Search
1,557 CVEs
CVEs (1,557, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 226–250 of 1,557 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-48104 | MEDIUM | Patched | 4.2 | 2026-06-05 | 7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain an uninitialized heap read in the SquashFS archive handler caused by a sparsely … |
| CVE-2026-48103 | MEDIUM | Patched | 4.3 | 2026-06-05 | 7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain an off-by-one heap out-of-bounds read in the WIM (Windows Imaging) archive handl… |
| CVE-2026-48102 | LOW | Patched | 3.1 | 2026-06-05 | 7-Zip is a file archiver with a high compression ratio. Versions 9.11 through 26.00 contain a heap out-of-bounds read of up to 3 bytes in the UDF disc image handler's File … |
| CVE-2026-48101 | MEDIUM | Patched | 6.5 | 2026-06-05 | 7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an An uninitialized memory disclosure vulnerability in the UEFI capsule (.scap) … |
| CVE-2026-48095 | HIGH | Patched | 8.8 | 2026-06-05 | 7-Zip is a file archiver with a high compression ratio. Versions 26.00 and prior contain a heap buffer overflow vulnerability caused by an under-allocation in the NTFS comp… |
| CVE-2026-48092 | MEDIUM | Patched | 4.3 | 2026-06-05 | 7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain a heap memory disclosure via SquashFS fragment offset integer overflow on 32-bit… |
| CVE-2026-48040 | CRITICAL | Patched | 9.1 | 2026-06-04 | The netty incubator codec.bhttp is a java language binary http parser. The library implements Oblivious HTTP (RFC 9458) using BoringSSL's HPKE C library via JNI. When deriv… |
| CVE-2026-47707 | MEDIUM | Patched | 5.3 | 2026-06-04 | Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.172.0 through0.315.6, the MaxAliasesLimiter extension in Strawberry fails to account for the multip… |
| CVE-2026-47706 | MEDIUM | Patched | 5.3 | 2026-06-04 | Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due… |
| CVE-2026-47655 | MEDIUM | 6.5 | 2026-06-04 | Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network. | |
| CVE-2026-47644 | MEDIUM | 6.5 | 2026-06-04 | Improper neutralization of special elements in output used by a downstream component ('injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to discl… | |
| CVE-2026-47430 | NONE | Patched | — | 2026-06-08 | ## Summary The iOS implementation of `cordova-plugin-inappbrowser` passes the `id` field from a `WKScriptMessage` body to `commandDelegate sendPluginResult:callbackId:` wi… |
| CVE-2026-47345 | NONE | — | 2026-06-08 | Namespace attributes are not encoded correctly during HTML serialization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before… | |
| CVE-2026-47344 | NONE | — | 2026-06-08 | When ALLOW_INSECURE_RAW_TEXT is enabled, whitespace-variant closing tags (e.g., </style\t>) are not recognized by the sanitizer but accepted by browsers as valid end tags, … | |
| CVE-2026-47325 | NONE | — | 2026-06-03 | ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth (e.g., 120720… | |
| CVE-2026-47324 | NONE | — | 2026-06-03 | ProjectsAndPrograms school-management-system is vulnerable to Stored Cross‑Site Scripting (XSS) in multiple attributes of students and teachers objects. An authorized attac… | |
| CVE-2026-47320 | MEDIUM | 6.1 | 2026-06-04 | Access of uninitialized pointer, Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Pointer Manipulation, Oversized Serialized Data Payloads. This … | |
| CVE-2026-47319 | MEDIUM | Patched | 6.1 | 2026-06-04 | Memory allocation with excessive size value vulnerability in Samsung Open Source rlottie allows Excessive Allocation. This issue affects rlottie: before 0b4e308fa88c72cbb6… |
| CVE-2026-47318 | MEDIUM | 6.1 | 2026-06-04 | Stack-based buffer overflow vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before ce72b35a7ad0dded03051d3aa0ef75321c3bd035. | |
| CVE-2026-47306 | MEDIUM | 6.1 | 2026-06-04 | Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Oversized Serialized Data Payloads. This issue affects rlottie: before e2d19e3b150e0e4a9586fa90b… | |
| CVE-2026-47265 | HIGH | Patched | 7.5 | 2026-06-02 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the `cookies` parameter on requests are sent after… |
| CVE-2026-47201 | HIGH | Patched | 8.5 | 2026-06-02 | authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrap… |
| CVE-2026-47117 | CRITICAL | Patched | 9.8 | 2026-06-02 | OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matchin… |
| CVE-2026-47065 | CRITICAL | 9.8 | 2026-06-03 | ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains … | |
| CVE-2026-46741 | HIGH | Patched | 7.5 | 2026-06-04 | Etsy::StatsD versions through 1.002002 for Perl allow metric injections. The metric names and values are not checked for newlines, colons or pipes. Metrics generated from … |