Export limit exceeded: 362534 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 362534 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2514 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-6401 | 2 Sfs, Sfs Consulting | 2 Insuree Gl, Insuree Gl | 2026-06-03 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting InsureE GL allows SQL Injection. This issue affects InsureE GL: before 4.6.2. | ||||
| CVE-2024-6445 | 1 Dataflowx | 1 Datadiodex | 2026-06-03 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DataFlowX Technology DataDiodeX allows Path Traversal. This issue affects DataDiodeX: from v3.0.0 before v3.1.7. | ||||
| CVE-2024-6684 | 1 Gstelectronics | 1 Inohom Nova Panel N7 | 2026-06-03 | N/A |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in GST Electronics inohom Nova Panel N7 allows Authentication Bypass. This issue affects inohom Nova Panel N7: through 1.9.9.6. NOTE: The vendor was contacted and it was learned that the product is not supported. | ||||
| CVE-2024-6877 | 2 Eliz Software, Elizsoftware | 2 Panel, Panel | 2026-06-03 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Eliz Software Panel allows Reflected XSS. This issue affects Panel: before v2.3.24. | ||||
| CVE-2024-6878 | 1 Eliz Software | 1 Panel | 2026-06-03 | N/A |
| Files or Directories Accessible to External Parties vulnerability in Eliz Software Panel allows Collect Data from Common Resource Locations. This issue affects Panel: before v2.3.24. | ||||
| CVE-2024-6917 | 1 Veribase | 2 Order Management, Veribase Order Management | 2026-06-03 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Veribilim Software Veribase Order Management allows OS Command Injection. This issue affects Veribase Order Management: before v4.010.2. | ||||
| CVE-2024-6919 | 2 Nac, Nac Telecommunication Systems | 2 Nacpremium, Nacpremium | 2026-06-03 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Blind SQL Injection. This issue affects NACPremium: through 01082024. | ||||
| CVE-2024-7071 | 2 Brain Information Technologies, Brainlowcode | 2 Brain Low-code, Brain Low-code | 2026-06-03 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in Brain Information Technologies Inc. Brain Low-Code allows SQL Injection. This issue affects Brain Low-Code: before 2.1.0. | ||||
| CVE-2024-7076 | 2 Semtek, Semtekyazilim | 2 Sempos, Semtek Sempos | 2026-06-03 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows Blind SQL Injection. This issue affects Semtek Sempos: through 31072024. | ||||
| CVE-2024-7078 | 2 Semtek, Semtekyazilim | 2 Sempos, Semtek Sempos | 2026-06-03 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows SQL Injection. This issue affects Semtek Sempos: through 31072024. | ||||
| CVE-2024-7098 | 2 Sfs, Sfs Consulting | 2 Winsure, Wwwinsure | 2026-06-03 | 9.8 Critical |
| Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection. This issue affects ww.Winsure: before 4.6.2. | ||||
| CVE-2024-7104 | 2 Sfs, Sfs Consulting | 2 Winsure, Wwwinsure | 2026-06-03 | 9.8 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection. This issue affects ww.Winsure: before 4.6.2. | ||||
| CVE-2024-7609 | 1 Vidco | 1 Voc Tester | 2026-06-03 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vidco Software VOC TESTER allows Path Traversal. This issue affects VOC TESTER: before 12.34.8. | ||||
| CVE-2024-7735 | 1 Exnet Informatics Software | 1 Ferry Reservation System | 2026-06-03 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Exnet Informatics Software Ferry Reservation System allows SQL Injection. This issue affects Ferry Reservation System: before 240805-002. | ||||
| CVE-2024-7785 | 2026-06-03 | N/A | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ece Software Electronic Ticket System allows Reflected XSS, Cross-Site Scripting (XSS). This issue affects Electronic Ticket System: before 2024.08. | ||||
| CVE-2026-8931 | 1 Disig | 1 Web Signer | 2026-06-02 | N/A |
| A critical Remote Code Execution (RCE) vulnerability exists in Disig Web Signer versions 2.0.3 through 2.5.3. | ||||
| CVE-2026-47117 | 1 Maziyarpanahi | 1 Openmed | 2026-06-02 | 9.8 Critical |
| OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied model_name parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path that loads Hugging Face models with trust_remote_code=True. An unauthenticated attacker can supply a malicious model repository containing custom Transformers code via auto_map in config.json or tokenizer_config.json, which is imported and executed with the privileges of the OpenMed service process. | ||||
| CVE-2026-0611 | 1 Spacelabs Healthcare | 1 Sentinel | 2026-06-02 | 9.8 Critical |
| Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthenticated remote code execution vulnerability through a deprecated .NET Remoting HTTP channel exposed on port 8989 that allows attackers to perform arbitrary file read and write operations by supplying valid .NET URI endpoints. Attackers can write ASPX webshells to the IIS wwwroot directory to achieve unauthenticated remote code execution on the system. Port 8989 is not exposed in a default Sentinel installation; exploitation requires that the .NET Remoting port has been explicitly made network-accessible through deliberate configuration or network policy changes. | ||||
| CVE-2026-10187 | 1 Totolink | 2 N300rh, N300rh Firmware | 2026-06-02 | 9.8 Critical |
| A vulnerability was detected in Totolink N300RH 6.1c.1353_B20190305. Affected by this issue is the function setWiFiBasicConfig of the file wireless.so of the component Web Management Interface. Performing a manipulation of the argument KeyStr results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. | ||||
| CVE-2025-15625 | 1 Sparxsystems | 2 Pro Cloud Server, Sparx Pro Cloud Server | 2026-06-02 | 9.8 Critical |
| Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases. | ||||