Search
6,905 CVEs
CVEs (6,905, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 226–250 of 6,905 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2026-34093 | MEDIUM | Patched | 5.3 | 2026-05-11 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/S… |
| CVE-2026-34094 | LOW | Patched | 3.8 | 2026-05-11 | Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from * be… |
| CVE-2026-34095 | MEDIUM | Patched | 6.1 | 2026-05-11 | Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Actions/ActionEntryPoint.Php, includes/Request/FauxResponse.… |
| CVE-2026-36962 | HIGH | 7.3 | 2026-05-11 | SQL Injection in MuuCMF T6 v1.9.4.20260115 allows an unauthenticated attacker to compromise the entire database, achieve unauthorized administrative access, and potentially… | |
| CVE-2026-36983 | HIGH | 7.3 | 2026-05-11 | D-Link DCS-932L v2.18.01 is vulnerable to Command Injection in the function sub_42EF14 of the file /bin/alphapd. The manipulation of the argument LightSensorControl leads t… | |
| CVE-2026-38566 | HIGH | 8.1 | 2026-05-11 | HireFlow v1.2 does not implement CSRF token validation on any state-changing POST endpoint. All forms (password change at /profile, candidate deletion at /candidates/delete… | |
| CVE-2026-38567 | CRITICAL | 9.8 | 2026-05-11 | HireFlow v1.2 is vulnerable to SQL injection in the /login and /search endpoints. User-supplied input is concatenated directly into SQL queries without parameterization. An… | |
| CVE-2026-38568 | HIGH | 8.1 | 2026-05-11 | HireFlow v1.2 is vulnerable to Incorrect Access Control. The application does not enforce object-level authorization on the /candidate/<id> and /interview/<id> endpoints. T… | |
| CVE-2026-38569 | MEDIUM | 5.4 | 2026-05-11 | HireFlow v1.2 is vulnerable to Cross Site Scripting (XSS) in candidate_detail.html via the Resume or Feedback Comment fields via POST /candidates/add or POST /feedback/add. | |
| CVE-2026-3048 | NONE | — | 2026-05-11 | An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintend… | |
| CVE-2026-3609 | HIGH | 7.8 | 2026-05-11 | Wellbia's XIGNCODE3 xhunter1.sys kernel driver Privilege Escalation Vulnerability provides access to IRP_MJ_REITS command interface, which allows any user process to reques… | |
| CVE-2026-40612 | MEDIUM | Patched | 5.5 | 2026-05-11 | jq is a command-line JSON processor. In 1.8.1 and earlier, jv_contains recurses into nested arrays/objects with no depth limit. With a sufficiently nested input structure (… |
| CVE-2026-41250 | MEDIUM | Patched | 5.7 | 2026-05-11 | Taiga is a project management platform for startups and agile developers. Prior 6.9.1, Taiga front is vulnerable to stored XSS. This vulnerability is fixed in 6.9.1. |
| CVE-2026-41256 | MEDIUM | Patched | 5.5 | 2026-05-11 | jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream… |
| CVE-2026-41257 | MEDIUM | Patched | 5.5 | 2026-05-11 | jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyond ≈1 GiB (v… |
| CVE-2026-41431 | HIGH | Patched | 8.0 | 2026-05-11 | Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource (MAR) updater (org.mozilla.updater) that has had all MAR signature verifi… |
| CVE-2026-42312 | MEDIUM | Patched | 6.8 | 2026-05-11 | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method (@permission(Perms.SETTINGS)) in src/pyload/… |
| CVE-2026-42313 | HIGH | Patched | 8.3 | 2026-05-11 | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method (@permission(Perms.SETTINGS)) in src/pyload/… |
| CVE-2026-42314 | MEDIUM | Patched | 6.5 | 2026-05-11 | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, package folder names are sanitized using insufficient string replacement. The … |
| CVE-2026-42315 | HIGH | Patched | 8.1 | 2026-05-11 | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the set_package_data() API function call inside … |
| CVE-2026-42316 | MEDIUM | Patched | 6.5 | 2026-05-11 | kafka-sink-azure-kusto Kafka Connect plugin is the official Microsoft sink for Azure Data Explorer (Kusto). Prior to 5.2.3, kafka-sink-azure-kusto did not sanitize user-con… |
| CVE-2026-42856 | NONE | Patched | — | 2026-05-11 | Network-AI is a TypeScript/Node.js multi-agent orchestrator. Prior to 5.1.3, the MCP HTTP transport accepts JSON-RPC tools/call requests with no authentication, session, or… |
| CVE-2026-42857 | MEDIUM | Patched | 4.6 | 2026-05-11 | Open edX Platform enables the authoring and delivery of online learning at any scale. The HTML sanitizer clean_thread_html_body() used for discussion notification emails fa… |
| CVE-2026-42858 | HIGH | Patched | 8.5 | 2026-05-11 | Open edX Platform enables the authoring and delivery of online learning at any scale. The sync_provider_data endpoint in SAMLProviderDataViewSet allows authenticated Enterp… |
| CVE-2026-42859 | NONE | Patched | — | 2026-05-11 | Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remo… |