CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 4 days ago•4 views

CVE-2025-15024

Improper Control of Generation of Code 'Code Injection' vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Remote Code Inclusion. This issue affects Library Automation System: from v.19.5 before v.22....

8.8CVSS5.6AI score0.00045EPSS

NVD•added 2026/05/14 6:16 p.m.•5 views

CVE-2025-15023

8.8CVSS0.00041EPSS

EUVD•added 2026/05/14 5:48 p.m.•5 views

EUVD-2025-209859

8.8CVSS5.8AI score0.00045EPSS

ATTACKERKB•added 2026/05/14 5:48 p.m.•2 views

CVE-2025-15024

8.8CVSS5.8AI score0.00045EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/05/14 5:48 p.m.•28 views

CVE-2025-15024 RCE in Yordam Informatics' Library Automation System

8.8CVSS0.00045EPSS

CVE•added 2026/05/14 5:36 p.m.•9 views

CVE-2025-15023

CVE-2025-15023 describes an Incorrect Authorization vulnerability in Library Automation System from Yordam Informatics, affecting versions from 19.5 up to (but not including) 22.1. The issue stems from incorrectly configured access control security levels, enabling unauthorized access due to insu...

ATTACKERKB•added 2026/05/14 5:36 p.m.•3 views

CVE-2025-15023

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/14 5:36 p.m.•6 views

CVE-2025-15023 Improper Access Control in Yordam Informatics' Library Automation System

Cvelist•added 2026/05/14 12:59 p.m.•33 views

CVE-2025-15025 IDOR in Yordam Informatics' Library Automation System

Authorization bypass through User-Controlled key vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploitation of Trusted Identifiers. This issue affects Library Automation System: from v.21.6 befor...

8.8CVSS0.00015EPSS

CVE•added 2026/05/14 12:59 p.m.•10 views

CVE-2025-15025

CVE-2025-15025 : In the Library Automation System, versions prior to 22.1 (from 21.6) are affected by an authorization bypass via a User-Controlled key, leading to exploitation of trusted identifiers. The issue is described as an IDOR-style authorization bypass with high impact (confidentiality, ...

8.8CVSS5.8AI score0.00015EPSS

Vulnrichment•added 2026/05/14 12:59 p.m.•3 views

CVE-2025-15025 IDOR in Yordam Informatics' Library Automation System

8.8CVSS5.8AI score0.00015EPSS

Positive Technologies•added 2026/05/14 12:0 a.m.•8 views

PT-2026-41010

8.8CVSS5.8AI score0.00045EPSS

Positive Technologies•added 2026/05/14 12:0 a.m.•6 views

PT-2026-41009

Positive Technologies•added 2026/05/14 12:0 a.m.•8 views

PT-2026-40915

8.8CVSS5.8AI score0.00015EPSS

Cvelist•added 2026/03/10 11:7 a.m.•25 views

CVE-2026-3843 SQL Injection in Nefteprodukttekhnika BUK TS-G Allows Remote Code Execution

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection vulnerability CWE-89 in the system configuration module. A remote attacker can send specially crafted HTTP POST requests to the /php/request.php endpoint via the sql parameter in...

9.8CVSS0.00187EPSS

ATTACKERKB•added 2026/03/10 11:7 a.m.•1 views

CVE-2026-3843

9.8CVSS6.4AI score0.00187EPSS

Exploits0References3Affected Software1

CNNVD•added 2026/03/09 12:0 a.m.•2 views

OA-System 安全漏洞

OA-System is an office automation system developed by Miazzy himself. There is a security vulnerability in OA-System, which stems from functions that come from sources outside the scope of trusted control...

9.8CVSS5.8AI score0.00062EPSS

Exploits0References3

RedhatCVE•added 2026/01/07 9:17 a.m.•22 views

CVE-2025-1301

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Yordam Informatics Library Automation System allows Reflected XSS. This issue affects Library Automation System: before 21.6...

6.1CVSS5.4AI score0.00167EPSS