Search
1,613 CVEs
CVEs (1,613, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 276–300 of 1,613 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↑ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-36613 | MEDIUM | 4.3 | 2026-06-03 | Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 returns 128 bytes of uninitialized internal buffer contents when receiving HTTP POST requests to undefined paths, e… | |
| CVE-2026-36615 | MEDIUM | 4.3 | 2026-06-03 | Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 exposes an undocumented /agileconfigreset endpoint that returns internal buffer contents to unauthenticated attacke… | |
| CVE-2026-36602 | MEDIUM | 4.3 | 2026-06-03 | Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 discloses kernel memory layout via the UPnP GetStatusInfo action. An unauthenticated attacker on the adjacen… | |
| CVE-2024-47273 | MEDIUM | Patched | 4.3 | 2026-06-03 | An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup Task functionality in Synology Hyper Backup before 4.1.2-4036 allo… |
| CVE-2026-9732 | MEDIUM | 4.3 | 2026-06-03 | The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This … | |
| CVE-2026-10692 | MEDIUM | 4.3 | 2026-06-03 | A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function is_safe_regex_pattern of the component search_code_advanced. Executing … | |
| CVE-2026-10691 | MEDIUM | 4.3 | 2026-06-03 | A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component st… | |
| CVE-2026-10661 | MEDIUM | 4.3 | 2026-06-02 | A vulnerability has been found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. Impacted is the function Open of the file src/blender_mcp/server.py. … | |
| CVE-2026-10624 | MEDIUM | 4.3 | 2026-06-02 | A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the file /detailview.php of th… | |
| CVE-2026-10702 | MEDIUM | Patched | 4.3 | 2026-06-02 | JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3. |
| CVE-2026-10616 | MEDIUM | 4.3 | 2026-06-02 | A weakness has been identified in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function TeamTasksTool.executeComplete of the file internal/tools/team_t… | |
| CVE-2026-32250 | MEDIUM | 4.3 | 2026-06-02 | NamelessMC is website software for Minecraft servers. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in version 2.2.4 in the id parameter of the endpoi… | |
| CVE-2019-25717 | MEDIUM | 4.3 | 2026-06-02 | Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log file… | |
| CVE-2026-41115 | MEDIUM | Patched | 4.3 | 2026-06-02 | An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMER_GROUP_DESCRIBE (69) API validates the DESCRIBE operation on… |
| CVE-2025-53346 | MEDIUM | 4.3 | 2026-06-02 | Missing Authorization vulnerability in ThimPress Thim Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thim Core: from n/a … | |
| CVE-2026-9234 | MEDIUM | 4.3 | 2026-06-02 | The JTL-Connector for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.4.1. This is due to missing capability che… | |
| CVE-2026-9599 | MEDIUM | 4.3 | 2026-06-02 | The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce vali… | |
| CVE-2026-9722 | MEDIUM | 4.3 | 2026-06-02 | The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce valid… | |
| CVE-2026-9723 | MEDIUM | 4.3 | 2026-06-02 | The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is due to missing or incorrect… | |
| CVE-2026-9730 | MEDIUM | 4.3 | 2026-06-02 | The Remove NoFollow Commenter URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or inco… | |
| CVE-2026-4071 | MEDIUM | 4.3 | 2026-06-02 | The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing nonce validation in the bi… | |
| CVE-2026-8422 | MEDIUM | 4.3 | 2026-06-02 | The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This is due to missing or i… | |
| CVE-2026-9050 | MEDIUM | 4.3 | 2026-06-02 | The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 and 7.0.0-7.0.14 is vulnerable to unauthorized modification of data. This is due to the plugin not prope… | |
| CVE-2026-9048 | MEDIUM | 4.3 | 2026-06-02 | The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it … | |
| CVE-2026-10301 | MEDIUM | 4.3 | 2026-06-02 | A vulnerability was detected in itsourcecode Fees Management System 1.0. The affected element is an unknown function of the file index.php. Performing a manipulation of the… |