Search
19,079 CVEs
CVEs (19,079, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 251–275 of 19,079 (capped at 500)
| CVE ID | Severity ↑ | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-34907 | NONE | — | 2026-06-02 | Wirtualna Uczelnia is vulnerable to Reflected Cross‑Site Scripting (XSS) due to insecure handling of the locale parameter across multiple endpoints. An attacker can craft a… | |
| CVE-2026-34906 | NONE | — | 2026-06-02 | Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution (RCE). In the endpoint redirectToUrl and par… | |
| CVE-2026-10549 | NONE | — | 2026-06-02 | LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting i… | |
| CVE-2026-49139 | NONE | — | 2026-06-01 | Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Fr… | |
| CVE-2021-46747 | NONE | — | 2026-06-01 | Insufficient granularity of access control in ASP (AMD Secure Processor) may allow an attacker with an untrusted user space application to map sensitive SMN (System Managem… | |
| CVE-2026-45727 | NONE | Patched | — | 2026-06-01 | CloakBrowser is a tool to bypass bot detection tests. Prior to version 0.3.28, the cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as… |
| CVE-2024-52011 | NONE | Patched | — | 2026-06-01 | launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the `file` argument in th… |
| CVE-2026-45701 | NONE | Patched | — | 2026-06-01 | Sulu is an open-source PHP content management system based on the Symfony framework. Prior to versions 2.6.23 and 3.0.6, the password reset tokenand API key generation uses… |
| CVE-2026-8931 | NONE | — | 2026-06-01 | A critical Remote Code Execution (RCE) vulnerability exists in Disig Web Signer versions 2.0.3 through 2.5.3. | |
| CVE-2026-42251 | NONE | — | 2026-06-01 | Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these crede… | |
| CVE-2026-0826 | NONE | — | 2026-06-01 | In certain scenarios when the admin has enabled Interactive Connectivity Establishment (ICE), a buffer overflow could enable remote code execution on Poly Vo… | |
| CVE-2026-10532 | NONE | — | 2026-06-01 | Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core (HardenedObjectInputStream (logback-core) modules) allows Object Injection, albeit heavi… | |
| CVE-2026-40543 | NONE | — | 2026-06-01 | SOPlanning does not enforce authorization for backup functionalities. An unauthenticated attacker can directly query backup-related endpoints and retrieve backup archives c… | |
| CVE-2026-40544 | NONE | — | 2026-06-01 | SOPlanning is vulnerable to Stored Cross-Site Scripting (XSS) via /process/upload_backup endpoint. An authenticated attacker with access to the backup functionality can upl… | |
| CVE-2026-40545 | NONE | — | 2026-06-01 | SOPlanning is vulnerable to Reflected XSS via the taches parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary J… | |
| CVE-2026-40546 | NONE | — | 2026-06-01 | SOPlanning is vulnerable to SQL Injection across multiple endpoints and parameters. Attacker with low privileges can inject arbitrary SQL commands, potentially gaining full… | |
| CVE-2026-40547 | NONE | — | 2026-06-01 | SOPlanning is vulnerable to Path Traversal in backup endpoints. Authenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow re… | |
| CVE-2026-40548 | NONE | — | 2026-06-01 | SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitima… | |
| CVE-2026-40549 | NONE | — | 2026-06-01 | SOPlanning is vulnerable to Cross‑Site Request Forgery (CSRF) in groupe_save create, modify and delete endpoints. An attacker can craft a malicious website that, when visit… | |
| CVE-2026-4387 | NONE | Patched | — | 2026-05-29 | StrongDM Desktop Application before 23.74.0 (Desktop Client before 53.77.0) on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key … |
| CVE-2026-47266 | NONE | Patched | — | 2026-05-29 | Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3.1.26, unauthenticated users could modify existing submissions by posting a known or guessed submissio… |
| CVE-2026-46384 | NONE | Patched | — | 2026-05-29 | iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to… |
| CVE-2026-46385 | NONE | Patched | — | 2026-05-29 | iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlyi… |
| CVE-2026-45151 | NONE | — | 2026-05-29 | NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In 0.24.8 and earlier, quic_stream_recv can dereference a null substream pointer when a substream is i… | |
| CVE-2026-44652 | NONE | Patched | — | 2026-05-29 | SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voi… |