Search
Search Results (342216 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-47030 | 1 Ncr | 1 Terminal Handler | 2025-06-27 | 9.8 Critical |
| An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a GET request to a UserService SOAP API endpoint to validate if a user exists. | ||||
| CVE-2023-47032 | 1 Ncr | 1 Terminal Handler | 2025-06-27 | 9.8 Critical |
| Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function. | ||||
| CVE-2025-52968 | 1 Freedesktop | 1 Xdg-utils | 2025-06-27 | 2.7 Low |
| xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. (For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange for an empty cookie store, although this would add substantial complexity, and would not be considered a desirable or expected behavior by all users.) NOTE: this is disputed because integrations of xdg-open typically do not provide information about whether the xdg-open command and arguments were manually entered by a user, or whether they were the result of a navigation from content in an untrusted origin. | ||||
| CVE-2023-47295 | 1 Ncr | 1 Terminal Handler | 2025-06-27 | 9.8 Critical |
| A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings. | ||||
| CVE-2025-50349 | 1 Phpgurukul | 1 Pre-school Enrollment System | 2025-06-27 | 7.5 High |
| PHPGurukul Pre-School Enrollment System Project V1.0 is vulnerable to Directory Traversal in update-teacher-pic.php. | ||||
| CVE-2025-2171 | 1 Aviatrix | 1 Controller | 2025-06-27 | N/A |
| Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 do not enforce rate limiting on password reset attempts, allowing adversaries to brute force guess the 6-digit password reset PIN | ||||
| CVE-2025-53166 | 2025-06-27 | N/A | ||
| Not used | ||||
| CVE-2025-53165 | 2025-06-27 | N/A | ||
| Not used | ||||
| CVE-2025-53164 | 2025-06-27 | N/A | ||
| Not used | ||||
| CVE-2025-53163 | 2025-06-27 | N/A | ||
| Not used | ||||
| CVE-2025-53162 | 2025-06-27 | N/A | ||
| Not used | ||||
| CVE-2025-53161 | 2025-06-27 | N/A | ||
| Not used | ||||
| CVE-2025-53160 | 2025-06-27 | N/A | ||
| Not used | ||||
| CVE-2025-53159 | 2025-06-27 | N/A | ||
| Not used | ||||
| CVE-2025-53158 | 2025-06-27 | N/A | ||
| Not used | ||||
| CVE-2025-53157 | 2025-06-27 | N/A | ||
| Not used | ||||
| CVE-2012-1977 | 1 Wellintech | 1 Kingview | 2025-06-26 | N/A |
| WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of passwords in user.db, which allows context-dependent attackers to obtain sensitive information by reading this file. | ||||
| CVE-2025-6284 | 1 Phpgurukul | 1 Car Rental Portal | 2025-06-26 | 4.3 Medium |
| A vulnerability was found in PHPGurukul Car Rental Portal 3.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6285 | 1 Phpgurukul | 1 Covid19 Testing Management System | 2025-06-26 | 4.3 Medium |
| A vulnerability was found in PHPGurukul COVID19 Testing Management System 2021. It has been rated as problematic. This issue affects some unknown processing of the file /search-report-result.php. The manipulation of the argument q leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6286 | 1 Phpgurukul | 1 Covid19 Testing Management System | 2025-06-26 | 3.5 Low |
| A vulnerability classified as problematic has been found in PHPGurukul COVID19 Testing Management System 2021. Affected is an unknown function of the file /search-report-result.php. The manipulation of the argument q leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||