Search
1,613 CVEs
CVEs (1,613, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 326–350 of 1,613 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↑ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-10583 | MEDIUM | 4.7 | 2026-06-02 | A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/tts_config.go of… | |
| CVE-2026-41847 | MEDIUM | 4.8 | 2026-06-09 | Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL. Affected versions: Spring Framework 5.3.0 through 5.3.48. | |
| CVE-2026-41838 | MEDIUM | 4.8 | 2026-06-09 | IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authoriza… | |
| CVE-2026-25558 | MEDIUM | 4.8 | 2026-06-08 | QloApps through 1.7.0 contains a stored cross-site scripting vulnerability in the admin file manager that allows authenticated administrators to inject malicious JavaScript… | |
| CVE-2026-9549 | MEDIUM | 4.8 | 2026-06-08 | Stored cross-site scripting in the service discovery active check output in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an administrator who can c… | |
| CVE-2026-8078 | MEDIUM | 4.8 | 2026-06-08 | Stored cross-site scripting in the global settings change log in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an administrator who can change globa… | |
| CVE-2026-21034 | NONE | — | 2026-06-05 | Improper export of android application components in Samsung Auto prior to version 3.1.2.61 in Android 15 and 3.2.0.38 in Android 16 allows local attacker to change audio c… | |
| CVE-2026-43924 | NONE | — | 2026-06-03 | FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Redirect module does not validate the URL scheme of administrator-confi… | |
| CVE-2026-42839 | NONE | — | 2026-06-03 | An authenticated ERPNext user with Item record edit permissions can persist arbitrary HTML/JavaScript in the item_name, description, or image fields of an Item and trigger … | |
| CVE-2026-36460 | MEDIUM | 4.8 | 2026-06-03 | Dovestones Softwares ADPhonebook before v4.0.1.1 is vulnerable to a Cross Site Scripting vulnerability. The /Admin/Save API allows an authenticated admin user to store mali… | |
| CVE-2026-8978 | MEDIUM | 4.9 | 2026-06-06 | The OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin for WordPress is vulnerable to generic SQL Injection via the 'order_by' parameter in all versions u… | |
| CVE-2026-9197 | MEDIUM | 4.9 | 2026-06-06 | The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.5.1.36 via the replaceHTMLImage function. This makes it… | |
| CVE-2026-7565 | MEDIUM | 4.9 | 2026-06-06 | The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to Arbitrary File Read via Directory Traversal in all versions up to, and including, 4.1.4 via t… | |
| CVE-2026-6448 | MEDIUM | 4.9 | 2026-06-06 | The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' parameter in all versions… | |
| CVE-2026-50224 | MEDIUM | Patched | 4.9 | 2026-06-04 | The web administration panel binds broadly to the public IPv6 address space on port [::]:8080 without default firewall limits, making internal API endpoints reachable over the WAN. |
| CVE-2026-50219 | MEDIUM | Patched | 4.9 | 2026-06-04 | libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in c… |
| CVE-2026-44917 | MEDIUM | Patched | 4.9 | 2026-06-04 | OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_template. |
| CVE-2026-41412 | MEDIUM | 4.9 | 2026-06-02 | alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, the alf.io extension sandbox injects … | |
| CVE-2026-45684 | MEDIUM | Patched | 4.9 | 2026-06-02 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, OBI's log enricher mishand… |
| CVE-2026-11505 | MEDIUM | 5.0 | 2026-06-08 | A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executi… | |
| CVE-2026-11500 | MEDIUM | 5.0 | 2026-06-08 | A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of… | |
| CVE-2026-11493 | MEDIUM | 5.0 | 2026-06-08 | A weakness has been identified in Tenda AC15 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/smb.conf of the component Samba. Executing a manip… | |
| CVE-2026-11455 | MEDIUM | 5.0 | 2026-06-07 | A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.2. Affected by this issue is the function check_cmd_exists of the file metagpt/utils/common.py. This ma… | |
| CVE-2026-11290 | MEDIUM | 5.0 | 2026-06-05 | Integer overflow in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to cause a denial of service via a malicious file. (Chromium securit… | |
| CVE-2026-11281 | MEDIUM | Patched | 5.0 | 2026-06-05 | Integer overflow in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to obtain potentially sensitive information from process memory v… |