Export limit exceeded: 351904 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351904 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351904 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351904 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6517 | 1 Miateknoloji | 1 Mia-med | 2026-05-20 | 7.5 High |
| Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. MİA-MED allows Collect Data as Provided by Users. This issue affects MİA-MED: before 1.0.7. | ||||
| CVE-2023-6518 | 1 Miateknoloji | 1 Mia-med | 2026-05-20 | 7.5 High |
| Plaintext Storage of a Password vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable. This issue affects MİA-MED: before 1.0.7. | ||||
| CVE-2023-6519 | 1 Miateknoloji | 1 Mia-med | 2026-05-20 | 7.5 High |
| Exposure of Data Element to Wrong Session vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable. This issue affects MİA-MED: before 1.0.7. | ||||
| CVE-2023-6522 | 1 Extremepacs | 1 Extreme Xds | 2026-05-20 | 7.2 High |
| Incorrect Use of Privileged APIs vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users. This issue affects Extreme XDS: before 3914. | ||||
| CVE-2023-6523 | 1 Extremepacs | 1 Extreme Xds | 2026-05-20 | 8.8 High |
| Authorization Bypass Through User-Controlled Key vulnerability in ExtremePacs Extreme XDS allows Authentication Abuse. This issue affects Extreme XDS: before 3914. | ||||
| CVE-2023-6672 | 1 Nationalkeep | 1 Cybermath | 2026-05-20 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in National Keep Cyber Security Services CyberMath allows Stored XSS. This issue affects CyberMath: from v1.4 before v1.5. | ||||
| CVE-2023-6673 | 1 Nationalkeep | 1 Cybermath | 2026-05-20 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in National Keep Cyber Security Services CyberMath allows Reflected XSS. This issue affects CyberMath: from v.1.4 before v.1.5. | ||||
| CVE-2023-6675 | 1 Nationalkeep | 1 Cybermath | 2026-05-20 | 9.8 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in National Keep Cyber Security Services CyberMath allows Upload a Web Shell to a Web Server. This issue affects CyberMath: from v.1.4 before v.1.5. | ||||
| CVE-2026-36829 | 1 Panabit | 1 Pap-xm320 | 2026-05-20 | 9.8 Critical |
| An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesystem existence check based on a user-controlled cookie value without proper sanitization, allowing directory traversal and bypass of authentication. | ||||
| CVE-2025-61081 | 1 Byd | 1 Atto3 | 2026-05-20 | 7.5 High |
| In BYD Atto3, an attacker can obtain an authentication key through Brute Force attack, which is permanently available. The authentication key enables flash to the Electronic Parking Break (EPB) and Supplemental Restoration System (SRS) related ECUs. | ||||
| CVE-2025-51427 | 1 Modelscope | 1 Modelscope | 2026-05-20 | 7.3 High |
| An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file (dey_mini.yaml) under the key ['nnet']['module']. | ||||
| CVE-2025-70950 | 1 Itang | 1 Gohttp | 2026-05-20 | 7.3 High |
| An issue in gohttp commit 34ea51 allows attackers to execute a directory traversal via supplying a crafted request. | ||||
| CVE-2026-36827 | 1 Panabit | 1 Pap-xm320 | 2026-05-20 | 5.4 Medium |
| A command injection vulnerability exists in Panabit PAP-XM320 up to and including V7.7. The web management interface invokes the backend helper /usr/sbin/pappiw and passes user-controlled parameters to it. The helper performs unsafe argument processing using eval, which allows command injection when attacker-controlled input is included in the arguments. As a result, an authenticated remote attacker with access to the management interface may execute arbitrary shell commands. | ||||
| CVE-2026-36828 | 1 Panabit | 1 Pap-xm320 | 2026-05-20 | 8.8 High |
| A command injection vulnerability exists in the /cgi-bin/tools/ajax_cmd endpoint of Panabit PAP-XM320 up to and including v7.7. The CGI component allows authenticated users to execute arbitrary shell commands with root privileges via the action=runcmd parameter. | ||||
| CVE-2026-44408 | 1 Zte | 1 Mu5250 | 2026-05-20 | 6.3 Medium |
| There is an unauthorized access vulnerability in ZTE MU5250. Due to improper permission control of the Web interface, an unauthorized attacker can modify configuration through the interface. | ||||
| CVE-2026-8727 | 1 Typo3 | 1 Extension "site Crawler" | 2026-05-20 | N/A |
| The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize(). An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation requires administrative privileges to configure a crawler-enabled page and trigger the crawl via a Scheduler task. | ||||
| CVE-2026-46721 | 1 Typo3 | 1 Extension "frontend User Registration" | 2026-05-20 | N/A |
| The create and edit flows do not restrict which user properties may be submitted and do not enforce access control on the frontend user group assignment. As a result, an attacker can assign an arbitrary frontend user group to a newly registered or edited account, gaining unauthorized access to content and functionality restricted to privileged frontend user groups. | ||||
| CVE-2026-8726 | 1 Typo3 | 1 Extension "news System" | 2026-05-20 | N/A |
| The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin to be in use and the TypoScript/Plugin setting disableOverrideDemand not to be enabled. | ||||
| CVE-2026-46722 | 1 Typo3 | 1 Extension "faceted Search" | 2026-05-20 | N/A |
| The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index. | ||||
| CVE-2026-46723 | 1 Typo3 | 1 Extension "faceted Search" | 2026-05-20 | N/A |
| The additional_tables configuration of the page and tt_content indexers accepts arbitrary table and field names. A backend user with permission to edit indexer configurations can copy sensitive data from internal TYPO3 tables into the search index. | ||||