Export limit exceeded: 83652 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (83652 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-9851 | 2 Masaakitanaka, Wordpress | 2 Booking Package, Wordpress | 2026-06-06 | 7.2 High |
| The Booking Package plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in versions up to, and including, 1.7.16. This is due to a missing capability check on the 'updateUser' branch of the package_app_action AJAX endpoint, where the handler only validates a nonce and the dispatcher invokes Schedule::updateUser() with the $administrator argument hard-coded to 1, bypassing the only owner-restriction check inside that function and allowing the target user to be determined solely by attacker-supplied input passed directly to wp_update_user(). This makes it possible for authenticated attackers, with Editor-level access and above, to change the email address and password of any account, including Administrator accounts, resulting in a full site takeover. | ||||
| CVE-2026-1618 | 2 Uni-yaz, Universal Software Inc. | 2 Flexcity, Flexcity/kiosk | 2026-06-06 | 8.8 High |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc. FlexCity/Kiosk allows Privilege Escalation. This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36. | ||||
| CVE-2026-1619 | 2 Uni-yaz, Universal Software Inc. | 2 Flexcity, Flexcity/kiosk | 2026-06-06 | 8.3 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Universal Software Inc. FlexCity/Kiosk allows Exploitation of Trusted Identifiers. This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36. | ||||
| CVE-2026-1819 | 1 Karel | 1 Viport | 2026-06-06 | 8.8 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Karel Electronics Industry and Trade Inc. ViPort allows Stored XSS. This issue affects ViPort: through 23012026. | ||||
| CVE-2026-2339 | 1 Tubitak Bilgem Software Technologies Research Institute | 1 Liderahenk | 2026-06-06 | 7.5 High |
| Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion, Privilege Abuse, Command Injection. This issue affects Liderahenk: before 3.5.1. | ||||
| CVE-2026-3120 | 1 Profelis | 1 Sambabox | 2026-06-06 | 7.2 High |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection. This issue affects SambaBox: from 5.1 before 5.3. | ||||
| CVE-2026-5140 | 1 Tubitak Bilgem Software Technologies Research Institute | 1 Pardus | 2026-06-06 | 8.8 High |
| Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Authentication Bypass. This issue affects Pardus Update: from 0.6.3 before 0.6.4. | ||||
| CVE-2026-5141 | 1 Tubitak Bilgem Software Technologies Research Institute | 1 Pardus Software Center | 2026-06-06 | 8.8 High |
| Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking a privileged process. This issue affects Pardus Software Center: from 1.0.2 before 1.0.3. | ||||
| CVE-2026-5161 | 1 Tubitak Bilgem Software Technologies Research Institute | 1 Pardus About | 2026-06-06 | 8.8 High |
| Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack. This issue affects Pardus About: before 1.2.2. | ||||
| CVE-2026-6849 | 1 Tubitak Bilgem Software Technologies Research Institute | 1 Pardus Os My Computer | 2026-06-06 | 8.8 High |
| Improper neutralization of special elements used in an OS command ('OS command injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer allows OS Command Injection. This issue affects Pardus OS My Computer: from <=0.7.5 before 0.8.0. | ||||
| CVE-2026-7399 | 1 Meware Software Development | 1 Pdks | 2026-06-06 | 8.1 High |
| Authorization bypass through User-Controlled key vulnerability in MeWare Software Development Inc. PDKS allows Privilege Abuse. This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117. | ||||
| CVE-2026-7402 | 1 Meware Software Development | 1 Pdks | 2026-06-06 | 8.1 High |
| Improper Control of Interaction Frequency vulnerability in MeWare Software Development Inc. PDKS allows Flooding. This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117. | ||||
| CVE-2025-0610 | 1 Akinsoft | 1 Qr Menu | 2026-06-06 | 8.6 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Akınsoft QR Menü allows Cross Site Request Forgery. This issue affects QR Menü: from s1.05.06 before v1.05.12. | ||||
| CVE-2025-0616 | 1 Teknolojik Center | 1 Netsis Panel | 2026-06-06 | 8.2 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Teknolojik Center Telecommunication Industry Trade Co. Ltd. B2B - Netsis Panel allows SQL Injection. This issue affects B2B - Netsis Panel: through 20251003. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-0643 | 1 Narkom | 1 Pyxis Signage | 2026-06-06 | 7.2 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Narkom Communication and Software Technologies Trade Ltd. Co. Pyxis Signage allows Stored XSS. This issue affects Pyxis Signage: through 31012025. | ||||
| CVE-2025-0645 | 1 Narkom | 1 Pyxis Signage | 2026-06-06 | 7.2 High |
| Unrestricted Upload of File with Dangerous Type vulnerability in Narkom Communication and Software Technologies Trade Ltd. Co. Pyxis Signage allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Pyxis Signage: through 31012025. | ||||
| CVE-2025-0984 | 2026-06-06 | 8.2 High | ||
| Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Netoloji Software E-Flow allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS, File Content Injection. This issue affects E-Flow: before 3.23.00. | ||||
| CVE-2025-1029 | 1 Utarit | 1 Soliclub | 2026-06-06 | 7.5 High |
| Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable. This issue affects SoliClub: from 5.2.4 before 5.3.7. | ||||
| CVE-2025-1030 | 1 Utarit | 1 Soliclub | 2026-06-06 | 7.5 High |
| Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Utarit Informatics Services Inc. SoliClub allows Query System for Information. This issue affects SoliClub: from 5.2.4 before 5.3.7. | ||||
| CVE-2025-1031 | 1 Utarit | 1 Soliclub | 2026-06-06 | 7.5 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Utarit Informatics Services Inc. SoliClub allows Functionality Misuse. This issue affects SoliClub: from 5.2.4 before 5.3.7. | ||||