Export limit exceeded: 11508 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11508 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-4040 | 2026-06-05 | 7.1 High | ||
| Authorization Bypass Through User-Controlled Key vulnerability in Turpak Automatic Station Monitoring System allows Privilege Escalation. This issue affects Automatic Station Monitoring System: before 5.0.6.51. | ||||
| CVE-2025-4129 | 2026-06-05 | 7.5 High | ||
| Authorization Bypass Through User-Controlled Key vulnerability in PAVO Inc. PAVO Pay allows Exploitation of Trusted Identifiers. This issue affects PAVO Pay: before 13.05.2025. | ||||
| CVE-2026-8389 | 1 Mozilla | 1 Firefox | 2026-06-05 | 8.8 High |
| JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3. | ||||
| CVE-2026-11296 | 1 Google | 1 Chrome | 2026-06-05 | 7.5 High |
| Inappropriate implementation in ImageCapture in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2025-4296 | 2026-06-05 | 4.7 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in HotelRunner B2B allows Forceful Browsing. This issue affects B2B: before 04.06.2025. | ||||
| CVE-2025-4319 | 1 Birebirsoft | 1 Sufirmam | 2026-06-05 | 9.4 Critical |
| Improper Restriction of Excessive Authentication Attempts, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Brute Force, Password Recovery Exploitation. This issue affects Sufirmam: through 23012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-4320 | 1 Birebirsoft | 1 Sufirmam | 2026-06-05 | 10 Critical |
| Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Authentication Bypass, Password Recovery Exploitation. This issue affects Sufirmam: through 23012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-5261 | 2026-06-05 | 7.5 High | ||
| Authorization Bypass Through User-Controlled Key vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Exploitation of Trusted Identifiers. This issue affects Pik Online: before 3.1.5. | ||||
| CVE-2025-5518 | 1 Argustech | 1 Bilger | 2026-06-05 | 6.5 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability with user privileges in ArgusTech BILGER allows Exploitation of Trusted Identifiers. This issue affects BILGER: before 2.4.6. | ||||
| CVE-2025-5681 | 2026-06-05 | 6.5 Medium | ||
| Authorization Bypass Through User-Controlled Key vulnerability in Turtek Software Eyotek allows Exploitation of Trusted Identifiers. This issue affects Eyotek: before 23.06.2025. | ||||
| CVE-2025-5997 | 1 Beamsec | 1 Phishpro | 2026-06-05 | 8.8 High |
| Incorrect Use of Privileged APIs vulnerability in Beamsec PhishPro allows Privilege Abuse. This issue affects PhishPro: before 7.5.4.2. | ||||
| CVE-2025-6967 | 1 Sarman Soft Software And Technology Services Industry And Trade Ltd. Co. | 1 Cms | 2026-06-05 | 8.7 High |
| Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking (aka JavaScript Hijacking), Authentication Bypass. This issue affects CMS: through 10022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-7013 | 2 Qr Menu Pro Smart Menu Systems, Qrmenumpro | 2 Menu Panel, Menu Panel | 2026-06-05 | 5.7 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Exploitation of Trusted Identifiers. This issue affects Menu Panel: through 29012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-40989 | 2 Spring, Vmware | 2 Spring Cloud Function, Spring Cloud Function | 2026-06-05 | 5.7 Medium |
| Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6 Spring Cloud Function 4.3.x: versions prior to 4.3.3 Spring Cloud Function 5.0.x: versions prior to 5.0.2 Older, unsupported versions are also affected. | ||||
| CVE-2025-7347 | 1 Dinibh Puzzle Software Solutions | 1 Dinibh Patrol Tracking System | 2026-06-05 | 8.8 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Dinibh Puzzle Software Solutions Dinibh Patrol Tracking System allows Exploitation of Trusted Identifiers. This issue affects Dinibh Patrol Tracking System: through 10022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-7355 | 1 Beefull Energy | 1 Beefull App | 2026-06-05 | 6.5 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Beefull Energy Technologies Beefull App allows Exploitation of Trusted Identifiers. This issue affects Beefull App: before 24.07.2025. | ||||
| CVE-2025-7702 | 1 Pusula | 1 Manageable Email Sending System | 2026-06-05 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Pusula Communication Information Internet Industry and Trade Ltd. Co. Manageable Email Sending System allows Exploiting Trust in Client. This issue affects Manageable Email Sending System: from <=2025.06 before 2025.08.06. | ||||
| CVE-2025-8057 | 1 Patika Global Technologies | 1 Humansuite | 2026-06-05 | 6.5 Medium |
| Authorization Bypass Through User-Controlled Key, Externally Controlled Reference to a Resource in Another Sphere, Improper Authorization vulnerability in Patika Global Technologies HumanSuite allows Exploiting Trust in Client. This issue affects HumanSuite: before 53.21.0. | ||||
| CVE-2025-8350 | 1 Inrove Software And Internet Services | 1 Bieticaret Cms | 2026-06-05 | 9.8 Critical |
| Execution After Redirect (EAR), Missing Authentication for Critical Function vulnerability in Inrove Software and Internet Services BiEticaret CMS allows Authentication Bypass, HTTP Response Splitting. This issue affects BiEticaret CMS: from 2.1.13 through 19022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-8463 | 2026-06-05 | 5.3 Medium | ||
| Authorization Bypass Through User-Controlled Key vulnerability in SecHard Information Technologies SecHard allows Forceful Browsing. This issue affects SecHard: before 3.6.2-20250805. | ||||