Search
59,312 CVEs
CVEs (59,312, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 226–250 of 59,312 (capped at 500)
| CVE ID | Severity ↑ | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-50052 | NONE | Patched | — | 2026-06-03 | In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack (request smugg… |
| CVE-2026-40108 | NONE | Patched | — | 2026-06-02 | GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, a technician can store an XSS payload in a ITIL costs. This issue has been fixed… |
| CVE-2026-10718 | NONE | — | 2026-06-02 | Out of bounds write in openSeaChest’s Trim/Unmap operation in Seagate’s openSeaChest v26.03.0 on all supported platforms allows for writing extra memory describing a range … | |
| CVE-2026-10719 | NONE | — | 2026-06-02 | Out of bounds write in openSeaChest’s --showSupportedFormats in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing 1 extra byte outside of alloca… | |
| CVE-2026-10717 | NONE | — | 2026-06-02 | Out of bounds write and reads in openSeaChest’s --showSCSIDefects in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing defect information out of… | |
| CVE-2026-8936 | NONE | Patched | — | 2026-06-02 | Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered … |
| CVE-2026-42029 | NONE | — | 2026-06-02 | Rejected reason: This CVE is a duplicate of another CVE. | |
| CVE-2026-5385 | NONE | Patched | — | 2026-06-02 | An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: before 11.0.7. |
| CVE-2026-48594 | NONE | Patched | — | 2026-06-02 | Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodi… |
| CVE-2026-48595 | NONE | Patched | — | 2026-06-02 | Improper Handling of Case Sensitivity vulnerability in elixir-tesla tesla allows credential leakage to a third-party origin on cross-origin redirects. Tesla.Middleware.Fol… |
| CVE-2026-48596 | NONE | Patched | — | 2026-06-02 | Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in elixir-tesla tesla allows HTTP header injection via Tesla.Mul… |
| CVE-2026-48597 | NONE | Patched | — | 2026-06-02 | Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Ad… |
| CVE-2026-48598 | NONE | Patched | — | 2026-06-02 | Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. Tesl… |
| CVE-2026-35202 | NONE | — | 2026-06-02 | Pterodactyl is a free, open-source game server management panel. Prior to version 1.12.3, the Pterodactyl Client API has a logic flaw that lets users bypass their assigned … | |
| CVE-2026-40571 | NONE | — | 2026-06-02 | NamelessMC is website software for Minecraft servers. In version 2.2.4, `core/classes/Misc/ProfilePostReactionContext.php` only verifies that the wall post exists and does … | |
| CVE-2026-35443 | NONE | — | 2026-06-02 | NamelessMC is website software for Minecraft servers. In version 2.2.4, `modules/Forum/classes/ForumPostReactionContext.php` only verifies that the caller can view the foru… | |
| CVE-2026-35447 | NONE | Patched | — | 2026-06-02 | NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page (modules/Core/pages/profile.php) processes wall post submissions and replies before… |
| CVE-2026-40314 | NONE | — | 2026-06-02 | NamelessMC is website software for Minecraft servers. In version 2.2.4,`core/classes/Misc/ProfilePostReactionContext.php` only verifies that the wall post exists and does n… | |
| CVE-2026-48861 | NONE | Patched | — | 2026-06-02 | Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/… |
| CVE-2026-48862 | NONE | Patched | — | 2026-06-02 | Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client via PUSH… |
| CVE-2026-49753 | NONE | Patched | — | 2026-06-02 | Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronis… |
| CVE-2026-49754 | NONE | Patched | — | 2026-06-02 | Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client (HTTP/2 … |
| CVE-2026-45080 | NONE | Patched | — | 2026-06-02 | Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, improper access control allows disclosure of password hash. This issue… |
| CVE-2026-33398 | NONE | — | 2026-06-02 | NamelessMC is website software for Minecraft servers. In version 2.2.4, `modules/Forum/pages/forum/get_quotes.php` only checks whether the caller is logged in, then reads a… | |
| CVE-2026-9844 | NONE | Patched | — | 2026-06-02 | Use of default credentials vulnerability in Roche Diagnostics navify Digital Pathology (RabbitMQ Management interface modules) allows Default Usernames and Passwords. This … |