Export limit exceeded: 352202 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (352202 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-31405 | 1 Linux | 1 Linux Kernel | 2026-05-20 | 9.8 Critical |
| In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ule_mandatory_ext_handlers[] and ule_optional_ext_handlers[] tables in handle_one_ule_extension() are declared with 255 elements (valid indices 0-254), but the index htype is derived from network-controlled data as (ule_sndu_type & 0x00FF), giving a range of 0-255. When htype equals 255, an out-of-bounds read occurs on the function pointer table, and the OOB value may be called as a function pointer. Add a bounds check on htype against the array size before either table is accessed. Out-of-range values now cause the SNDU to be discarded. | ||||
| CVE-2023-6153 | 2026-05-20 | 9.8 Critical | ||
| Authentication Bypass by Primary Weakness vulnerability in TeoSOFT Software TeoBASE allows Authentication Bypass. This issue affects TeoBASE: through 20240327. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-6190 | 1 Ikcu | 1 University Information Management System | 2026-05-20 | 9.8 Critical |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in İzmir Katip Çelebi University University Information Management System allows Absolute Path Traversal. This issue affects University Information Management System: before 30.11.2023. | ||||
| CVE-2023-6201 | 1 Univera | 1 Panorama | 2026-05-20 | 8.8 High |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Univera Computer System Panorama allows Command Injection. This issue affects Panorama: before 8.0. | ||||
| CVE-2023-6255 | 1 Utarit | 2 Solipay Mobile, Solipay Mobile App | 2026-05-20 | 7.5 High |
| Use of Hard-coded Credentials vulnerability in Utarit Information Technologies SoliPay Mobile App allows Read Sensitive Strings Within an Executable. This issue affects SoliPay Mobile App: before 5.0.8. | ||||
| CVE-2023-4993 | 1 Utarit | 2 Solipay Mobile, Solipay Mobile App | 2026-05-20 | 7.5 High |
| Incorrect Use of Privileged APIs vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users. This issue affects SoliPay Mobile App: before 5.0.8. | ||||
| CVE-2023-6436 | 1 Ekolbilisim | 1 Web Sablonu Yazilimi | 2026-05-20 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ekol Informatics Website Template allows SQL Injection. This issue affects Website Template: through 20231215. | ||||
| CVE-2023-6441 | 2 Uni-pa University Marketing And Computer Internet Trade Inc, Unipa | 2 University Information System, University Information System | 2026-05-20 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in UNI-PA University Marketing & Computer Internet Trade Inc. University Information System allows SQL Injection. This issue affects University Information System: before 12.12.2023. | ||||
| CVE-2023-6515 | 1 Miateknoloji | 1 Mia-med | 2026-05-20 | 8.8 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. MİA-MED allows Authentication Abuse. This issue affects MİA-MED: before 1.0.7. | ||||
| CVE-2023-6517 | 1 Miateknoloji | 1 Mia-med | 2026-05-20 | 7.5 High |
| Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. MİA-MED allows Collect Data as Provided by Users. This issue affects MİA-MED: before 1.0.7. | ||||
| CVE-2023-6518 | 1 Miateknoloji | 1 Mia-med | 2026-05-20 | 7.5 High |
| Plaintext Storage of a Password vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable. This issue affects MİA-MED: before 1.0.7. | ||||
| CVE-2023-6519 | 1 Miateknoloji | 1 Mia-med | 2026-05-20 | 7.5 High |
| Exposure of Data Element to Wrong Session vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable. This issue affects MİA-MED: before 1.0.7. | ||||
| CVE-2023-6522 | 1 Extremepacs | 1 Extreme Xds | 2026-05-20 | 7.2 High |
| Incorrect Use of Privileged APIs vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users. This issue affects Extreme XDS: before 3914. | ||||
| CVE-2023-6523 | 1 Extremepacs | 1 Extreme Xds | 2026-05-20 | 8.8 High |
| Authorization Bypass Through User-Controlled Key vulnerability in ExtremePacs Extreme XDS allows Authentication Abuse. This issue affects Extreme XDS: before 3914. | ||||
| CVE-2023-6672 | 1 Nationalkeep | 1 Cybermath | 2026-05-20 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in National Keep Cyber Security Services CyberMath allows Stored XSS. This issue affects CyberMath: from v1.4 before v1.5. | ||||
| CVE-2023-6673 | 1 Nationalkeep | 1 Cybermath | 2026-05-20 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in National Keep Cyber Security Services CyberMath allows Reflected XSS. This issue affects CyberMath: from v.1.4 before v.1.5. | ||||
| CVE-2023-6675 | 1 Nationalkeep | 1 Cybermath | 2026-05-20 | 9.8 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in National Keep Cyber Security Services CyberMath allows Upload a Web Shell to a Web Server. This issue affects CyberMath: from v.1.4 before v.1.5. | ||||
| CVE-2026-36829 | 1 Panabit | 1 Pap-xm320 | 2026-05-20 | 9.8 Critical |
| An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesystem existence check based on a user-controlled cookie value without proper sanitization, allowing directory traversal and bypass of authentication. | ||||
| CVE-2025-61081 | 1 Byd | 1 Atto3 | 2026-05-20 | 7.5 High |
| In BYD Atto3, an attacker can obtain an authentication key through Brute Force attack, which is permanently available. The authentication key enables flash to the Electronic Parking Break (EPB) and Supplemental Restoration System (SRS) related ECUs. | ||||
| CVE-2025-51427 | 1 Modelscope | 1 Modelscope | 2026-05-20 | 7.3 High |
| An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file (dey_mini.yaml) under the key ['nnet']['module']. | ||||