Search
153,552 CVEs · Medium severity
CVEs (153,552, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 351–375 of 153,552 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-8463 | MEDIUM | Patched | 5.3 | 2026-05-13 | Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2_verify on empty encoded input. The auto-detect form of argon2_verify pa… |
| CVE-2026-8454 | MEDIUM | Patched | 5.3 | 2026-05-15 | Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. Imager::File::GIF's i_readgif_multi_low allocate… |
| CVE-2026-8425 | MEDIUM | 4.3 | 2026-05-15 | The Notify Odoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce vali… | |
| CVE-2026-8424 | MEDIUM | 4.3 | 2026-05-20 | The Remove Yellow BGBOX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonc… | |
| CVE-2026-8423 | MEDIUM | 4.3 | 2026-05-20 | The JaviBola Custom Theme Test plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5. This is due to missing or incor… | |
| CVE-2026-8422 | MEDIUM | 4.3 | 2026-06-02 | The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This is due to missing or i… | |
| CVE-2026-8420 | MEDIUM | 6.1 | 2026-05-20 | The BLOGCHAT Chat System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6.3. This is due to missing or incorrect… | |
| CVE-2026-8419 | MEDIUM | 4.3 | 2026-05-20 | The Amazon Scraper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce val… | |
| CVE-2026-8418 | MEDIUM | 4.3 | 2026-05-20 | The Games Catalog plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.0. This is due to missing or incorrect nonce valida… | |
| CVE-2026-8407 | MEDIUM | Patched | 4.3 | 2026-05-12 | Missing authorization in the PAM module in Devolutions Server allows an authenticated user with a PAM license but no additional permissions to obtain OTP secret keys and re… |
| CVE-2026-8405 | MEDIUM | 6.5 | 2026-05-27 | IBM Guardium Data Protection 12.2.1, and 12.2.2 's add-on feature of Guardium Data Protection named "Long Term Retention" (LTR) can expose sensitive credentials in debug mode. | |
| CVE-2026-8391 | MEDIUM | Patched | 5.3 | 2026-05-12 | Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11. |
| CVE-2026-8388 | MEDIUM | Patched | 6.5 | 2026-05-12 | Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderb… |
| CVE-2026-8382 | MEDIUM | 5.3 | 2026-05-31 | The Advanced Custom Fields (ACF®) plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not prop… | |
| CVE-2026-8381 | MEDIUM | 5.4 | 2026-05-22 | A broken access control vulnerability exists in the TeamViewer DEX Platform (On‑Premises) prior version 9.2. Certain backend API endpoints do not correctly enforce authoriz… | |
| CVE-2026-8368 | MEDIUM | Patched | 6.5 | 2026-05-12 | LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips o… |
| CVE-2026-8367 | MEDIUM | 4.8 | 2026-05-13 | aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a differ… | |
| CVE-2026-8349 | MEDIUM | 4.3 | 2026-05-12 | A flaw has been found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGAP Message Handler. Executing a manipulation can lead to m… | |
| CVE-2026-8346 | MEDIUM | 6.3 | 2026-05-12 | A vulnerability was detected in D-Link DIR-816 1.10CNB05_R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ip_address results i… | |
| CVE-2026-8345 | MEDIUM | 6.3 | 2026-05-11 | A security vulnerability has been detected in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this issue is the function sub_445E7C of the file /goform/singlePortForward… | |
| CVE-2026-8344 | MEDIUM | 6.3 | 2026-05-11 | A weakness has been identified in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this vulnerability is the function sub_445E7C of the file /goform/formDMZ.cgi. This man… | |
| CVE-2026-8340 | MEDIUM | Patched | 4.3 | 2026-05-22 | Concrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::approveVersion. Victim with edit_file_contents permission is CSRF'd into publishing an attacker-chosen … |
| CVE-2026-8337 | MEDIUM | Patched | 5.3 | 2026-05-21 | Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are p… |
| CVE-2026-8327 | MEDIUM | Patched | 4.3 | 2026-05-21 | Concrete CMS below 9.5.0 and below is vulnerable to password change without reauthorization and session-hardening bypass. The user-profile edit controller passes the entire… |
| CVE-2026-8320 | MEDIUM | 4.7 | 2026-05-11 | A security vulnerability has been detected in jishenghua jshERP up to 3.6. This affects the function getUserByWeixinCode of the file jshERP-boot/src/main/java/com/jsh/erp/s… |