Search
1,557 CVEs
CVEs (1,557, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 276–300 of 1,557 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2026-44546 | LOW | Patched | 3.7 | 2026-06-03 | daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, … |
| CVE-2026-47324 | NONE | — | 2026-06-03 | ProjectsAndPrograms school-management-system is vulnerable to Stored Cross‑Site Scripting (XSS) in multiple attributes of students and teachers objects. An authorized attac… | |
| CVE-2026-47325 | NONE | — | 2026-06-03 | ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth (e.g., 120720… | |
| CVE-2026-48587 | LOW | Patched | 3.1 | 2026-06-03 | An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.utils.cache.has_vary_header()` in Django does not strip leading or trailing whitespace fro… |
| CVE-2026-5241 | CRITICAL | 9.6 | 2026-06-03 | A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code durin… | |
| CVE-2026-6873 | LOW | Patched | 3.1 | 2026-06-03 | An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. `django.http.HttpRequest.get_signed_cookie` in Django uses a non-injective salt derivation (concat… |
| CVE-2026-7666 | LOW | Patched | 3.1 | 2026-06-03 | An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. `django.core.mail.backends.smtp.EmailBackend` in Django fails to prevent reuse of a partially-init… |
| CVE-2026-8404 | LOW | Patched | 3.1 | 2026-06-03 | An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middleware.cache.UpdateCacheMiddleware` in Django does not match `Cache-Control` response … |
| CVE-2022-31114 | NONE | — | 2026-06-03 | backpack/crud provides Create, Read, Update & Delete (CRUD) functions for Backpack, a collection of Laravel packages that help users build custom administration panels. Ver… | |
| CVE-2026-36574 | HIGH | 7.8 | 2026-06-03 | A DLL hijacking vulnerability in Wassimulator (GitHub) CactusViewer v2.3.0 allows attackers to escalate privileges and execute arbitrary code via a crafted DLL. | |
| CVE-2026-36576 | CRITICAL | 9.8 | 2026-06-03 | An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a c… | |
| CVE-2026-36748 | CRITICAL | 9.0 | 2026-06-03 | RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profile. | |
| CVE-2026-37462 | HIGH | 7.5 | 2026-06-03 | An integer underflow in the BGPUpdate.DecodeFromBytes function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP… | |
| CVE-2026-3276 | NONE | — | 2026-06-03 | unicodedata.normalize() can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical … | |
| CVE-2026-42317 | NONE | Patched | — | 2026-06-03 | GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, a technician can delete arbitrary files from the… |
| CVE-2026-42318 | NONE | Patched | — | 2026-06-03 | GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 10.0.25 and 11.0.7, low privilege users with access to planning can… |
| CVE-2026-42320 | NONE | Patched | — | 2026-06-03 | GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 10.0.25 and 11.0.7, a technician can read arbitrary files inside the… |
| CVE-2026-42321 | NONE | Patched | — | 2026-06-03 | GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked … |
| CVE-2026-44281 | NONE | Patched | — | 2026-06-03 | GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, an authenticated user with config READ permissio… |
| CVE-2026-6657 | MEDIUM | 6.1 | 2026-06-03 | A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the `allow_origin_pat` configuration is used. The … | |
| CVE-2019-25720 | MEDIUM | 6.5 | 2026-06-03 | Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain a denial-of-service vulnerability in all software versions that allows unauthentic… | |
| CVE-2025-71313 | NONE | — | 2026-06-03 | In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Add missing NULL check for alloc_workqueue() alloc_workqueue() can return NULL on memor… | |
| CVE-2025-71314 | NONE | — | 2026-06-03 | In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Recover from panthor_gpu_flush_caches() failures We have seen a few cases where the whole… | |
| CVE-2026-20175 | MEDIUM | 6.1 | 2026-06-03 | A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected de… | |
| CVE-2026-20230 | HIGH | 8.6 | 2026-06-03 | A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an una… |