Search
59,312 CVEs
CVEs (59,312, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 251–275 of 59,312 (capped at 500)
| CVE ID | Severity ↑ | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-43965 | NONE | — | 2026-06-02 | Path traversal vulnerability in Gleam's dependency management allows arbitrary directory deletion via malicious build/packages/packages.toml content. Package keys read fro… | |
| CVE-2026-42795 | NONE | — | 2026-06-02 | Symlink following vulnerability in Gleam's Hex package export allows files outside the project root to be embedded in the generated package tarball. The file collection he… | |
| CVE-2026-32685 | NONE | — | 2026-06-02 | Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory… | |
| CVE-2026-10611 | NONE | — | 2026-06-02 | An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true… | |
| CVE-2026-34907 | NONE | — | 2026-06-02 | Wirtualna Uczelnia is vulnerable to Reflected Cross‑Site Scripting (XSS) due to insecure handling of the locale parameter across multiple endpoints. An attacker can craft a… | |
| CVE-2026-34906 | NONE | — | 2026-06-02 | Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution (RCE). In the endpoint redirectToUrl and par… | |
| CVE-2026-10549 | NONE | — | 2026-06-02 | LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting i… | |
| CVE-2026-49139 | NONE | — | 2026-06-01 | Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Fr… | |
| CVE-2021-46747 | NONE | — | 2026-06-01 | Insufficient granularity of access control in ASP (AMD Secure Processor) may allow an attacker with an untrusted user space application to map sensitive SMN (System Managem… | |
| CVE-2026-45727 | NONE | Patched | — | 2026-06-01 | CloakBrowser is a tool to bypass bot detection tests. Prior to version 0.3.28, the cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as… |
| CVE-2024-52011 | NONE | Patched | — | 2026-06-01 | launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the `file` argument in th… |
| CVE-2026-45701 | NONE | Patched | — | 2026-06-01 | Sulu is an open-source PHP content management system based on the Symfony framework. Prior to versions 2.6.23 and 3.0.6, the password reset tokenand API key generation uses… |
| CVE-2026-8931 | NONE | — | 2026-06-01 | A critical Remote Code Execution (RCE) vulnerability exists in Disig Web Signer versions 2.0.3 through 2.5.3. | |
| CVE-2026-42251 | NONE | — | 2026-06-01 | Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these crede… | |
| CVE-2026-0826 | NONE | — | 2026-06-01 | In certain scenarios when the admin has enabled Interactive Connectivity Establishment (ICE), a buffer overflow could enable remote code execution on Poly Vo… | |
| CVE-2026-10532 | NONE | — | 2026-06-01 | Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core (HardenedObjectInputStream (logback-core) modules) allows Object Injection, albeit heavi… | |
| CVE-2026-40543 | NONE | — | 2026-06-01 | SOPlanning does not enforce authorization for backup functionalities. An unauthenticated attacker can directly query backup-related endpoints and retrieve backup archives c… | |
| CVE-2026-40544 | NONE | — | 2026-06-01 | SOPlanning is vulnerable to Stored Cross-Site Scripting (XSS) via /process/upload_backup endpoint. An authenticated attacker with access to the backup functionality can upl… | |
| CVE-2026-40545 | NONE | — | 2026-06-01 | SOPlanning is vulnerable to Reflected XSS via the taches parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary J… | |
| CVE-2026-40546 | NONE | — | 2026-06-01 | SOPlanning is vulnerable to SQL Injection across multiple endpoints and parameters. Attacker with low privileges can inject arbitrary SQL commands, potentially gaining full… | |
| CVE-2026-40547 | NONE | — | 2026-06-01 | SOPlanning is vulnerable to Path Traversal in backup endpoints. Authenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow re… | |
| CVE-2026-40548 | NONE | — | 2026-06-01 | SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitima… | |
| CVE-2026-40549 | NONE | — | 2026-06-01 | SOPlanning is vulnerable to Cross‑Site Request Forgery (CSRF) in groupe_save create, modify and delete endpoints. An attacker can craft a malicious website that, when visit… | |
| CVE-2026-4387 | NONE | Patched | — | 2026-05-29 | StrongDM Desktop Application before 23.74.0 (Desktop Client before 53.77.0) on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key … |
| CVE-2026-47266 | NONE | Patched | — | 2026-05-29 | Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3.1.26, unauthenticated users could modify existing submissions by posting a known or guessed submissio… |