Search

Expected end of text, found '.' (at char 9), (line:1, col:10)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (355628 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-2154 2026-06-06 5.4 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Stored XSS. This issue affects Specto CM: before 17032025.
CVE-2025-2155 2026-06-06 8.8 High
Unrestricted Upload of File with Dangerous Type vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Remote Code Inclusion. This issue affects Specto CM: before 17032025.
CVE-2025-2204 1 Tapandsign 1 Tap&sign 2026-06-06 4.7 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tapandsign Technologies Software Inc. Tap&Sign allows Cross-Site Scripting (XSS). This issue affects Tap&Sign: through 23012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-2301 2026-06-06 4.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Akbim Software Online Exam Registration allows Exploitation of Trusted Identifiers. This issue affects Online Exam Registration: before 14.03.2025.
CVE-2025-2307 2026-06-06 7.6 High
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Verisay Communication and Information Technology Industry and Trade Ltd. Co. Aidango allows Cross-Site Scripting (XSS). This issue affects Aidango: before 2.144.4.
CVE-2025-2311 2026-06-06 9 Critical
Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard allows Authentication Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information via API Event Monitoring. This issue affects SecHard: before 3.3.0.20220411.
CVE-2025-2404 1 Ubit 1 Stoys 2026-06-06 4.3 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ubit Information Technologies STOYS allows Cross-Site Scripting (XSS). This issue affects STOYS: from 2 before 20250916.
CVE-2025-2405 2026-06-06 7.6 High
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Verisay Communication and Information Technology Industry and Trade Ltd. Co. Titarus allows Cross-Site Scripting (XSS). This issue affects Titarus: before 2.144.4.
CVE-2025-2406 2026-06-06 7.6 High
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Verisay Communication and Information Technology Industry and Trade Ltd. Co. Trizbi allows Cross-Site Scripting (XSS). This issue affects Trizbi: before 2.144.4.
CVE-2025-2411 1 Akinsoft 1 Taskpano 2026-06-06 8.6 High
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft TaskPano allows Authentication Bypass. This issue affects TaskPano: from s1.06.04 before v1.06.06.
CVE-2025-2412 1 Akinsoft 1 Qr Menu 2026-06-06 8.6 High
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft QR Menu allows Authentication Bypass. This issue affects QR Menu: from s1.05.07 before v1.05.12.
CVE-2025-2413 1 Akinsoft 1 Prokuafor 2026-06-06 8.6 High
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft ProKuafor allows Authentication Bypass. This issue affects ProKuafor: from s1.02.08 before v1.02.08.
CVE-2025-2414 1 Akinsoft 1 Octocloud 2026-06-06 8.6 High
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft OctoCloud allows Authentication Bypass. This issue affects OctoCloud: from s1.09.03 before v1.11.01.
CVE-2026-21017 2 Samsung, Samsung Mobile 2 Android, Samsung Mobile Devices 2026-06-06 5.5 Medium
Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files.
CVE-2026-21029 1 Samsung 2 Android, Mobile Devices 2026-06-06 7.8 High
Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations.
CVE-2025-2415 1 Akinsoft 1 Myrezzta 2026-06-06 8.6 High
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass. This issue affects MyRezzta: from s2.03.01 before v2.05.01.
CVE-2025-2416 1 Akinsoft 1 Limondesk 2026-06-06 8.6 High
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft LimonDesk allows Authentication Bypass. This issue affects LimonDesk: from s1.02.14 before v1.02.17.
CVE-2025-2417 1 Akinsoft 1 E-mutabakat 2026-06-06 8.6 High
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft e-Mutabakat allows Authentication Bypass. This issue affects e-Mutabakat: from 2.02.06 before v2.02.06.
CVE-2025-2421 1 Felisify 1 Sambabox 2026-06-06 9.8 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Informatics SambaBox allows Code Injection. This issue affects SambaBox: before 5.1.
CVE-2025-2488 1 Felisify 1 Sambabox 2026-06-06 6.1 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Profelis Informatics SambaBox allows Cross-Site Scripting (XSS). This issue affects SambaBox: before 5.1.