Export limit exceeded: 10378 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10378 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 352470 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (352470 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39969 | 1 Baptistearno | 1 Typebot.io | 2026-05-25 | 6.5 Medium |
| TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint (POST /v1/workspaces/{workspaceId}/whatsapp/{credentialsId}/webhook) does not verify the x-hub-signature-256 HMAC signature included by Meta in every webhook delivery. The webhook URL exposes both workspaceId and credentialsId as path parameters, which are logged in web server access logs, visible in Meta's webhook configuration dashboard, and potentially shared when configuring integrations. This allows any unauthenticated attacker to send spoofed webhook messages to trigger bot flows, consume API resources, and interact with external services using the workspace owner's credentials. The issue has been fixed in version 3.17.0. | ||||
| CVE-2026-39824 | 1 Golang | 1 Sys | 2026-05-25 | N/A |
| NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString (a 16-bit number of bytes), it returns a truncated string rather than an error. | ||||
| CVE-2026-3294 | 1 Tp-link | 5 Archer Re305 V1, Archer Re360 V1, Archer Re650 V1 and 2 more | 2026-05-25 | N/A |
| An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation. Successful exploitation allows an attacker to obtain full administrative control of the affected device, potentially impacting on confidentiality, integrity, and availability. | ||||
| CVE-2026-35430 | 1 Microsoft | 2 Azure Privileged Identity Management, Azure Privileged Management | 2026-05-25 | 8.8 High |
| Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2018-25340 | 1 Behance | 1 Smartshop | 2026-05-25 | 8.2 High |
| Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to category.php with UNION-based SQL injection payloads in the id parameter to extract sensitive database information including usernames and other data. | ||||
| CVE-2018-25341 | 1 Behance | 1 Smartshop | 2026-05-25 | 8.2 High |
| Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to product.php with union-based SQL injection payloads in the id parameter to extract sensitive database information including usernames and database names. | ||||
| CVE-2018-25342 | 1 Behance | 1 Smartshop | 2026-05-25 | 8.2 High |
| Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter in search.php. Attackers can send GET requests with malicious SQL payloads like SLEEP commands to extract sensitive database information including product details and system data. | ||||
| CVE-2018-25343 | 1 Behance | 1 Smartshop | 2026-05-25 | 4.3 Medium |
| Smartshop 1 contains a cross-site request forgery vulnerability that allows attackers to modify user profiles by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting editprofile.php with hidden fields for email and password parameters that execute automatically when visited by an authenticated admin user. | ||||
| CVE-2018-25345 | 1 10-strike | 1 Network Scanner | 2026-05-25 | 8.4 High |
| 10-Strike Network Scanner 3.0 contains a local buffer overflow vulnerability in the host name field that allows attackers to bypass SafeSEH protections and execute arbitrary code. Attackers can craft a malicious payload in the host name or address field and trigger the vulnerability through the Trace route or System information functions to achieve code execution. | ||||
| CVE-2018-25349 | 1 Userspice | 1 Userspice | 2026-05-25 | 6.1 Medium |
| userSpice 4.3.24 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the X-Forwarded-For HTTP header. Attackers can send crafted requests to the backup.php endpoint with XSS payloads in the X-Forwarded-For header that execute when administrators visit the audit log page. | ||||
| CVE-2018-25350 | 1 Userspice | 1 Userspice | 2026-05-25 | 9.8 Critical |
| userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. Attackers can submit usernames and analyze response text for the 'taken' string to identify existing accounts in the system. | ||||
| CVE-2018-25352 | 3 Accesspressthemes, Ultimate-form-builder-lite, Wordpress | 3 Ultimate-form-builder-lite, Ultimate Form Builder Lite, Wordpress | 2026-05-25 | 7.1 High |
| WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the entry_id POST parameter. Attackers can send POST requests to the admin-ajax.php endpoint with the ufbl_get_entry_detail_action action to extract, modify, or escalate privileges within the WordPress database. | ||||
| CVE-2018-25353 | 1 Redaxo | 2 Redaxo, Redaxo Cms Mediapool | 2026-05-25 | 8.8 High |
| Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accounts can upload executable files by using obfuscated extensions like php71 or php53 to evade the blacklist filter and execute arbitrary code. | ||||
| CVE-2018-25358 | 1 D-link | 1 Dir601na | 2026-05-25 | 7.5 High |
| D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the table_name parameter in POST requests. Attackers can send requests to /my_cgi.cgi with table_name values like admin_user, wireless_settings, and wireless_security to extract administrative credentials and wireless network keys in clear text. | ||||
| CVE-2026-3515 | 1 Prefecthq | 1 Prefect | 2026-05-25 | N/A |
| A vulnerability in the `GitHubRepository` block of the `prefect-github` integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the `reference` field. The `reference` field is concatenated directly into a `git clone` command string without proper sanitization, and then parsed by `shlex.split()`. This enables injection of options such as `-c`, leading to potential Server-Side Request Forgery (SSRF), credential theft, or remote code execution (RCE). The vulnerability affects both the `aget_directory()` and `get_directory()` methods in `src/integrations/prefect-github/prefect_github/repository.py`. This issue does not affect the GitLab and BitBucket integrations, which use a safer list-based command construction approach. | ||||
| CVE-2026-9489 | 1 Acer | 1 Nitrosense V3 | 2026-05-25 | N/A |
| NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with NT AUTHORITY\SYSTEM privileges and to delete arbitrary files with SYSTEM privileges. By leveraging this, an attacker can execute arbitrary code on the target system with elevated privileges. | ||||
| CVE-2026-6059 | 1 Necplatforms | 9 Aterm 19000t12be, Aterm Gx621a1, Aterm Sh621a1 and 6 more | 2026-05-25 | N/A |
| A cross-site scripting vulnerability exists in Aterm. Arbitrary scripts may be executed in the web browser of a user accessing the web management interface via adjacent network. | ||||
| CVE-2026-8652 | 1 Necplatforms | 2 Aterm Cm51fd, Aterm Mr51fn | 2026-05-25 | N/A |
| An OS Command Injection vulnerability exists in Aterm. If a malicious third person gains administrator access to the product’s web console, they may be able to execute arbitrary OS commands via adjacent network. | ||||
| CVE-2026-25193 | 1 Gallagher | 14 Active Directory Sync, Cardholder Sync Utility, Command Centre and 11 more | 2026-05-25 | 8.1 High |
| Insertion of Sensitive Information into Log File (CWE-532) in some Command Centre Service installers could lead to Service Account credentials exposure. Mitigating Factor: Only sites that install Command Centre Services with a custom Service Account (not the default Network Service account) are potentially impacted. Mitigation: For sites concerned about exposure, the recommended action is to change the Service Account password. They can also delete any installer log files, usually found in %programdata%\Gallagher\Command Centre. | ||||
| CVE-2026-45249 | 1 Apache | 1 Echarts | 2026-05-25 | N/A |
| A cross-site scripting (XSS) vulnerability exists in Apache ECharts in the Lines series tooltip rendering logic. This issue affects Apache ECharts: from before 6.1.0. In versions prior to 6.1.0, if both Lines series and tooltip are used, and no user-specified tooltip.formatter is provided, and series.data[i].name is specified, raw HTML string series.data[i].name can be rendered through innerHTML sink into tooltip content. Although tooltip is allowed to accept user-provided raw HTML via a custom tooltip.formatter, the built-in tooltip formatters conventionally perform HTML escaping automatically. This case breaks that convention and may unexpectedly lead to script execution when tooltips are displayed. Users are recommended to upgrade to version 6.1.0 if using the Lines series in this way, which fixes the issue. | ||||