Export limit exceeded: 351901 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351901 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-7467 | 2 Edmonsoft, Wordpress | 2 Read More & Accordion, Wordpress | 2026-05-20 | 8.8 High |
| The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.7. This is due to the 'RadMoreAjax::importData' function not restricting which database tables can be written to during import and not properly validating the imported data. This makes it possible for authenticated attackers, with permission granted by the site owner through the plugin's role settings, to insert arbitrary rows into the 'wp_users' and 'wp_usermeta' tables, including the 'wp_capabilities' field, allowing them to create a new administrator account and gain administrator access to the site. | ||||
| CVE-2023-7103 | 1 Zksoftware | 1 Uface 5 | 2026-05-20 | 9.8 Critical |
| Authentication Bypass by Primary Weakness vulnerability in ZKSoftware Biometric Security Solutions UFace 5 allows Authentication Bypass. This issue affects UFace 5: through 12022024. | ||||
| CVE-2026-5586 | 1 Zhongyu09 | 1 Openchatbi | 2026-05-20 | 6.3 Medium |
| A vulnerability was determined in zhongyu09 openchatbi up to 0.2.1. The impacted element is an unknown function of the component Multi-stage Text2SQL Workflow. Executing a manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2023-6676 | 1 Nationalkeep | 1 Cybermath | 2026-05-20 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in National Keep Cyber Security Services CyberMath allows Cross Site Request Forgery. This issue affects CyberMath: from v1.4 before v1.5. | ||||
| CVE-2023-6677 | 1 Oduyo | 1 Online Collection | 2026-05-20 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Financial Technology Online Collection allows SQL Injection. This issue affects Online Collection: before v.1.0.2. | ||||
| CVE-2023-6724 | 1 Simgesel | 1 Hearing Tracking System | 2026-05-20 | 8.8 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System allows Authentication Abuse. This issue affects Hearing Tracking System: before for IOS 7.0, for Android Latest release 1.0. | ||||
| CVE-2023-6919 | 1 Biges | 18 Vg-255-bv, Vg-255-bv Firmware, Vg-255-df and 15 more | 2026-05-20 | 7.5 High |
| Path Traversal: '/../filedir' vulnerability in Biges Safe Life Technologies Electronics Inc. VGuard allows Absolute Path Traversal. This issue affects VGuard: before V500.0003.R008.4011.C0012.B351.C. | ||||
| CVE-2023-7081 | 1 Postahsil | 1 Online Payment System | 2026-05-20 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSTAHSİL Online Payment System allows SQL Injection. This issue affects Online Payment System: before 14.02.2024. | ||||
| CVE-2023-7153 | 1 Macroturk | 1 Macro-bel | 2026-05-20 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Macroturk Software and Internet Technologies Macro-Bel allows Reflected XSS. This issue affects Macro-Bel: before V.1.0.1. | ||||
| CVE-2022-23790 | 1 Firmanet | 1 Technology Customer Relation Manager | 2026-05-20 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firmanet Software and Technology Customer Relation Manager allows Cross-Site Scripting (XSS). This issue affects Customer Relation Manager: before 2022.03.13. | ||||
| CVE-2022-23791 | 1 Firmanet | 1 Customer Relation Manager | 2026-05-20 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firmanet Software and Technology Customer Relation Manager allows Cross-Site Scripting (XSS). This issue affects Customer Relation Manager: before 2022.03.13. | ||||
| CVE-2022-24036 | 1 Karmasis | 1 Infraskope Siem\+ | 2026-05-20 | 8.6 High |
| Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to modificate logs. | ||||
| CVE-2022-24038 | 1 Karmasis | 1 Infraskope Siem\+ | 2026-05-20 | 6.5 Medium |
| Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to damage the page where the agents are listed. | ||||
| CVE-2022-24037 | 1 Karmasis | 1 Infraskope Siem\+ | 2026-05-20 | 8.2 High |
| Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to obtain critical information. | ||||
| CVE-2022-0495 | 1 Parantezteknoloji | 1 Koha Library Automation | 2026-05-20 | 9.4 Critical |
| The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01. | ||||
| CVE-2026-7668 | 1 Mikrotik | 1 Routeros | 2026-05-20 | 7.3 High |
| A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1_STRING_data in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulation of the argument transactionID/messageType leads to out-of-bounds read. The attack may be initiated remotely. The exploit is publicly available and might be used. You should upgrade the affected component. The vendor recommends to "use the latest v6.x or 7.x MikroTik RouterOS version, the reported issue should be fixed there." | ||||
| CVE-2022-0900 | 1 Netdatasoft | 1 Divvy Drive | 2026-05-20 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NetDataSoft DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from unspecified before v.4.6.2.0. | ||||
| CVE-2022-1277 | 1 Inavitas | 1 Solar Log | 2026-05-20 | 9.4 Critical |
| Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability. | ||||
| CVE-2022-2177 | 1 Kayrasoft | 1 Kayrasoft | 2026-05-20 | 9.4 Critical |
| Kayrasoft product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2. | ||||
| CVE-2022-2178 | 1 Saysis | 1 Starcities | 2026-05-20 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saysis Computer Starcities allows Cross-Site Scripting (XSS). This issue affects Starcities: before 1.1. | ||||