Search
19,079 CVEs
CVEs (19,079, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 276–300 of 19,079 (capped at 500)
| CVE ID | Severity ↓ | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-44651 | NONE | Patched | — | 2026-05-29 | SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voi… |
| CVE-2026-45668 | NONE | Patched | — | 2026-05-29 | Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Prior to 0.102.2, a malicious ZIP archive import… |
| CVE-2026-45577 | NONE | Patched | — | 2026-05-29 | Neotoma provides versioned records that persist across agent runs. From 0.6.0 to before 0.11.1, Neotoma can treat public reverse-proxied requests as local when the app rece… |
| CVE-2026-43917 | NONE | — | 2026-05-29 | Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.19.0 and earlier, the protectedProcedure middleware only verifies the user is authenticated - it does NO… | |
| CVE-2026-9194 | NONE | — | 2026-05-29 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have be… | |
| CVE-2026-33384 | NONE | Patched | — | 2026-05-29 | QuickCMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an att… |
| CVE-2026-33386 | NONE | Patched | — | 2026-05-29 | QuickCMS is vulnerable to Cross-Site Scripting (XSS) through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a Man‑in‑the‑Middle (MITM) … |
| CVE-2026-9509 | NONE | — | 2026-05-29 | An unhandled exception in Suprema BioStar 2 (Server), versions 2.9.8, 2.9.10, and 2.9.11, that allows an unauthenticated remote attacker to cause a denial of service (DoS) … | |
| CVE-2026-45611 | NONE | — | 2026-05-29 | Rejected reason: Further research determined the issue is not a vulnerability. | |
| CVE-2026-8326 | NONE | — | 2026-05-29 | Path traversal vulnerability in Remote Spark (https://www.Remotespark.Com/) SparkView allows reading and writing arbitrary files in all directories as root. This leads to R… | |
| CVE-2026-9508 | NONE | — | 2026-05-29 | Incorrect permission settings on a critical resource in Suprema BioStar 2 (versions 2.9.3 through 2.9.11) that allow backup files to be publicly exposed when the administra… | |
| CVE-2026-45043 | NONE | Patched | — | 2026-05-29 | RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper validation in the PUT /rustfs/admin/v3/import-iam endpoint allows a user with I… |
| CVE-2026-45551 | NONE | Patched | — | 2026-05-29 | Group-Office is an enterprise customer relationship management and groupware tool. Prior to 26.0.25, 25.0.100, and 6.8.165, GroupOffice allows authenticated users to persis… |
| CVE-2026-7480 | NONE | — | 2026-05-29 | An Incorrect Permission Assignment for Critical Resource vulnerability in ASUS System Control Interface allows a local user to elevate privileges to SYSTEM and execute arbi… | |
| CVE-2026-8070 | NONE | — | 2026-05-29 | Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver’s validation mechanism, resulting in unauthorized read and… | |
| CVE-2026-49299 | NONE | Patched | — | 2026-05-28 | In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular na… |
| CVE-2026-45342 | NONE | Patched | — | 2026-05-28 | LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains an Insecure Direct Object Reference vulnerability in the authorization policy la… |
| CVE-2026-45343 | NONE | Patched | — | 2026-05-28 | LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains a stored cross-site scripting vulnerability that allows a low-privilege user to … |
| CVE-2026-44657 | NONE | Patched | — | 2026-05-28 | Mantis Bug Tracker (MantisBT) is an open source issue tracker. Prior to 2.28.2, using show_inline=1 parameter and a valid file_show_inline_token CSRF token on file_download… |
| CVE-2026-42071 | NONE | Patched | — | 2026-05-28 | Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 2.23.0 to 2.28.1, a missing authorization check in MantisBT's file visibility function allows any authen… |
| CVE-2026-44655 | NONE | Patched | — | 2026-05-28 | Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it (which typically requires man… |
| CVE-2026-41897 | NONE | Patched | — | 2026-05-28 | Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 1.0.0 to 2.28.1, lack of validation of filter_target parameter on return_dynamic_filters.php (normally u… |
| CVE-2026-42070 | NONE | Patched | — | 2026-05-28 | Mantis Bug Tracker (MantisBT) is an open source issue tracker. Prior to 2.28.2, the mc_issue_update() function in MantisBT allows users having update_bug_threshold access (… |
| CVE-2026-9037 | NONE | — | 2026-05-28 | A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device's management interface.… | |
| CVE-2026-9038 | NONE | — | 2026-05-28 | A stack-based buffer overflow vulnerability in the charging controller’s signal-processing logic allows an attacker with physical access to the charging interface to supply… |