Search
Search Results (342239 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-47297 | 1 Ncr | 1 Terminal Handler | 2025-06-27 | 9.8 Critical |
| A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations. | ||||
| CVE-2023-47031 | 1 Ncr | 1 Terminal Handler | 2025-06-27 | 9.8 Critical |
| An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization SOAP API component. | ||||
| CVE-2025-52967 | 1 Lfprojects | 1 Mlflow | 2025-06-27 | 5.8 Medium |
| gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation. | ||||
| CVE-2023-47030 | 1 Ncr | 1 Terminal Handler | 2025-06-27 | 9.8 Critical |
| An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a GET request to a UserService SOAP API endpoint to validate if a user exists. | ||||
| CVE-2023-47032 | 1 Ncr | 1 Terminal Handler | 2025-06-27 | 9.8 Critical |
| Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function. | ||||
| CVE-2025-52968 | 1 Freedesktop | 1 Xdg-utils | 2025-06-27 | 2.7 Low |
| xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. (For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange for an empty cookie store, although this would add substantial complexity, and would not be considered a desirable or expected behavior by all users.) NOTE: this is disputed because integrations of xdg-open typically do not provide information about whether the xdg-open command and arguments were manually entered by a user, or whether they were the result of a navigation from content in an untrusted origin. | ||||
| CVE-2023-47295 | 1 Ncr | 1 Terminal Handler | 2025-06-27 | 9.8 Critical |
| A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings. | ||||
| CVE-2025-50349 | 1 Phpgurukul | 1 Pre-school Enrollment System | 2025-06-27 | 7.5 High |
| PHPGurukul Pre-School Enrollment System Project V1.0 is vulnerable to Directory Traversal in update-teacher-pic.php. | ||||
| CVE-2025-2171 | 1 Aviatrix | 1 Controller | 2025-06-27 | N/A |
| Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 do not enforce rate limiting on password reset attempts, allowing adversaries to brute force guess the 6-digit password reset PIN | ||||
| CVE-2025-53166 | 2025-06-27 | N/A | ||
| Not used | ||||
| CVE-2025-53165 | 2025-06-27 | N/A | ||
| Not used | ||||
| CVE-2025-53164 | 2025-06-27 | N/A | ||
| Not used | ||||
| CVE-2025-53163 | 2025-06-27 | N/A | ||
| Not used | ||||
| CVE-2025-53162 | 2025-06-27 | N/A | ||
| Not used | ||||
| CVE-2025-53161 | 2025-06-27 | N/A | ||
| Not used | ||||
| CVE-2025-53160 | 2025-06-27 | N/A | ||
| Not used | ||||
| CVE-2025-53159 | 2025-06-27 | N/A | ||
| Not used | ||||
| CVE-2025-53158 | 2025-06-27 | N/A | ||
| Not used | ||||
| CVE-2025-53157 | 2025-06-27 | N/A | ||
| Not used | ||||
| CVE-2012-1977 | 1 Wellintech | 1 Kingview | 2025-06-26 | N/A |
| WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of passwords in user.db, which allows context-dependent attackers to obtain sensitive information by reading this file. | ||||