Search
1,557 CVEs
CVEs (1,557, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 351–375 of 1,557 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-41237 | NONE | — | 2026-06-04 | Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses `\s+` which matches newlines (allowing embedded newlines to p… | |
| CVE-2026-49202 | HIGH | Patched | 8.6 | 2026-06-04 | Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing (CORS) rules that allow cross-site theft. |
| CVE-2026-46273 | HIGH | 8.6 | 2026-06-03 | In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapters on Power systems do not support… | |
| CVE-2026-20230 | HIGH | 8.6 | 2026-06-03 | A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an una… | |
| CVE-2022-4992 | HIGH | 8.6 | 2026-06-02 | Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors versions VG4.1.1, VG4.0.3, and lower (with VG4.2 partially affected) contain a network messa… | |
| CVE-2019-25719 | HIGH | 8.6 | 2026-06-02 | Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and lower contain network message handling vulne… | |
| CVE-2026-8913 | NONE | — | 2026-06-08 | A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web man… | |
| CVE-2026-8833 | NONE | — | 2026-06-08 | Improper neutralization of HTML-encoded characters in the URL validation function in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an authenticated … | |
| CVE-2026-11347 | NONE | — | 2026-06-05 | The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initia… | |
| CVE-2025-12694 | NONE | — | 2026-06-04 | A local privilege escalation vulnerability exists in Forcepoint VPN Client that allows a local non-administrative user to escalate privileges to SYSTEM. This issue affects … | |
| CVE-2026-47201 | HIGH | Patched | 8.5 | 2026-06-02 | authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrap… |
| CVE-2026-49120 | HIGH | Patched | 8.5 | 2026-06-02 | Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform unauthorized internal netwo… |
| CVE-2026-26422 | HIGH | Patched | 8.4 | 2026-06-06 | clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation. |
| CVE-2026-8914 | NONE | — | 2026-06-05 | In Teltonika Networks RUTOS devices, running versions 7.22 through 7.23.2 and TSWOS devices running versions 1.09 through 1.09.1, due to unsafe calls to an eval function in… | |
| CVE-2019-25733 | HIGH | 8.4 | 2026-06-04 | NetShareWatcher 1.5.8.0 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious i… | |
| CVE-2019-25735 | HIGH | 8.4 | 2026-06-04 | AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an exces… | |
| CVE-2019-25736 | HIGH | 8.4 | 2026-06-04 | LabF nfsAxe 3.7 Ping Client contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the Host IP f… | |
| CVE-2026-7888 | NONE | — | 2026-06-03 | Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that lack the allowed_classes re… | |
| CVE-2026-46270 | HIGH | 8.4 | 2026-06-03 | In the Linux kernel, the following vulnerability has been resolved: power: supply: rt9455: Fix use-after-free in power_supply_changed() Using the `devm_` variant for requ… | |
| CVE-2026-46251 | HIGH | 8.4 | 2026-06-03 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix block_group_tree dirty_list corruption When the incompat flag EXTENT_TREE_V2 is set, we unc… | |
| CVE-2026-42321 | NONE | Patched | — | 2026-06-03 | GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked … |
| CVE-2026-5385 | NONE | Patched | — | 2026-06-02 | An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: before 11.0.7. |
| CVE-2026-11700 | HIGH | 8.3 | 2026-06-09 | Use after free in Tracing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escap… | |
| CVE-2026-11692 | HIGH | 8.3 | 2026-06-09 | Use after free in Read Anything in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox… | |
| CVE-2026-11679 | HIGH | 8.3 | 2026-06-09 | Use after free in Codecs in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a san… |