Export limit exceeded: 355881 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (355881 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6255 | 1 Utarit | 2 Solipay Mobile, Solipay Mobile App | 2026-05-20 | 7.5 High |
| Use of Hard-coded Credentials vulnerability in Utarit Information Technologies SoliPay Mobile App allows Read Sensitive Strings Within an Executable. This issue affects SoliPay Mobile App: before 5.0.8. | ||||
| CVE-2023-4993 | 1 Utarit | 2 Solipay Mobile, Solipay Mobile App | 2026-05-20 | 7.5 High |
| Incorrect Use of Privileged APIs vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users. This issue affects SoliPay Mobile App: before 5.0.8. | ||||
| CVE-2023-6436 | 1 Ekolbilisim | 1 Web Sablonu Yazilimi | 2026-05-20 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ekol Informatics Website Template allows SQL Injection. This issue affects Website Template: through 20231215. | ||||
| CVE-2023-6441 | 2 Uni-pa University Marketing And Computer Internet Trade Inc, Unipa | 2 University Information System, University Information System | 2026-05-20 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in UNI-PA University Marketing & Computer Internet Trade Inc. University Information System allows SQL Injection. This issue affects University Information System: before 12.12.2023. | ||||
| CVE-2023-6515 | 1 Miateknoloji | 1 Mia-med | 2026-05-20 | 8.8 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. MİA-MED allows Authentication Abuse. This issue affects MİA-MED: before 1.0.7. | ||||
| CVE-2023-6517 | 1 Miateknoloji | 1 Mia-med | 2026-05-20 | 7.5 High |
| Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. MİA-MED allows Collect Data as Provided by Users. This issue affects MİA-MED: before 1.0.7. | ||||
| CVE-2023-6518 | 1 Miateknoloji | 1 Mia-med | 2026-05-20 | 7.5 High |
| Plaintext Storage of a Password vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable. This issue affects MİA-MED: before 1.0.7. | ||||
| CVE-2023-6519 | 1 Miateknoloji | 1 Mia-med | 2026-05-20 | 7.5 High |
| Exposure of Data Element to Wrong Session vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable. This issue affects MİA-MED: before 1.0.7. | ||||
| CVE-2023-6522 | 1 Extremepacs | 1 Extreme Xds | 2026-05-20 | 7.2 High |
| Incorrect Use of Privileged APIs vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users. This issue affects Extreme XDS: before 3914. | ||||
| CVE-2023-6523 | 1 Extremepacs | 1 Extreme Xds | 2026-05-20 | 8.8 High |
| Authorization Bypass Through User-Controlled Key vulnerability in ExtremePacs Extreme XDS allows Authentication Abuse. This issue affects Extreme XDS: before 3914. | ||||
| CVE-2023-6672 | 1 Nationalkeep | 1 Cybermath | 2026-05-20 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in National Keep Cyber Security Services CyberMath allows Stored XSS. This issue affects CyberMath: from v1.4 before v1.5. | ||||
| CVE-2023-6673 | 1 Nationalkeep | 1 Cybermath | 2026-05-20 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in National Keep Cyber Security Services CyberMath allows Reflected XSS. This issue affects CyberMath: from v.1.4 before v.1.5. | ||||
| CVE-2023-6675 | 1 Nationalkeep | 1 Cybermath | 2026-05-20 | 9.8 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in National Keep Cyber Security Services CyberMath allows Upload a Web Shell to a Web Server. This issue affects CyberMath: from v.1.4 before v.1.5. | ||||
| CVE-2026-36829 | 1 Panabit | 1 Pap-xm320 | 2026-05-20 | 9.8 Critical |
| An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesystem existence check based on a user-controlled cookie value without proper sanitization, allowing directory traversal and bypass of authentication. | ||||
| CVE-2025-51427 | 1 Modelscope | 1 Modelscope | 2026-05-20 | 7.3 High |
| An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file (dey_mini.yaml) under the key ['nnet']['module']. | ||||
| CVE-2025-70950 | 1 Itang | 1 Gohttp | 2026-05-20 | 7.3 High |
| An issue in gohttp commit 34ea51 allows attackers to execute a directory traversal via supplying a crafted request. | ||||
| CVE-2026-36827 | 1 Panabit | 1 Pap-xm320 | 2026-05-20 | 5.4 Medium |
| A command injection vulnerability exists in Panabit PAP-XM320 up to and including V7.7. The web management interface invokes the backend helper /usr/sbin/pappiw and passes user-controlled parameters to it. The helper performs unsafe argument processing using eval, which allows command injection when attacker-controlled input is included in the arguments. As a result, an authenticated remote attacker with access to the management interface may execute arbitrary shell commands. | ||||
| CVE-2026-36828 | 1 Panabit | 1 Pap-xm320 | 2026-05-20 | 8.8 High |
| A command injection vulnerability exists in the /cgi-bin/tools/ajax_cmd endpoint of Panabit PAP-XM320 up to and including v7.7. The CGI component allows authenticated users to execute arbitrary shell commands with root privileges via the action=runcmd parameter. | ||||
| CVE-2026-44408 | 1 Zte | 1 Mu5250 | 2026-05-20 | 6.3 Medium |
| There is an unauthorized access vulnerability in ZTE MU5250. Due to improper permission control of the Web interface, an unauthorized attacker can modify configuration through the interface. | ||||
| CVE-2026-8727 | 1 Typo3 | 1 Extension "site Crawler" | 2026-05-20 | N/A |
| The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize(). An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation requires administrative privileges to configure a crawler-enabled page and trigger the crawl via a Scheduler task. | ||||