Common Vulnerabilities and Exposures (CVE)
CVE-2025-8308
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Key Software Solutions Inc. INFOREX- General Information Management System allows XSS Through HTTP Headers. This issue affects INF...
CVE-2025-8350
Execution After Redirect (EAR), Missing Authentication for Critical Function vulnerability in Inrove Software and Internet Services BiEticaret CMS allows Authentication Bypass, HTTP Response Splitting. This issue affects BiEticaret CMS: fr...
CVE-2025-8411
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dokuzsoft Technology E-Commerce Web Design Product allows XSS Through HTTP Headers. This issue affects E-Commerce Web Design Produ...
CVE-2026-11251
Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass discretionary access control via a crafted HTML page. (Chromium securit...
CVE-2025-8456
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kod8 Software Technologies Trade Ltd. Co. Kod8 Individual and SME Website allows Reflected XSS. This issue affects Kod8 Individual...
CVE-2025-8461
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Seres Software syWEB allows Reflected XSS. This issue affects syWEB: through 03022026. NOTE: The vendor was contacted early abou...
CVE-2025-8463
Authorization Bypass Through User-Controlled Key vulnerability in SecHard Information Technologies SecHard allows Forceful Browsing. This issue affects SecHard: before 3.6.2-20250805.
CVE-2025-8532
Authorization Bypass Through User-Controlled Key, Improper Authorization vulnerability in Bimser Solution Software Trade Inc. EBA Document and Workflow Management System allows Forceful Browsing. This issue affects eBA Document and Workflo...
CVE-2026-11346
A Server-Side Request Forgery (SSRF) vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, a...
CVE-2025-8587
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows SQL Injection. This issue affects SKSPro: through 07012026.
CVE-2026-11345
An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query...
CVE-2025-8589
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows Reflected XSS. This issue affects SKSPro: through 07012026.
CVE-2025-8590
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows Directory Indexing. This issue affects SKSPro: through 07012026.
CVE-2025-8664
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saysis Computer Systems Trade Ltd. Co. StarCities E-Municipality Management allows Cross-Site Scripting (XSS). This issue affects ...
CVE-2022-4992
Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors versions VG4.1.1, VG4.0.3, and lower (with VG4.2 partially affected) contain a network message handling vulnerability that allows remote attackers to inject spo...