Search
1,613 CVEs
CVEs (1,613, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 301–325 of 1,613 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↑ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-41978 | MEDIUM | 4.4 | 2026-06-09 | Permission control vulnerability in the clone module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |
| CVE-2026-11411 | MEDIUM | 4.4 | 2026-06-06 | A security flaw has been discovered in iAI Lab PDF AI App 4.21.0 on Android. Impacted is the function getExternalCacheDir of the component chatpdf.pro. Performing a manipul… | |
| CVE-2026-9594 | MEDIUM | 4.4 | 2026-06-06 | The WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'location… | |
| CVE-2026-8991 | MEDIUM | 4.4 | 2026-06-06 | The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'drag_n_drop_text' and 'drag_n_drop_browse_t… | |
| CVE-2026-2500 | MEDIUM | 4.4 | 2026-06-06 | The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the `qckply_data()` function passing t… | |
| CVE-2026-45702 | MEDIUM | Patched | 4.4 | 2026-06-03 | OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting i… |
| CVE-2026-7421 | MEDIUM | 4.4 | 2026-06-03 | The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0. This is due to the `get_shop_url()` metho… | |
| CVE-2026-3620 | MEDIUM | 4.4 | 2026-06-02 | The Word Replacer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'replacement' parameter in all versions up to, and including, 0.4. This is due t… | |
| CVE-2026-10100 | MEDIUM | 4.4 | 2026-06-02 | The Simple Custom Login Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the color settings fields (Page Background, Form Background, Text Color, … | |
| CVE-2026-11623 | MEDIUM | 4.5 | 2026-06-09 | A security vulnerability has been detected in tmux up to 3.6a. Affected is the function image_free of the file image.c. Such manipulation leads to use after free. Local acc… | |
| CVE-2026-50590 | MEDIUM | Patched | 4.5 | 2026-06-05 | In Mimecast Incydr before 2.6.0, arbitrary file access can occur. |
| CVE-2026-10814 | MEDIUM | 4.5 | 2026-06-04 | A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoord/kv_catalog.go of the co… | |
| CVE-2026-36174 | MEDIUM | 4.6 | 2026-06-04 | GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-p… | |
| CVE-2026-36178 | MEDIUM | 4.6 | 2026-06-04 | The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to rec… | |
| CVE-2026-36180 | MEDIUM | 4.6 | 2026-06-04 | A lack of runtime integrity in GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass file system read-only protections and modify system files and binaries for t… | |
| CVE-2026-10718 | NONE | — | 2026-06-02 | Out of bounds write in openSeaChest’s Trim/Unmap operation in Seagate’s openSeaChest v26.03.0 on all supported platforms allows for writing extra memory describing a range … | |
| CVE-2026-32685 | NONE | — | 2026-06-02 | Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory… | |
| CVE-2026-11621 | MEDIUM | 4.7 | 2026-06-09 | A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User S… | |
| CVE-2026-44757 | MEDIUM | 4.7 | 2026-06-09 | SAP Wily Introscope Enterprise Manager allows an unauthenticated attacker to craft a specially crafted URL. Under certain conditions, when accessed by a victim, the injecte… | |
| CVE-2026-11469 | MEDIUM | 4.7 | 2026-06-08 | A flaw has been found in jishenghua jshERP up to 3.6. Impacted is the function insertPlatformConfig of the file jshERP-boot/src/main/java/com/jsh/erp/service/PlatformConfig… | |
| CVE-2026-11448 | MEDIUM | 4.7 | 2026-06-07 | A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. The affected element is the function realpath of the file /rpc of the component Minidlna Service. This mani… | |
| CVE-2026-11249 | MEDIUM | Patched | 4.7 | 2026-06-05 | Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive informa… |
| CVE-2026-11233 | MEDIUM | 4.7 | 2026-06-04 | Insufficient policy enforcement in FoldableAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same or… | |
| CVE-2026-42329 | MEDIUM | 4.7 | 2026-06-04 | Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an atta… | |
| CVE-2026-45614 | MEDIUM | Patched | 4.7 | 2026-06-03 | OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to v… |