Export limit exceeded: 352044 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (352044 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4670 | 1 Innosa Probbys Project | 1 Innosa Probbys | 2026-05-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Innosa Probbys allows SQL Injection. This issue affects Probbys: before 2. | ||||
| CVE-2023-4671 | 1 Talentyazilim | 1 Ecop | 2026-05-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Talent Software ECOP allows Command Line Execution through SQL Injection. This issue affects ECOP: before 32255. | ||||
| CVE-2023-4672 | 1 Talentyazilim | 1 Ecop | 2026-05-21 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Talent Software ECOP allows Reflected XSS. This issue affects ECOP: before 32255. | ||||
| CVE-2026-39047 | 1 Epson | 1 L14150 | 2026-05-21 | 7.5 High |
| Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a remote attacker to execute arbitrary code via the RAW Printing Service (JetDirect) on TCP port 9100 | ||||
| CVE-2026-44926 | 1 Veritas | 1 Infoscale | 2026-05-21 | 8.8 High |
| InfoScale CmdServer before 7.4.2 mishandles access control. | ||||
| CVE-2026-30691 | 1 Cyntler | 1 React-doc-viewer | 2026-05-21 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitrary JavaScript via a crafted .txt file. The TXTRenderer component fails to sanitize file content and explicitly casts raw data as a ReactNode | ||||
| CVE-2023-4673 | 1 Sanalogi | 1 Turasistan | 2026-05-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sanalogy Turasistan allows SQL Injection. This issue affects Turasistan: before 20230911 . | ||||
| CVE-2026-41054 | 2 Novell, Suse | 21 Suse Linux Enterprise For Sap Applications, Container Suse/sle-micro, Container Suse/sle-micro-rancher and 18 more | 2026-05-21 | 7.8 High |
| In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\0/sys/entropy/haveged`). However, while it detects if the connecting user is not root (`cred.uid != 0`) and prepares a negative acknowledgement (`ASCII_NAK`), it **fails to stop execution**. The code proceeds to the `switch` statement, allowing any local unprivileged user to execute privileged commands such as `MAGIC_CHROOT`. | ||||
| CVE-2026-9064 | 1 Redhat | 3 Directory Server, Enterprise Linux, Redhat Directory Server | 2026-05-21 | 7.5 High |
| A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls within the default maximum BER message size (2 MB), causing excessive CPU consumption and heap allocation on the server. Under concurrent exploitation, this leads to significant latency degradation, worker thread starvation, or out-of-memory termination, resulting in a denial of service. | ||||
| CVE-2026-22314 | 1 Mesalvo | 2 Meona Client Launcher Component, Meona Server Component | 2026-05-21 | 9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables code execution on other users' systems. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020. | ||||
| CVE-2026-0856 | 1 Mesalvo | 2 Meona Client Launcher Component, Meona Server Component | 2026-05-21 | 7.8 High |
| Improper Access Control vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables a normal user gaining access to the admin panel. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020. | ||||
| CVE-2026-22315 | 1 Mesalvo | 2 Meona Client Launcher Component, Meona Server Component | 2026-05-21 | 7.2 High |
| Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export of user data, including cleartext passwords, via the SQL editor. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020. | ||||
| CVE-2026-0857 | 1 Mesalvo | 2 Meona Client Launcher Component, Meona Server Component | 2026-05-21 | 6 Medium |
| Cleartext Storage of Sensitive Information in Memory vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020. | ||||
| CVE-2026-25602 | 1 Mesalvo | 2 Meona Client Launcher Component, Meona Server Component | 2026-05-21 | 4.4 Medium |
| Insufficient Verification of Data Authenticity vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component makes it possible to send messages to any email address. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020. | ||||
| CVE-2025-11954 | 1 Sitemio | 1 Wisecp | 2026-05-21 | 8 High |
| Cross-Site request forgery (CSRF) vulnerability in Sitemio Information Technologies Trade Ltd. Co. WISECP allows Cross Site Request Forgery. This issue affects WISECP: through 20022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-24425 | 1 Twigphp | 1 Twig | 2026-05-21 | 8.8 High |
| Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that fails to use the current template source to bypass sandbox restrictions and execute arbitrary code when the sandbox is enabled through a source policy rather than globally. | ||||
| CVE-2023-7346 | 1 Ledger | 1 Ledger Bitcoin App | 2026-05-21 | 4 Medium |
| Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of miniscript policies containing the a: fragment. Attackers can craft malicious miniscript policies that cause the device to derive and display incorrect receiving addresses, potentially leading to funds being sent to unintended addresses. | ||||
| CVE-2026-5783 | 1 Beyaz Computer Software Design Industry And Trade Ltd. Co. | 1 Cityplus | 2026-05-21 | 7.6 High |
| Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Beyaz Computer Software Design Industry and Trade Ltd. Co. CityPLus allows Reflected XSS. This issue affects CityPLus: before V24.29750.1.0. | ||||
| CVE-2025-32750 | 1 Dell | 3 Powerflex Manager, Powerflex Manager Appliance, Powerflex Manager Rack | 2026-05-21 | 7.5 High |
| Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. | ||||
| CVE-2026-4293 | 1 Kieback&peter | 8 Ddc4002 Firmware, Ddc4020e Firmware, Ddc4040e Firmware and 5 more | 2026-05-21 | 5.3 Medium |
| The affected Kieback & Peter DDC building controllers are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim's browser, which allows the attacker to control the browser. | ||||