Export limit exceeded: 349887 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349887 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-66955 | 1 Asseco | 1 See Live | 2026-05-12 | 6.5 Medium |
| Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" parameter in the downloadAttachment and downloadAttachmentFromPath API calls. | ||||
| CVE-2026-40137 | 1 Sap Se | 1 Business Server Pages Application (taf Applauncher) | 2026-05-12 | 6.1 Medium |
| SAP TAF_APPLAUNCHER within Business Server Pages allows an unauthenticated attacker to craft malicious links that, when clicked by a victim, redirects them to attacker?controlled sites, potentially exposing or altering sensitive information in the victim�s browser. This results in a low impact on confidentiality and integrity, with no impact on the availability of the application. | ||||
| CVE-2026-45430 | 2026-05-12 | 7.1 High | ||
| The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authorization flow against CSRF attacks. | ||||
| CVE-2026-45392 | 2026-05-12 | N/A | ||
| Reserved. Details will be published at disclosure. | ||||
| CVE-2026-7287 | 2026-05-12 | 7.5 High | ||
| ** UNSUPPORTED WHEN ASSIGNED ** A buffer overflow vulnerability in the formWep(), formWlAc(), formPasswordSetup(), formUpgradeCert(), and formDelcert() functions of the “webs” binary in Zyxel NWA1100-N customized firmware version 1.00(AACE.1)C0 could allow an attacker to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request to a vulnerable device. | ||||
| CVE-2026-7257 | 2026-05-12 | 4.4 Medium | ||
| ** UNSUPPORTED WHEN ASSIGNED ** An insecure storage of sensitive information vulnerability in the configuration file of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow a local attacker with administrator privileges to download and decrypt a backup configuration file. | ||||
| CVE-2026-43357 | 1 Linux | 1 Linux Kernel | 2026-05-12 | N/A |
| In the Linux kernel, the following vulnerability has been resolved: iio: gyro: mpu3050-core: fix pm_runtime error handling The return value of pm_runtime_get_sync() is not checked, allowing the driver to access hardware that may fail to resume. The device usage count is also unconditionally incremented. Use pm_runtime_resume_and_get() which propagates errors and avoids incrementing the usage count on failure. In preenable, add pm_runtime_put_autosuspend() on set_8khz_samplerate() failure since postdisable does not run when preenable fails. | ||||
| CVE-2026-45393 | 2026-05-12 | N/A | ||
| Reserved. Details will be published at disclosure. | ||||
| CVE-2026-7256 | 2026-05-12 | 8.8 High | ||
| ** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to execute operating system (OS) commands on a vulnerable device by sending a crafted HTTP request. | ||||
| CVE-2026-7255 | 2026-05-12 | 6.5 Medium | ||
| ** UNSUPPORTED WHEN ASSIGNED ** An improper restriction of excessive authentication attempts vulnerability in the web management interface of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to brute-force the password and bypass authentication. | ||||
| CVE-2026-44916 | 1 Openstack | 1 Ironic | 2026-05-12 | 3 Low |
| In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing. | ||||
| CVE-2026-45362 | 1 Sangoma | 1 Switchvox | 2026-05-12 | 3.2 Low |
| Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file. | ||||
| CVE-2026-8266 | 1 Open5gs | 1 Open5gs | 2026-05-12 | 4.3 Medium |
| A vulnerability was detected in Open5GS up to 2.7.7. This affects the function gsm_build_pdu_session_establishment_accept of the file /src/smf/gsm-build.c of the component SMF. The manipulation results in denial of service. The attack can be launched remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-8260 | 1 D-link | 1 Dcs-935l | 2026-05-12 | 8.8 High |
| A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnap_service of the component HNAP Service. The manipulation of the argument AdminPassword results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-8254 | 1 Devs Palace | 1 Erp Online | 2026-05-12 | 2.4 Low |
| A security flaw has been discovered in Devs Palace ERP Online up to 4.0.0. Affected by this issue is some unknown functionality of the file /inventory/sales_save. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-8248 | 1 Open5gs | 1 Open5gs | 2026-05-12 | 4.3 Medium |
| A vulnerability was detected in Open5GS up to 2.7.7. The affected element is the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. The manipulation results in denial of service. The attack may be launched remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2021-47950 | 1 Ampps | 1 Advanced Guestbook | 2026-05-12 | 6.4 Medium |
| Advanced Guestbook 2.4.4 contains a persistent cross-site scripting vulnerability in the smilies administration interface that allows authenticated attackers to inject malicious scripts by manipulating the s_emotion parameter. Attackers can submit POST requests to admin.php with JavaScript code in the s_emotion field, which executes when administrators view the smilies tab. | ||||
| CVE-2021-47944 | 1 Memono | 1 Notepad | 2026-05-12 | 7.5 High |
| memono Notepad 4.2 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character buffers into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a new note to trigger an application crash on iOS devices. | ||||
| CVE-2021-47937 | 1 E107 | 1 E107 Cms | 2026-05-12 | 8.8 High |
| e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading malicious theme files. Attackers can upload a crafted theme package through the theme.php endpoint that deploys a web shell to the e107_themes directory, then execute system commands via the payload.php script. | ||||
| CVE-2021-47930 | 1 Balbooa | 1 Balbooa Joomla Forms Builder | 2026-05-12 | 8.2 High |
| Balbooa Joomla Forms Builder 2.0.6 contains an unauthenticated SQL injection vulnerability in the form submission handler that allows remote attackers to execute arbitrary SQL queries. Attackers can send POST requests to the com_baforms component with malicious JSON payloads in the 'id' field parameter to extract sensitive database information. | ||||