Search Results (85517 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-44378 2 Botan Project, Randombit 2 Botan, Botan 2026-06-02 7.5 High
Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such BER encodings were accepted even in structures which are required to be encoded as DER, which prohibits indefinite length encodings. This vulnerability is fixed in 3.12.0.
CVE-2026-10288 1 Code-projects 1 Hotel And Tourism Reservation System 2026-06-02 7.3 High
A vulnerability was identified in code-projects Hotel and Tourism Reservation System 1.0. This issue affects the function password_verify of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Password leads to improper authentication. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
CVE-2026-49373 1 Jetbrains 1 Teamcity 2026-06-02 7.1 High
In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings
CVE-2026-49374 1 Jetbrains 1 Teamcity 2026-06-02 7.6 High
In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters
CVE-2026-10293 1 Utt 1 Hiper 1200gw 2026-06-02 8.8 High
A flaw has been found in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/formFireWall. This manipulation of the argument Profile causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
CVE-2026-10290 1 Code-projects 1 Hotel And Tourism Reservation System 2026-06-02 7.3 High
A weakness has been identified in code-projects Hotel and Tourism Reservation System 1.0. The affected element is an unknown function of the file tour.php of the component GET Parameter Handler. Executing a manipulation of the argument tour can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-7770 1 Ibm 1 I Access Family 2026-06-02 8.8 High
IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator.
CVE-2018-25432 1 Armcode 1 Arm Whois 2026-06-02 8.4 High
Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft a malicious input file with a 672-byte offset to overwrite the nSEH and SEH pointers, enabling code execution through exception handler hijacking.
CVE-2024-7837 1 Firmanet 1 Erp 2026-06-02 8.2 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Firmanet Software ERP allows SQL Injection. This issue affects ERP: through 22.11.2024. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-7872 1 Extremepacs 1 Extreme Xds 2026-06-02 7.6 High
Insertion of Sensitive Information Into Sent Data vulnerability in ExtremePACS Extreme XDS allows Retrieve Embedded Sensitive Data. This issue affects Extreme XDS: before 3933.
CVE-2024-8261 1 Prolizyazilim 1 Student Affairs Information System 2026-06-02 7.5 High
Authorization Bypass Through User-Controlled Key vulnerability in Proliz Software OBS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects OBS: before 24.0927.
CVE-2024-8609 1 Oceanicsoft 1 Valeapp 2026-06-02 7.5 High
Insertion of Sensitive Information into Log File vulnerability in Oceanic Software ValeApp allows Query System for Information. This issue affects ValeApp: before v2.0.0.
CVE-2024-8644 1 Oceanicsoft 1 Valeapp 2026-06-02 7.5 High
Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking (aka JavaScript Hijacking). This issue affects ValeApp: before v2.0.0.
CVE-2024-9149 2026-06-02 8.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wind Media E-Commerce Website Template allows SQL Injection. This issue affects E-Commerce Website Template: before v1.5.
CVE-2024-9334 2026-06-02 8.2 High
Use of Hard-coded Credentials, Storage of Sensitive Data in a Mechanism without Access Control vulnerability in E-Kent Pallium Vehicle Tracking allows Authentication Bypass. This issue affects Pallium Vehicle Tracking: before 17.10.2024.
CVE-2024-11142 1 Proticaret 1 Proticaret 2026-06-02 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in Gosoft Software Proticaret E-Commerce allows Cross Site Request Forgery. This issue affects Proticaret E-Commerce: before v6.0 NOTE: According to the vendor, fixing process is still ongoing for v4.05.
CVE-2024-11216 2026-06-02 7.6 High
Authorization Bypass Through User-Controlled Key, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in PozitifIK Pik Online allows Account Footprinting, Session Hijacking. This issue affects Pik Online: before 3.1.5.
CVE-2026-49372 1 Jetbrains 1 Teamcity 2026-06-02 7.5 High
In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible
CVE-2026-49371 1 Jetbrains 1 Teamcity 2026-06-02 7.1 High
In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
CVE-2026-45662 1 Dokploy 1 Dokploy 2026-06-02 8.8 High
Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.0 and earlier, the deleteRegistry function in Dokploy (packages/server/src/services/registry.ts) executes docker logout ${response.registryUrl} without shell escaping. In the same file, the docker login command correctly uses shEscape() to prevent command injection. This inconsistency creates a command injection vulnerability when deleting a registry with a crafted registryUrl.