Search
153,552 CVEs · Medium severity
CVEs (153,552, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 301–325 of 153,552 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-8672 | MEDIUM | Patched | 5.1 | 2026-05-22 | Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords. This issue affects Avantra: be… |
| CVE-2026-8669 | MEDIUM | 6.5 | 2026-05-15 | Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. Imager::File::GIF's i_readgif_multi_low allocates a single … | |
| CVE-2026-8656 | MEDIUM | Patched | 6.1 | 2026-05-16 | Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Cross-site Scripting (XSS) via the annotated formatter due to improper sanitization of JSON values and … |
| CVE-2026-8653 | MEDIUM | 6.5 | 2026-06-04 | The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'columns' parameter in all versions up to, and including, 4.8.20 due to ins… | |
| CVE-2026-8647 | MEDIUM | 4.8 | 2026-05-26 | Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available. The random_bytes function fell back to using the bu… | |
| CVE-2026-8643 | MEDIUM | Patched | 5.5 | 2026-06-01 | pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry… |
| CVE-2026-8627 | MEDIUM | 6.1 | 2026-05-20 | The Correct Prices plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $_SERVER['PHP_SELF'] variable in versions up to and including 1.0. This is d… | |
| CVE-2026-8626 | MEDIUM | 6.1 | 2026-05-20 | The SponsorMe plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF Parameter in all versions up to, and including, 0.5.2 due to insufficient in… | |
| CVE-2026-8624 | MEDIUM | 6.1 | 2026-05-20 | The LJ comments import: reloaded plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF Parameter in all versions up to, and including, 0.97.1 du… | |
| CVE-2026-8612 | MEDIUM | Patched | 5.3 | 2026-05-15 | WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code executi… |
| CVE-2026-8611 | MEDIUM | 4.3 | 2026-06-06 | The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoice_id' par… | |
| CVE-2026-8610 | MEDIUM | 4.3 | 2026-05-20 | The TypeSquare Webfonts for ConoHa plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.4. This is due to the plugin not pro… | |
| CVE-2026-8608 | MEDIUM | 5.3 | 2026-06-06 | The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and i… | |
| CVE-2026-8606 | MEDIUM | Patched | 5.9 | 2026-05-27 | A Server-Side Request Forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to interna… |
| CVE-2026-8594 | MEDIUM | 6.2 | 2026-05-30 | Text::LineFold versions through 2019.001 for Perl duplicate the output based on the number of special break characters. Text::LineFold splits the input string by specific … | |
| CVE-2026-8586 | MEDIUM | Patched | 5.5 | 2026-05-14 | Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. (C… |
| CVE-2026-8584 | MEDIUM | 4.2 | 2026-05-14 | Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoof… | |
| CVE-2026-8583 | MEDIUM | Patched | 5.3 | 2026-05-14 | Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain po… |
| CVE-2026-8582 | MEDIUM | Patched | 5.3 | 2026-05-14 | Object lifecycle issue in Dawn in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a craf… |
| CVE-2026-8576 | MEDIUM | Patched | 4.3 | 2026-05-14 | Inappropriate implementation in CORS in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML p… |
| CVE-2026-8570 | MEDIUM | Patched | 6.5 | 2026-05-14 | Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML p… |
| CVE-2026-8567 | MEDIUM | Patched | 4.3 | 2026-05-14 | Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (C… |
| CVE-2026-8566 | MEDIUM | Patched | 4.3 | 2026-05-14 | Insufficient policy enforcement in Payments in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to bypass discretionary access control via a craft… |
| CVE-2026-8565 | MEDIUM | Patched | 4.7 | 2026-05-14 | Inappropriate implementation in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to perfo… |
| CVE-2026-8564 | MEDIUM | Patched | 4.2 | 2026-05-14 | Incorrect security UI in Downloads in Google Chrome on Android and Mac prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Ch… |