Export limit exceeded: 352268 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (352268 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-8426 | 1 Concretecms | 1 Concrete Cms | 2026-05-22 | N/A |
| Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/prepare_remote_upgrade/<remoteMPID>. An attacker who controls the remote package returned for a known marketplace item ID can overwrite the package PHP on disk and force its upgrade() method to execute in a single browser navigation. This results in remote code execution as the web server user. In order to be vulnerable, the victim must be passing canInstallPackages, victim site must be connected to the Concrete marketplace; and the attacker controls the package returned for a marketplace item ID already installed on the victim site. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 7.5 with vector CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N. Thanks https://github.com/maru1009 for reporting. | ||||
| CVE-2023-1833 | 1 Redline | 1 Router Firmware | 2026-05-22 | 9.8 Critical |
| Authentication Bypass by Primary Weakness vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass. This issue affects Redline Router: before 7.17. | ||||
| CVE-2023-1863 | 1 Eskom | 1 El Terminali \(su Okuma\) Uygulamalarimiz | 2026-05-22 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eskom Water Metering Software allows Command Line Execution through SQL Injection. This issue affects Water Metering Software: before 23.04.06. | ||||
| CVE-2023-1873 | 1 Faturamatik | 1 Bircard | 2026-05-22 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Faturamatik Bircard allows SQL Injection. This issue affects Bircard: before 23.04.05. | ||||
| CVE-2023-2045 | 1 Ipekyolunet | 1 Software Auto Damage Tracking Software | 2026-05-22 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ipekyolu Software Auto Damage Tracking Software allows SQL Injection. This issue affects Auto Damage Tracking Software: before 4. | ||||
| CVE-2023-2046 | 1 Yontemizleme | 1 Vehicle Tracking System | 2026-05-22 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yontem Informatics Vehicle Tracking System allows SQL Injection. This issue affects Vehicle Tracking System: before 8. | ||||
| CVE-2023-2064 | 1 Minovateknoloji | 1 Etrace | 2026-05-22 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Minova Technology eTrace allows SQL Injection. This issue affects eTrace: before 23.05.20. | ||||
| CVE-2023-2065 | 1 Armoli | 1 Cargo Tracking System | 2026-05-22 | 8.8 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Armoli Technology Cargo Tracking System allows Authentication Abuse, Authentication Bypass. This issue affects Cargo Tracking System: before 3558f28 . | ||||
| CVE-2023-2702 | 1 Finexmedia | 1 Competition Management System | 2026-05-22 | 8.8 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Finex Media Competition Management System allows Authentication Abuse, Authentication Bypass. This issue affects Competition Management System: before 23.07. | ||||
| CVE-2023-2703 | 1 Finexmedia | 1 Competition Management System | 2026-05-22 | 7.5 High |
| Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users. This issue affects Competition Management System: before 23.07. | ||||
| CVE-2023-2712 | 1 Rental Module Project | 1 Rental Module | 2026-05-22 | 9.8 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a Web Shell to a Web Server. This issue affects Rental Module: before 23.05.15. | ||||
| CVE-2023-2713 | 1 Rental Module Project | 1 Rental Module | 2026-05-22 | 9.8 Critical |
| Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Authentication Abuse, Authentication Bypass. This issue affects Rental Module: before 23.05.15. | ||||
| CVE-2023-2750 | 1 Cityboss | 1 E-municipality | 2026-05-22 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cityboss E-municipality allows SQL Injection. This issue affects E-municipality: before 6.05. | ||||
| CVE-2023-2851 | 1 Agtteknik | 1 Ceppatron | 2026-05-22 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AGT Tech Ceppatron allows Command Line Execution through SQL Injection, SQL Injection. This issue affects all versions of the sofware also EOS when CVE-ID assigned. | ||||
| CVE-2023-2852 | 1 Softmedyazilim | 1 Selfpatron | 2026-05-22 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Softmed SelfPatron allows SQL Injection. This issue affects SelfPatron : before 2.0. | ||||
| CVE-2023-2853 | 1 Softmedyazilim | 1 Selfpatron | 2026-05-22 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Softmed SelfPatron allows Reflected XSS. This issue affects SelfPatron : before 2.0. | ||||
| CVE-2023-2882 | 1 Cbot | 2 Cbot Core, Cbot Panel | 2026-05-22 | 9.8 Critical |
| Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot allows Token Impersonation, Privilege Abuse. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. | ||||
| CVE-2023-2883 | 1 Cbot | 2 Cbot Core, Cbot Panel | 2026-05-22 | 8.8 High |
| Authorization Bypass Through User-Controlled Key vulnerability in CBOT Chatbot allows Authentication Abuse, Authentication Bypass. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. | ||||
| CVE-2023-2884 | 1 Cbot | 2 Cbot Core, Cbot Panel | 2026-05-22 | 9.8 Critical |
| Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. | ||||
| CVE-2023-2885 | 1 Cbot | 2 Cbot Core, Cbot Panel | 2026-05-22 | 8.1 High |
| Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in CBOT Chatbot allows Adversary in the Middle (AiTM). This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. | ||||