Export limit exceeded: 351904 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351904 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351904 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0900 | 1 Netdatasoft | 1 Divvy Drive | 2026-05-20 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NetDataSoft DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from unspecified before v.4.6.2.0. | ||||
| CVE-2022-1277 | 1 Inavitas | 1 Solar Log | 2026-05-20 | 9.4 Critical |
| Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability. | ||||
| CVE-2022-2177 | 1 Kayrasoft | 1 Kayrasoft | 2026-05-20 | 9.4 Critical |
| Kayrasoft product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2. | ||||
| CVE-2022-2178 | 1 Saysis | 1 Starcities | 2026-05-20 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saysis Computer Starcities allows Cross-Site Scripting (XSS). This issue affects Starcities: before 1.1. | ||||
| CVE-2022-2265 | 1 Identity And Directory Management System Project | 1 Identity And Directory Management System | 2026-05-20 | 7.5 High |
| The Identity and Directory Management System developed by Çekino Bilgi Teknolojileri before version 2.1.25 has an unauthenticated Path traversal vulnerability. This has been fixed in the version 2.1.25 | ||||
| CVE-2022-2266 | 1 Yordam | 1 Library Automation System | 2026-05-20 | 6.1 Medium |
| University Library Automation System developed by Yordam Bilgi Teknolojileri before version 19.2 has an unauthenticated Reflected XSS vulnerability. This has been fixed in the version 19.2 | ||||
| CVE-2022-2315 | 1 Databank | 1 Accreditation Tracking\/presentation Module | 2026-05-20 | 9.4 Critical |
| Database Software Accreditation Tracking/Presentation Module product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2. | ||||
| CVE-2022-2504 | 1 Sdd-baro Project | 1 Sdd-baro | 2026-05-20 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SDD Computer Software SDD-Baro allows SQL Injection. This issue affects SDD-Baro: before 2.8.432. | ||||
| CVE-2022-2807 | 1 Algan | 1 Prens Student Information System | 2026-05-20 | 9.8 Critical |
| SQL Injection vulnerability in Algan Software Prens Student Information System allows SQL Injection. This issue affects Prens Student Information System: before 2.1.11. | ||||
| CVE-2022-2808 | 1 Algan | 1 Prens Student Information System | 2026-05-20 | 8.8 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Algan Software Prens Student Information System allows Object Relational Mapping Injection. This issue affects Prens Student Information System: before 2.1.11. | ||||
| CVE-2022-3693 | 1 Fileorbis | 1 Fileorbis | 2026-05-20 | 7.5 High |
| Path Traversal vulnerability in Deytek Informatics FileOrbis File Management System allows Path Traversal. This issue affects FileOrbis File Management System: from unspecified before 10.6.3. | ||||
| CVE-2022-3760 | 1 Miateknoloji | 1 Mia-med | 2026-05-20 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mia Technology Mia-Med. This issue affects Mia-Med: before 1.0.0.58. | ||||
| CVE-2022-3792 | 1 Gullseye | 1 Gullseye Terminal Operating System | 2026-05-20 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GullsEye GullsEye terminal operating system allows SQL Injection. This issue affects GullsEye terminal operating system: from unspecified before 5.0.13. | ||||
| CVE-2022-4422 | 1 Bulutses | 1 Bulutdesk Callcenter | 2026-05-20 | 9.8 Critical |
| Call Center System developed by Bulutses Information Technologies before version 3.0 has an unauthenticated Sql Injection vulnerability. This has been fixed in the version 3.0 | ||||
| CVE-2022-4554 | 1 Idyazilim | 1 B2b Dealer Order System | 2026-05-20 | 5.4 Medium |
| B2B Customer Ordering System developed by ID Software Project and Consultancy Services before version 1.0.0.347 has an authenticated Reflected XSS vulnerability. This has been fixed in the version 1.0.0.347. | ||||
| CVE-2026-6902 | 1 Perforce | 1 Helix Core | 2026-05-20 | N/A |
| A Remote Code Execution vulnerability in P4 (Helix Core) Server's Command-Line Client, prior to the 2025.2 Patch 2, has been fixed to address potential security risks. | ||||
| CVE-2026-20994 | 1 Samsung | 1 Account | 2026-05-20 | N/A |
| URL redirection in Samsung Account prior to version 15.5.01.1 allows local attackers to potentially get access token. | ||||
| CVE-2026-4878 | 2 Libcap Project, Redhat | 10 Libcap, Discovery, Enterprise Linux and 7 more | 2026-05-20 | 6.7 Medium |
| A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation. | ||||
| CVE-2026-45036 | 2 Eugeny, Tabby | 2 Tabby, Tabby | 2026-05-20 | 7 High |
| Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. The ZModemMiddleware in tabby-terminal consumes all session output through a Zmodem.Sentry, and when a ZMODEM ZRQINIT header is detected, unconditionally calls detection.confirm() and writes a fixed ZRINIT response ( **\x18B0100000023be50\r\n\x11) back into the active PTY as input. When the process that triggered the detection (e.g., cat) exits, the injected bytes are consumed by the user's shell as a command line. Under fish (default configuration), the ** prefix triggers recursive glob expansion against the current directory, allowing an attacker-placed executable at a matching nested path (e.g., d/xB0100000023be50) to be executed by relative pathname without relying on PATH. Under bash and zsh, a secondary xterm.js terminal color-query feedback (OSC 10) can be combined in the same file to inject a slash-containing command word that similarly bypasses PATH resolution. An attacker can exploit this by providing a crafted file (e.g., in a cloned Git repository) that a user displays with cat, achieving code execution with no interaction beyond viewing the file. This vulnerability is fixed in 1.0.233. | ||||
| CVE-2026-45038 | 2 Eugeny, Tabby | 2 Tabby, Tabby | 2026-05-20 | 7.8 High |
| Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, since Tabby does not escape control characters from file paths when dragging and dropping a file into it, code execution can be achieved. This vulnerability is fixed in 1.0.233. | ||||