Export limit exceeded: 352194 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (352194 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2907 | 1 Marksoft | 1 Marksoft | 2026-05-22 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Marksoft allows SQL Injection. This issue affects Marksoft: through Mobile:v.7.1.7 ; Login:1.4 ; API:20230605. | ||||
| CVE-2013-2566 | 4 Canonical, Fujitsu, Mozilla and 1 more | 24 Ubuntu Linux, M10-1, M10-1 Firmware and 21 more | 2026-05-22 | 5.9 Medium |
| The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. | ||||
| CVE-2023-2957 | 1 Lisayazilim | 1 Florist Site | 2026-05-22 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lisa Software Florist Site allows SQL Injection. This issue affects Florist Site: before 3.0. | ||||
| CVE-2023-2958 | 1 Orjinyazilim | 1 Ats Pro | 2026-05-22 | 9.8 Critical |
| Authorization Bypass Through User-Controlled Key vulnerability in Origin Software ATS Pro allows Authentication Abuse, Authentication Bypass. This issue affects ATS Pro: before 20230714. | ||||
| CVE-2005-1794 | 1 Microsoft | 2 Remote Desktop Connection, Windows Terminal Services Using Rdp | 2026-05-22 | 7.4 High |
| Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks. | ||||
| CVE-2012-0814 | 1 Openbsd | 1 Openssh | 2026-05-22 | 6.5 Medium |
| The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory. | ||||
| CVE-2026-5072 | 1 Zephyrproject-rtos | 1 Zephyr | 2026-05-22 | N/A |
| A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTP_MSG_MANAGEMENT message to set an unvalidated negative log_announce_interval value in the port's data set. When a subsequent PTP_MSG_ANNOUNCE message is processed, port_timer_set_timeout_random computes a timeout as NSEC_PER_SEC >> -log_seconds; if the attacker-supplied value is sufficiently negative (e.g., -127), the shift amount exceeds the 64-bit integer width, triggering undefined behavior in C. This can cause a system crash via a compiler-generated illegal instruction trap on some architectures, or produce an erroneous zero timeout leading to resource starvation loops or other logical errors. | ||||
| CVE-2023-2959 | 1 Olivaekspertiz | 1 Oliva Ekspertiz | 2026-05-22 | 7.5 High |
| Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS allows Collect Data as Provided by Users. This issue affects Oliva Expertise EKS: before 1.2. | ||||
| CVE-2023-2960 | 1 Olivaekspertiz | 1 Oliva Ekspertiz | 2026-05-22 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliva Expertise Oliva Expertise EKS allows Cross-Site Scripting (XSS). This issue affects Oliva Expertise EKS: before 1.2. | ||||
| CVE-2023-2963 | 1 Olivaekspertiz | 1 Oliva Ekspertiz | 2026-05-22 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oliva Expertise Oliva Expertise EKS allows SQL Injection. This issue affects Oliva Expertise EKS: before 1.2. | ||||
| CVE-2023-3000 | 1 Erikogluteknoloji | 1 Energy Monitoring | 2026-05-22 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Erikoglu Technology ErMon allows Command Line Execution through SQL Injection, Authentication Bypass. This issue affects ErMon: before 230602. | ||||
| CVE-2023-3045 | 1 Tise | 1 Parking Web Report | 2026-05-22 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tise Technology Parking Web Report allows SQL Injection. This issue affects Parking Web Report: before 2.1. | ||||
| CVE-2023-3046 | 1 Biltay | 1 Scienta | 2026-05-22 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Scienta allows SQL Injection. This issue affects Scienta: before 20230630.1953. | ||||
| CVE-2023-3047 | 1 Tmtmakine | 2 Lockcell, Lockcell Firmware | 2026-05-22 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TMT Lockcell allows SQL Injection. This issue affects Lockcell: before 15. | ||||
| CVE-2023-3048 | 1 Tmtmakine | 2 Lockcell, Lockcell Firmware | 2026-05-22 | 9.8 Critical |
| Authorization Bypass Through User-Controlled Key vulnerability in TMT Lockcell allows Authentication Abuse, Authentication Bypass. This issue affects Lockcell: before 15. | ||||
| CVE-2023-3049 | 1 Tmtmakine | 2 Lockcell, Lockcell Firmware | 2026-05-22 | 9.8 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in TMT Lockcell allows Command Injection. This issue affects Lockcell: before 15. | ||||
| CVE-2023-3050 | 1 Tmtmakine | 2 Lockcell, Lockcell Firmware | 2026-05-22 | 9.8 Critical |
| Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse, Authentication Bypass. This issue affects Lockcell: before 15. | ||||
| CVE-2023-35069 | 1 Biges | 1 Bullwark Momentum Series | 2026-05-22 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Bullwark allows Path Traversal. This issue affects Bullwark: before BLW-2016E-960H. | ||||
| CVE-2023-35068 | 1 Bma | 1 Personnel Tracking System | 2026-05-22 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BMA Personnel Tracking System allows SQL Injection. This issue affects Personnel Tracking System: before 20230904. | ||||
| CVE-2023-35067 | 1 Infodrom | 1 E-invoice Approval System | 2026-05-22 | 7.5 High |
| Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System allows Read Sensitive Strings Within an Executable. This issue affects E-Invoice Approval System: before v.20230701. | ||||