Search
153,552 CVEs · Medium severity
CVEs (153,552, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 276–300 of 153,552 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-8735 | MEDIUM | 6.3 | 2026-05-17 | A vulnerability was identified in Oinone Pamirs up to 7.2.0. This affects the function JsonUtils.parseMap of the file PamirsParserConfig.java of the component appConfigQuer… | |
| CVE-2026-8733 | MEDIUM | 6.3 | 2026-05-17 | A vulnerability was found in Investintech SlimPDFReader up to 2.0.13. Affected by this vulnerability is the function sub_3B4610 of the file SlimPDFReader.exe. The manipulat… | |
| CVE-2026-8731 | MEDIUM | Patched | 4.3 | 2026-05-17 | A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function ogs_sbi_client_add in the library /lib/sbi/client.c of the component NRF. The manipulation o… |
| CVE-2026-8730 | MEDIUM | Patched | 4.3 | 2026-05-17 | A flaw has been found in Open5GS up to 2.7.6. This impacts the function ogs_sbi_nf_instance_set_id in the library /lib/sbi/context.c of the component NRF. Executing a manip… |
| CVE-2026-8729 | MEDIUM | Patched | 4.3 | 2026-05-17 | A vulnerability was detected in Open5GS up to 2.7.7. This affects an unknown function in the library /lib/sbi/message.c of the component NRF. Performing a manipulation of t… |
| CVE-2026-8728 | MEDIUM | Patched | 4.3 | 2026-05-17 | A security vulnerability has been detected in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_discovery_option_parse_plmn_list in the library /lib/sbi/con… |
| CVE-2026-8724 | MEDIUM | 4.7 | 2026-05-17 | A security flaw has been discovered in Dataease 2.10.20. Impacted is the function SqlparserUtils.transFilter of the file SqlparserUtils.java of the component Data Dashboard… | |
| CVE-2026-8723 | MEDIUM | Patched | 5.3 | 2026-05-17 | ### Summary `qs.stringify` throws `TypeError` when called with `arrayFormat: 'comma'` and `encodeValuesOnly: true` on an array containing `null` or `undefined`. The thro… |
| CVE-2026-8722 | MEDIUM | Patched | 6.5 | 2026-06-04 | Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from … |
| CVE-2026-8716 | MEDIUM | Patched | 4.3 | 2026-05-27 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions c… |
| CVE-2026-8708 | MEDIUM | 4.3 | 2026-05-27 | The Genzel breadcrumbs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce… | |
| CVE-2026-8707 | MEDIUM | 6.1 | 2026-05-27 | The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF in all versions up to, and including, 1.2.4 due to insufficient … | |
| CVE-2026-8706 | MEDIUM | Patched | 6.5 | 2026-05-19 | Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the respons… |
| CVE-2026-8704 | MEDIUM | 6.5 | 2026-05-15 | Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified. | |
| CVE-2026-8703 | MEDIUM | 6.4 | 2026-05-27 | The Endless Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.0.0 due to insufficien… | |
| CVE-2026-8702 | MEDIUM | 6.4 | 2026-05-27 | The GBI To Print plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0 via the 'div' attribute of the 'gbitoprint' shortcode. This is due to insu… | |
| CVE-2026-8701 | MEDIUM | 6.4 | 2026-05-27 | The GNTT Post Title Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0 via the `title-ticker-slide`, `title-ticker-fade`, and `title-ti… | |
| CVE-2026-8698 | MEDIUM | 6.4 | 2026-05-27 | The Cryptocurrency Prijsvergelijking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0. This is due to insufficient output escaping in… | |
| CVE-2026-8692 | MEDIUM | 4.3 | 2026-05-22 | The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and inc… | |
| CVE-2026-8689 | MEDIUM | 4.3 | 2026-05-28 | The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.11.14. This is d… | |
| CVE-2026-8685 | MEDIUM | 6.5 | 2026-05-20 | The Infility Global plugin for WordPress is vulnerable to SQL Injection via the 'orderby' and 'order' parameters in all versions up to, and including, 2.15.16. This is due … | |
| CVE-2026-8684 | MEDIUM | 5.3 | 2026-05-22 | The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.1. This is due to the plugin not properly v… | |
| CVE-2026-8682 | MEDIUM | 4.3 | 2026-05-28 | The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.1.… | |
| CVE-2026-8681 | MEDIUM | 5.3 | 2026-05-16 | The Essential Chat Support plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.1. This is due to the plugin not properly ve… | |
| CVE-2026-8673 | MEDIUM | Patched | 5.9 | 2026-05-22 | Unprotected transport of credentials vulnerability in syslink software AG Avantra on Linux, Windows allows Sniffing Attacks. This issue affects Avantra: before 25.3.0. |