | 1 Google | 1 Chrome | 2026-06-06 | 6.5 Medium |
| Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-50589 | 1 Openstack | 1 Ironic | 2026-06-06 | 5.3 Medium |
| In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash. | ||||
| CVE-2025-1031 | 1 Utarit | 1 Soliclub | 2026-06-06 | 7.5 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Utarit Informatics Services Inc. SoliClub allows Functionality Misuse. This issue affects SoliClub: from 5.2.4 before 5.3.7. | ||||
| CVE-2025-1035 | 2026-06-06 | 5.7 Medium | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Komtera Technolgies KLog Server allows Manipulating Web Input to File System Calls. This issue affects KLog Server: before 3.1.1. | ||||
| CVE-2025-1161 | 1 Nomysost | 1 Nomysem | 2026-06-06 | 7.1 High |
| Incorrect Use of Privileged APIs vulnerability in NomySoft Information Technology Training and Consulting Inc. Nomysem allows Privilege Escalation. This issue affects Nomysem: through May 2025. | ||||
| CVE-2025-1269 | 2026-06-06 | 4.8 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in HAVELSAN Liman MYS allows Cross-Site Flashing. This issue affects Liman MYS: before 2.1.1 - 1010. | ||||
| CVE-2025-1301 | 1 Yordam | 1 Library Automation System | 2026-06-06 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yordam Informatics Library Automation System allows Reflected XSS. This issue affects Library Automation System: before 21.6. | ||||
| CVE-2025-1395 | 1 Codriapp | 1 Heygarson | 2026-06-06 | 8.2 High |
| Generation of Error Message Containing Sensitive Information vulnerability in Codriapp Innovation and Software Technologies Inc. HeyGarson allows Fuzzing for application mapping. This issue affects HeyGarson: through 30012026. NOTE: The vendor was contacted several times to verifying fixing process but did not respond in any way. | ||||
| CVE-2025-1469 | 2026-06-06 | 7.5 High | ||
| Authorization Bypass Through User-Controlled Key vulnerability in Turtek Software Eyotek allows Exploitation of Trusted Identifiers. This issue affects Eyotek: before 11.03.2025. | ||||
| CVE-2025-1496 | 2026-06-06 | 6.5 Medium | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in BG-TEK Coslat Hotspot allows Password Brute Forcing, Authentication Abuse. This issue affects Coslat Hotspot: before 6.26.0.R.20250227. | ||||
| CVE-2025-1740 | 1 Akinsoft | 1 Myrezzta | 2026-06-06 | 9.8 Critical |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass, Password Recovery Exploitation, Brute Force. This issue affects MyRezzta: from s2.03.01 before v2.05.01. | ||||
| CVE-2026-11107 | 1 Google | 1 Chrome | 2026-06-06 | 4.3 Medium |
| Inappropriate implementation in Downloads in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||