Export limit exceeded: 351904 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351904 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14512 | 2 Gnome, Redhat | 10 Glib, Enterprise Linux, Enterprise Linux Eus and 7 more | 2026-05-20 | 6.5 Medium |
| A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values. | ||||
| CVE-2025-14087 | 2 Gnome, Redhat | 10 Glib, Enterprise Linux, Enterprise Linux Eus and 7 more | 2026-05-20 | 5.6 Medium |
| A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings. | ||||
| CVE-2026-27173 | 1 Apache | 1 Airflow Cncf Kubernetes | 2026-05-20 | 8.7 High |
| JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods. This could allow users with just read-only access to perform actions that were only available to running tasks via Task SDK and potentially allow to modify state of Airflow Database for tasks. | ||||
| CVE-2026-8610 | 2 Gmo, Wordpress | 2 Typesquare Webfonts For Conoha, Wordpress | 2026-05-20 | 4.3 Medium |
| The TypeSquare Webfonts for ConoHa plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the plugin's site-wide font settings, including the typesquare_auth option (fontThemeUseType), show_post_form, and typesquare_fonttheme, by submitting a POST request to any wp-admin page. For fontThemeUseType values 1 and 3, no nonce verification is performed either, meaning those branches are additionally exploitable via cross-site request forgery. | ||||
| CVE-2026-7467 | 2 Edmonsoft, Wordpress | 2 Read More & Accordion, Wordpress | 2026-05-20 | 8.8 High |
| The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.7. This is due to the 'RadMoreAjax::importData' function not restricting which database tables can be written to during import and not properly validating the imported data. This makes it possible for authenticated attackers, with permission granted by the site owner through the plugin's role settings, to insert arbitrary rows into the 'wp_users' and 'wp_usermeta' tables, including the 'wp_capabilities' field, allowing them to create a new administrator account and gain administrator access to the site. | ||||
| CVE-2023-7103 | 1 Zksoftware | 1 Uface 5 | 2026-05-20 | 9.8 Critical |
| Authentication Bypass by Primary Weakness vulnerability in ZKSoftware Biometric Security Solutions UFace 5 allows Authentication Bypass. This issue affects UFace 5: through 12022024. | ||||
| CVE-2026-5586 | 1 Zhongyu09 | 1 Openchatbi | 2026-05-20 | 6.3 Medium |
| A vulnerability was determined in zhongyu09 openchatbi up to 0.2.1. The impacted element is an unknown function of the component Multi-stage Text2SQL Workflow. Executing a manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2023-6676 | 1 Nationalkeep | 1 Cybermath | 2026-05-20 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in National Keep Cyber Security Services CyberMath allows Cross Site Request Forgery. This issue affects CyberMath: from v1.4 before v1.5. | ||||
| CVE-2023-6677 | 1 Oduyo | 1 Online Collection | 2026-05-20 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Financial Technology Online Collection allows SQL Injection. This issue affects Online Collection: before v.1.0.2. | ||||
| CVE-2023-6724 | 1 Simgesel | 1 Hearing Tracking System | 2026-05-20 | 8.8 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System allows Authentication Abuse. This issue affects Hearing Tracking System: before for IOS 7.0, for Android Latest release 1.0. | ||||
| CVE-2023-6919 | 1 Biges | 18 Vg-255-bv, Vg-255-bv Firmware, Vg-255-df and 15 more | 2026-05-20 | 7.5 High |
| Path Traversal: '/../filedir' vulnerability in Biges Safe Life Technologies Electronics Inc. VGuard allows Absolute Path Traversal. This issue affects VGuard: before V500.0003.R008.4011.C0012.B351.C. | ||||
| CVE-2023-7081 | 1 Postahsil | 1 Online Payment System | 2026-05-20 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSTAHSİL Online Payment System allows SQL Injection. This issue affects Online Payment System: before 14.02.2024. | ||||
| CVE-2023-7153 | 1 Macroturk | 1 Macro-bel | 2026-05-20 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Macroturk Software and Internet Technologies Macro-Bel allows Reflected XSS. This issue affects Macro-Bel: before V.1.0.1. | ||||
| CVE-2022-23790 | 1 Firmanet | 1 Technology Customer Relation Manager | 2026-05-20 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firmanet Software and Technology Customer Relation Manager allows Cross-Site Scripting (XSS). This issue affects Customer Relation Manager: before 2022.03.13. | ||||
| CVE-2022-23791 | 1 Firmanet | 1 Customer Relation Manager | 2026-05-20 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firmanet Software and Technology Customer Relation Manager allows Cross-Site Scripting (XSS). This issue affects Customer Relation Manager: before 2022.03.13. | ||||
| CVE-2022-24036 | 1 Karmasis | 1 Infraskope Siem\+ | 2026-05-20 | 8.6 High |
| Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to modificate logs. | ||||
| CVE-2022-24038 | 1 Karmasis | 1 Infraskope Siem\+ | 2026-05-20 | 6.5 Medium |
| Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to damage the page where the agents are listed. | ||||
| CVE-2022-24037 | 1 Karmasis | 1 Infraskope Siem\+ | 2026-05-20 | 8.2 High |
| Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to obtain critical information. | ||||
| CVE-2022-0495 | 1 Parantezteknoloji | 1 Koha Library Automation | 2026-05-20 | 9.4 Critical |
| The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01. | ||||
| CVE-2026-7668 | 1 Mikrotik | 1 Routeros | 2026-05-20 | 7.3 High |
| A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1_STRING_data in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulation of the argument transactionID/messageType leads to out-of-bounds read. The attack may be initiated remotely. The exploit is publicly available and might be used. You should upgrade the affected component. The vendor recommends to "use the latest v6.x or 7.x MikroTik RouterOS version, the reported issue should be fixed there." | ||||