Export limit exceeded: 355072 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (355072 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-50031 | 1 Freeipmi | 1 Freeipmi | 2026-06-03 | 7.5 High |
| ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system management. It is most commonly used for sensor reading (e.g., CPU temperatures through the ipmi-sensors command within FreeIPMI) and remote power control (the ipmipower command). The ipmi-oem client command implements a set of a IPMI OEM commands for specific hardware vendors. If a user has supported hardware, they may wish to use the ipmi-oem command to send a request to a server to retrieve specific information. Two subcommands "ipmi-oem dell get-active-directory-config" and "ipmi-oem fujitsu get-sel-entry-long-text" were found to have exploitable buffer overflows on response messages. | ||||
| CVE-2025-15656 | 2 Mojoomla, Wordpress | 2 School Management, Wordpress | 2026-06-03 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation. This issue affects School Management: from n/a through 93.2.0. | ||||
| CVE-2026-41032 | 2 Phoenix Contact, Phoenixcontact | 8 Charx Sec-3000 Firmware, Charx Sec-3050 Firmware, Charx Sec-3100 Firmware and 5 more | 2026-06-03 | 7.5 High |
| It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information. | ||||
| CVE-2026-4035 | 1 Mlflow | 1 Mlflow/mlflow | 2026-06-03 | N/A |
| A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because the `api_key` field in gateway secrets can accept `$ENV_VAR` references, which are resolved against the MLflow server's environment during runtime. The resolved secrets are then sent in provider authentication headers to the configured upstream `api_base`. This vulnerability can be exploited by low-privileged authenticated users in basic-auth deployments or by unauthenticated users in default deployments without `basic-auth`. The impact includes potential leakage of sensitive credentials such as cloud artifact credentials (`AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`), which could lead to artifact poisoning and cross-boundary code execution in downstream environments. The issue is fixed in version 3.11.0. | ||||
| CVE-2024-6877 | 2 Eliz Software, Elizsoftware | 2 Panel, Panel | 2026-06-03 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Eliz Software Panel allows Reflected XSS. This issue affects Panel: before v2.3.24. | ||||
| CVE-2024-6878 | 1 Eliz Software | 1 Panel | 2026-06-03 | N/A |
| Files or Directories Accessible to External Parties vulnerability in Eliz Software Panel allows Collect Data from Common Resource Locations. This issue affects Panel: before v2.3.24. | ||||
| CVE-2024-6917 | 1 Veribase | 2 Order Management, Veribase Order Management | 2026-06-03 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Veribilim Software Veribase Order Management allows OS Command Injection. This issue affects Veribase Order Management: before v4.010.2. | ||||
| CVE-2024-6919 | 2 Nac, Nac Telecommunication Systems | 2 Nacpremium, Nacpremium | 2026-06-03 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Blind SQL Injection. This issue affects NACPremium: through 01082024. | ||||
| CVE-2024-6920 | 1 Nac | 1 Nacpremium | 2026-06-03 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Stored XSS. This issue affects NACPremium: through 01082024. | ||||
| CVE-2024-6921 | 2 Nac, Nac Telecommunication Systems | 2 Nacpremium, Nacpremium | 2026-06-03 | 7.5 High |
| Cleartext Storage of Sensitive Information vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Retrieve Embedded Sensitive Data. This issue affects NACPremium: through 01082024. | ||||
| CVE-2024-7015 | 1 Profelis | 1 Passbox | 2026-06-03 | 9.8 Critical |
| Missing Authentication for Critical Function vulnerability in Profelis Informatics and Consulting PassBox allows Authentication Abuse. This issue affects PassBox: before v1.2. | ||||
| CVE-2024-7016 | 1 Smarttek | 1 Smart Doctor | 2026-06-03 | 4.8 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Smarttek Informatics Smart Doctor's allows Stored XSS required admin privileges. This issue affects Smart Doctor: through 21.11.2024. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7026 | 1 Teknogis Informatics | 1 Close Circuit Vehicle Tracking Software | 2026-06-03 | 7.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Teknogis Informatics Closed Circuit Vehicle Tracking Software allows SQL Injection, Blind SQL Injection. This issue affects Closed Circuit Vehicle Tracking Software: through 21.11.2024. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7071 | 2 Brain Information Technologies, Brainlowcode | 2 Brain Low-code, Brain Low-code | 2026-06-03 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in Brain Information Technologies Inc. Brain Low-Code allows SQL Injection. This issue affects Brain Low-Code: before 2.1.0. | ||||
| CVE-2024-7076 | 2 Semtek, Semtekyazilim | 2 Sempos, Semtek Sempos | 2026-06-03 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows Blind SQL Injection. This issue affects Semtek Sempos: through 31072024. | ||||
| CVE-2024-7077 | 1 Semtekyazilim | 1 Semtek Sempos | 2026-06-03 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows Reflected XSS. This issue affects Semtek Sempos: through 31072024. | ||||
| CVE-2024-7078 | 2 Semtek, Semtekyazilim | 2 Sempos, Semtek Sempos | 2026-06-03 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows SQL Injection. This issue affects Semtek Sempos: through 31072024. | ||||
| CVE-2024-7098 | 2 Sfs, Sfs Consulting | 2 Winsure, Wwwinsure | 2026-06-03 | 9.8 Critical |
| Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection. This issue affects ww.Winsure: before 4.6.2. | ||||
| CVE-2024-7104 | 2 Sfs, Sfs Consulting | 2 Winsure, Wwwinsure | 2026-06-03 | 9.8 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection. This issue affects ww.Winsure: before 4.6.2. | ||||
| CVE-2024-7107 | 1 Nationalkeep | 1 Cybermath | 2026-06-03 | 7.5 High |
| Files or Directories Accessible to External Parties vulnerability in National Keep Cyber Security Services CyberMath allows Collect Data from Common Resource Locations. This issue affects CyberMath: before CYBM.240816253. | ||||