Search
1,613 CVEs
CVEs (1,613, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 351–375 of 1,613 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↑ | Published | Description |
|---|---|---|---|---|---|
| CVE-2025-60477 | MEDIUM | Patched | 5.0 | 2026-06-03 | A NULL pointer dereference in the gf_filter_pid_resolve_file_template_ex function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to caus… |
| CVE-2026-47345 | NONE | — | 2026-06-08 | Namespace attributes are not encoded correctly during HTML serialization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before… | |
| CVE-2026-11276 | MEDIUM | Patched | 5.1 | 2026-06-05 | Inappropriate implementation in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to bypass discretionary access control via mal… |
| CVE-2026-42840 | NONE | — | 2026-06-03 | An authenticated user can persist arbitrary HTML/JavaScript in the email_id or mobile_no fields of a Customer record and trigger unescaped rendering in the Point of Sale (P… | |
| CVE-2022-31114 | NONE | — | 2026-06-03 | backpack/crud provides Create, Read, Update & Delete (CRUD) functions for Backpack, a collection of Laravel packages that help users build custom administration panels. Ver… | |
| CVE-2026-47324 | NONE | — | 2026-06-03 | ProjectsAndPrograms school-management-system is vulnerable to Stored Cross‑Site Scripting (XSS) in multiple attributes of students and teachers objects. An authorized attac… | |
| CVE-2026-45682 | MEDIUM | Patched | 5.1 | 2026-06-02 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the custom CappedConcurrentHashMap introduced … |
| CVE-2026-42795 | NONE | — | 2026-06-02 | Symlink following vulnerability in Gleam's Hex package export allows files outside the project root to be embedded in the generated package tarball. The file collection he… | |
| CVE-2026-34907 | NONE | — | 2026-06-02 | Wirtualna Uczelnia is vulnerable to Reflected Cross‑Site Scripting (XSS) due to insecure handling of the locale parameter across multiple endpoints. An attacker can craft a… | |
| CVE-2026-8499 | MEDIUM | 5.3 | 2026-06-09 | The Helpfulcrowd Product Reviews plugin for WordPress is vulnerable to Authorization Bypass via PHP Type Juggling in versions up to, and including, 1.2.9. This is due to th… | |
| CVE-2026-41851 | MEDIUM | 5.3 | 2026-06-09 | Applications which accept user-supplied Spring Expression Language (SpEL) expressions may be vulnerable to a Denial of Service (DoS) attack if the evaluation of a SpEL expr… | |
| CVE-2026-41853 | MEDIUM | 5.3 | 2026-06-09 | Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6… | |
| CVE-2026-11620 | MEDIUM | 5.3 | 2026-06-09 | A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation r… | |
| CVE-2026-11696 | MEDIUM | 5.3 | 2026-06-09 | Uninitialized Use in Video in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sens… | |
| CVE-2026-11678 | MEDIUM | 5.3 | 2026-06-09 | Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive infor… | |
| CVE-2026-11669 | MEDIUM | 5.3 | 2026-06-09 | Out of bounds read in Media in Google Chrome on ChromeOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially se… | |
| CVE-2026-46486 | NONE | Patched | — | 2026-06-08 | MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise. Prior to version 2026.5.12, there is a… |
| CVE-2026-11552 | MEDIUM | 5.3 | 2026-06-08 | A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affecte… | |
| CVE-2026-11515 | MEDIUM | 5.3 | 2026-06-08 | A vulnerability has been found in SourceCodester Barangay Resident Profiling and Information Management System 1.0. The impacted element is an unknown function of the file … | |
| CVE-2026-11497 | MEDIUM | 5.3 | 2026-06-08 | A vulnerability has been found in D-Link DCS-5615 1.01.00. Affected by this vulnerability is an unknown functionality of the file /etc/conf.d/boa/boa.conf of the component … | |
| CVE-2026-11487 | MEDIUM | 5.3 | 2026-06-08 | A flaw has been found in Neovim up to 0.12.2. Affected by this issue is the function M.read of the file runtime/lua/vim/secure.lua of the component View Branch. Executing a… | |
| CVE-2026-11458 | MEDIUM | 5.3 | 2026-06-07 | A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuat… | |
| CVE-2026-8839 | MEDIUM | 5.3 | 2026-06-06 | The MapPress Maps for WordPress plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 2.96.6. This is… | |
| CVE-2026-9016 | MEDIUM | 5.3 | 2026-06-06 | The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is vulnerable to Improper Output Neutralization for Logs in all versions up to, and inc… | |
| CVE-2026-8502 | MEDIUM | 5.3 | 2026-06-06 | The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and inc… |