Search
127,912 CVEs · High severity
CVEs (127,912, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 326–350 of 127,912 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↓ | Description |
|---|---|---|---|---|---|
| CVE-2025-59874 | HIGH | 8.1 | 2026-06-04 | HCL Hive Telco Observability is affected by a Required directives missing from the CSP issue is detected in keycloak component of the web application. Missing essential di… | |
| CVE-2025-46638 | HIGH | 7.5 | 2026-06-04 | Dell BSAFE SSL-J contains an allocation of resources without limits or throttling vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerabi… | |
| CVE-2019-25745 | HIGH | 8.2 | 2026-06-04 | WordPress Plugin Google Review Slider 6.1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by in… | |
| CVE-2019-25737 | HIGH | 7.2 | 2026-06-04 | Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the chat input fiel… | |
| CVE-2019-25736 | HIGH | 8.4 | 2026-06-04 | LabF nfsAxe 3.7 Ping Client contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the Host IP f… | |
| CVE-2019-25735 | HIGH | 8.4 | 2026-06-04 | AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an exces… | |
| CVE-2019-25733 | HIGH | 8.4 | 2026-06-04 | NetShareWatcher 1.5.8.0 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious i… | |
| CVE-2019-25732 | HIGH | 8.2 | 2026-06-04 | PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the … | |
| CVE-2019-25731 | HIGH | 7.2 | 2026-06-04 | Zuz Music 2.1 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious JavaScript by submitting crafted contact fo… | |
| CVE-2019-25730 | HIGH | 8.2 | 2026-06-04 | Listing Hub CMS 1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id… | |
| CVE-2019-25728 | HIGH | 8.2 | 2026-06-04 | Care2x 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by manipulating the ck_config cookie param… | |
| CVE-2019-25726 | HIGH | 8.2 | 2026-06-04 | All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code t… | |
| CVE-2026-10843 | HIGH | 7.2 | 2026-06-04 | A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive act… | |
| CVE-2025-52612 | HIGH | 7.1 | 2026-06-04 | HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficien… | |
| CVE-2026-49771 | HIGH | 7.6 | 2026-06-04 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue a… | |
| CVE-2026-50213 | HIGH | Patched | 7.5 | 2026-06-04 | The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings. |
| CVE-2026-50210 | HIGH | Patched | 7.5 | 2026-06-04 | The device encrypts data using AES-CBC with static zero-filled Initialization Vectors (IVs), making it susceptible to replay attacks and known-plaintext decryption. |
| CVE-2026-50209 | HIGH | Patched | 7.8 | 2026-06-04 | Broadcast events allow malicious software to rewrite the device's default Mobile Device Management (MDM) endpoint address, shifting administrative ownership to an external … |
| CVE-2026-50207 | HIGH | Patched | 7.8 | 2026-06-04 | The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity. |
| CVE-2026-3820 | HIGH | 7.2 | 2026-06-04 | There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted char… | |
| CVE-2026-50205 | HIGH | Patched | 8.2 | 2026-06-04 | System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data. |
| CVE-2026-49203 | HIGH | Patched | 8.3 | 2026-06-04 | Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted. |
| CVE-2026-49202 | HIGH | Patched | 8.6 | 2026-06-04 | Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing (CORS) rules that allow cross-site theft. |
| CVE-2026-49194 | HIGH | Patched | 8.8 | 2026-06-04 | The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prompt entirely and directly enter an interactive shell interface. |
| CVE-2026-49193 | HIGH | Patched | 7.5 | 2026-06-04 | Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet. |