Search
1,557 CVEs
CVEs (1,557, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 251–275 of 1,557 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↑ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-11126 | MEDIUM | Patched | 4.3 | 2026-06-04 | Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to leak cross-ori… |
| CVE-2026-11107 | MEDIUM | Patched | 4.3 | 2026-06-04 | Inappropriate implementation in Downloads in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium securi… |
| CVE-2026-11062 | MEDIUM | Patched | 4.3 | 2026-06-04 | Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to inject sc… |
| CVE-2026-11031 | MEDIUM | Patched | 4.3 | 2026-06-04 | Insufficient validation of untrusted input in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via malicious networ… |
| CVE-2026-42540 | MEDIUM | 4.3 | 2026-06-04 | IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in … | |
| CVE-2026-42543 | MEDIUM | 4.3 | 2026-06-04 | IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site r… | |
| CVE-2026-10864 | MEDIUM | Patched | 4.3 | 2026-06-04 | A vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the fields option and influence which fields were returned by the New Users and Ne… |
| CVE-2026-10810 | MEDIUM | 4.3 | 2026-06-04 | A weakness has been identified in itsourcecode Fees Management System up to 1.0. Affected is an unknown function of the file /navbar.php. This manipulation of the argument … | |
| CVE-2026-10854 | MEDIUM | Patched | 4.3 | 2026-06-04 | A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event templ… |
| CVE-2026-10855 | MEDIUM | Patched | 4.3 | 2026-06-04 | An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application checked whether a … |
| CVE-2026-10802 | MEDIUM | 4.3 | 2026-06-04 | A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.t… | |
| CVE-2025-52606 | MEDIUM | 4.3 | 2026-06-04 | HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is … | |
| CVE-2026-36618 | MEDIUM | 4.3 | 2026-06-03 | Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 responds to version.bind CHAOS TXT queries, disclosing the DNS resolver software version (unbound 1.22.0), aiding t… | |
| CVE-2026-36613 | MEDIUM | 4.3 | 2026-06-03 | Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 returns 128 bytes of uninitialized internal buffer contents when receiving HTTP POST requests to undefined paths, e… | |
| CVE-2026-36615 | MEDIUM | 4.3 | 2026-06-03 | Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 exposes an undocumented /agileconfigreset endpoint that returns internal buffer contents to unauthenticated attacke… | |
| CVE-2026-36602 | MEDIUM | 4.3 | 2026-06-03 | Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 discloses kernel memory layout via the UPnP GetStatusInfo action. An unauthenticated attacker on the adjacen… | |
| CVE-2024-47273 | MEDIUM | Patched | 4.3 | 2026-06-03 | An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup Task functionality in Synology Hyper Backup before 4.1.2-4036 allo… |
| CVE-2026-9732 | MEDIUM | 4.3 | 2026-06-03 | The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This … | |
| CVE-2026-10692 | MEDIUM | 4.3 | 2026-06-03 | A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function is_safe_regex_pattern of the component search_code_advanced. Executing … | |
| CVE-2026-10691 | MEDIUM | 4.3 | 2026-06-03 | A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component st… | |
| CVE-2026-10661 | MEDIUM | 4.3 | 2026-06-02 | A vulnerability has been found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. Impacted is the function Open of the file src/blender_mcp/server.py. … | |
| CVE-2026-10624 | MEDIUM | 4.3 | 2026-06-02 | A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the file /detailview.php of th… | |
| CVE-2026-10702 | MEDIUM | Patched | 4.3 | 2026-06-02 | JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3. |
| CVE-2026-10616 | MEDIUM | 4.3 | 2026-06-02 | A weakness has been identified in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function TeamTasksTool.executeComplete of the file internal/tools/team_t… | |
| CVE-2026-32250 | MEDIUM | 4.3 | 2026-06-02 | NamelessMC is website software for Minecraft servers. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in version 2.2.4 in the id parameter of the endpoi… |