Search
6,905 CVEs
CVEs (6,905, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 301–325 of 6,905 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2026-2614 | HIGH | Patched | 7.5 | 2026-05-11 | A vulnerability in the `_create_model_version()` handler of `mlflow/server/handlers.py` in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacke… |
| CVE-2026-36734 | HIGH | 8.8 | 2026-05-11 | EDIMAX BR-6428nS V3 1.15 is vulnerable to Command Injection. An authenticated attacker with access to the network can submit crafted input to the WLAN configuration functio… | |
| CVE-2026-42050 | MEDIUM | Patched | 5.5 | 2026-05-11 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an overf… |
| CVE-2026-42565 | MEDIUM | Patched | 4.3 | 2026-05-11 | @workos/authkit-session is a toolkit for building WorkOS AuthKit framework integrations. Prior to 0.5.1, an open redirect vulnerability exists in AuthService.handleCallback… |
| CVE-2026-42869 | CRITICAL | Patched | 10.0 | 2026-05-11 | SOCFortress CoPilot focuses on providing a single pane of glass for all your security operations needs. Prior to 0.1.57, SOCFortress CoPilot ships a hardcoded JWT signing s… |
| CVE-2026-42870 | NONE | Patched | — | 2026-05-11 | WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting (XSS) flaw was identified at the following endpoint: funcionar… |
| CVE-2026-42872 | MEDIUM | Patched | 6.1 | 2026-05-11 | WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a reflected Cross-Site Scripting (XSS) vulnerability exists in lista_arquivos_etapa.php due … |
| CVE-2026-42873 | NONE | Patched | 0.0 | 2026-05-11 | WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, when attempting to upload a file with malicious content to funcionario/docdependente_upload… |
| CVE-2026-42874 | LOW | Patched | 3.7 | 2026-05-11 | Microdot is a minimalistic Python web framework. Prior to 2.6.1, the Response.set_cookie() method does not sanitize its string arguments, and in particular will not detect … |
| CVE-2026-42875 | NONE | Patched | — | 2026-05-11 | External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.0, Namespaced SecretStore re… |
| CVE-2026-42876 | MEDIUM | Patched | 4.9 | 2026-05-11 | External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.1, a user who only has permi… |
| CVE-2026-42882 | CRITICAL | Patched | 9.4 | 2026-05-11 | oxyno-zeta/s3-proxy is an aws s3 proxy written in go. Prior to 5.0.0, s3-proxy contains an authentication bypass caused by inconsistent URL path interpretation between the … |
| CVE-2026-42883 | MEDIUM | Patched | 6.5 | 2026-05-11 | Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/libraries/:id/download endpoint validates that the requesting user has access to… |
| CVE-2026-42884 | MEDIUM | Patched | 4.3 | 2026-05-11 | Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/collections and GET /api/collections/:id endpoints return collections from all l… |
| CVE-2026-42885 | MEDIUM | Patched | 4.3 | 2026-05-11 | Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/filesystem/pathexists endpoint uses String.startsWith() to validate that a reso… |
| CVE-2026-42886 | MEDIUM | Patched | 4.9 | 2026-05-11 | Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/backups/upload endpoint decompresses the details entry from an uploaded .audiob… |
| CVE-2026-42887 | MEDIUM | Patched | 4.5 | 2026-05-11 | Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting (XSS) vulnerability exists in the Login Page due to improper sa… |
| CVE-2026-45025 | MEDIUM | Patched | 6.8 | 2026-05-11 | WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject mal… |
| CVE-2026-45026 | MEDIUM | Patched | 6.8 | 2026-05-11 | WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject mal… |
| CVE-2026-6146 | MEDIUM | 5.3 | 2026-05-11 | Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys. Amazon::Credentials stores credentials in an obfuscated form to prevent access t… | |
| CVE-2026-8319 | MEDIUM | 5.3 | 2026-05-11 | A weakness has been identified in aiwaves-cn agents up to e8c4e3c2d19739d3dff59e577d1c97090cc15f59. Affected by this issue is the function recall_relevant_memories_to_worki… | |
| CVE-2026-8320 | MEDIUM | 4.7 | 2026-05-11 | A security vulnerability has been detected in jishenghua jshERP up to 3.6. This affects the function getUserByWeixinCode of the file jshERP-boot/src/main/java/com/jsh/erp/s… | |
| CVE-2026-8321 | HIGH | 7.3 | 2026-05-11 | A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the comp… | |
| CVE-2026-20696 | MEDIUM | Patched | 5.5 | 2026-05-11 | An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data. |
| CVE-2026-28819 | MEDIUM | Patched | 5.4 | 2026-05-11 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, ma… |