Export limit exceeded: 295411 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 295493 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (295534 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1035 | 2026-06-06 | 5.7 Medium | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Komtera Technolgies KLog Server allows Manipulating Web Input to File System Calls. This issue affects KLog Server: before 3.1.1. | ||||
| CVE-2025-1161 | 1 Nomysost | 1 Nomysem | 2026-06-06 | 7.1 High |
| Incorrect Use of Privileged APIs vulnerability in NomySoft Information Technology Training and Consulting Inc. Nomysem allows Privilege Escalation. This issue affects Nomysem: through May 2025. | ||||
| CVE-2025-1269 | 2026-06-06 | 4.8 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in HAVELSAN Liman MYS allows Cross-Site Flashing. This issue affects Liman MYS: before 2.1.1 - 1010. | ||||
| CVE-2025-1301 | 1 Yordam | 1 Library Automation System | 2026-06-06 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yordam Informatics Library Automation System allows Reflected XSS. This issue affects Library Automation System: before 21.6. | ||||
| CVE-2025-1395 | 1 Codriapp | 1 Heygarson | 2026-06-06 | 8.2 High |
| Generation of Error Message Containing Sensitive Information vulnerability in Codriapp Innovation and Software Technologies Inc. HeyGarson allows Fuzzing for application mapping. This issue affects HeyGarson: through 30012026. NOTE: The vendor was contacted several times to verifying fixing process but did not respond in any way. | ||||
| CVE-2025-1469 | 2026-06-06 | 7.5 High | ||
| Authorization Bypass Through User-Controlled Key vulnerability in Turtek Software Eyotek allows Exploitation of Trusted Identifiers. This issue affects Eyotek: before 11.03.2025. | ||||
| CVE-2025-1496 | 2026-06-06 | 6.5 Medium | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in BG-TEK Coslat Hotspot allows Password Brute Forcing, Authentication Abuse. This issue affects Coslat Hotspot: before 6.26.0.R.20250227. | ||||
| CVE-2025-1740 | 1 Akinsoft | 1 Myrezzta | 2026-06-06 | 9.8 Critical |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass, Password Recovery Exploitation, Brute Force. This issue affects MyRezzta: from s2.03.01 before v2.05.01. | ||||
| CVE-2025-1885 | 1 Restajet | 1 Online Food Delivery System | 2026-06-06 | 5.4 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Restajet Information Technologies Inc. Online Food Delivery System allows Phishing, Forceful Browsing. This issue affects Online Food Delivery System: through 19122025. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-1927 | 1 Restajet | 1 Online Food Delivery System | 2026-06-06 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Restajet Information Technologies Inc. Online Food Delivery System allows Cross Site Request Forgery. This issue affects Online Food Delivery System: through 19122025. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-1928 | 1 Restajet | 1 Online Food Delivery System | 2026-06-06 | 9.1 Critical |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Restajet Information Technologies Inc. Online Food Delivery System allows Password Recovery Exploitation. This issue affects Online Food Delivery System: through 19122025. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-1929 | 2026-06-06 | 7.2 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Risk Yazılım Teknolojileri Ltd. Şti. Reel Sektör Hazine ve Risk Yönetimi Yazılımı allows SQL Injection, CAPEC - 7 - Blind SQL Injection. This issue affects Reel Sektör Hazine ve Risk Yönetimi Yazılımı: through 1.0.0.4. | ||||
| CVE-2024-6858 | 1 Arista | 1 Eos | 2026-06-05 | 6.5 Medium |
| In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN. | ||||
| CVE-2021-40327 | 1 Trustedfirmware | 1 Trusted Firmware-m | 2026-06-05 | 5.9 Medium |
| Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incorrect access control. NSPE can access a secure key (held by the Crypto service) based solely on knowledge of its key ID. For example, there is no authorization check associated with the relationship between a caller and a key owner. | ||||
| CVE-2022-46152 | 1 Trustedfirmware | 1 Op-tee | 2026-06-05 | 8.2 High |
| OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environment. Versions prior to 3.19.0, contain an Improper Validation of Array Index vulnerability. The function `cleanup_shm_refs()` is called by both `entry_invoke_command()` and `entry_open_session()`. The commands `OPTEE_MSG_CMD_OPEN_SESSION` and `OPTEE_MSG_CMD_INVOKE_COMMAND` can be executed from the normal world via an OP-TEE SMC. This function is not validating the `num_params` argument, which is only limited to `OPTEE_MSG_MAX_NUM_PARAMS` (127) in the function `get_cmd_buffer()`. Therefore, an attacker in the normal world can craft an SMC call that will cause out-of-bounds reading in `cleanup_shm_refs` and potentially freeing of fake-objects in the function `mobj_put()`. A normal-world attacker with permission to execute SMC instructions may exploit this flaw. Maintainers believe this problem permits local privilege escalation from the normal world to the secure world. Version 3.19.0 contains a fix for this issue. There are no known workarounds. | ||||
| CVE-2016-6129 | 2 Libtom, Trustedfirmware | 2 Libtomcrypt, Op-tee | 2026-06-05 | 7.5 High |
| The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack. | ||||
| CVE-2018-12437 | 2 Libtom, Trustedfirmware | 2 Libtomcrypt, Op-tee | 2026-06-05 | 4.9 Medium |
| LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | ||||
| CVE-2019-1010297 | 1 Trustedfirmware | 1 Op-tee | 2026-06-05 | N/A |
| Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The component is: optee_os. The fixed version is: 3.4.0 and later. | ||||
| CVE-2019-1010292 | 1 Trustedfirmware | 1 Op-tee | 2026-06-05 | N/A |
| Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0. | ||||
| CVE-2019-1010293 | 1 Trustedfirmware | 1 Op-tee | 2026-06-05 | N/A |
| Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The impact is: Memory corruption of the TEE itself. The component is: optee_os. The fixed version is: 3.4.0 and later. | ||||