Search
1,557 CVEs
CVEs (1,557, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 351–375 of 1,557 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2026-26379 | MEDIUM | Patched | 6.5 | 2026-06-03 | Koha versions up to 25.11 contain a Server-Side Request Forgery (SSRF) vulnerability via the Z39.50/SRU server configuration. This allows authenticated attackers to perform… |
| CVE-2026-42839 | NONE | — | 2026-06-03 | An authenticated ERPNext user with Item record edit permissions can persist arbitrary HTML/JavaScript in the item_name, description, or image fields of an Item and trigger … | |
| CVE-2026-42840 | NONE | — | 2026-06-03 | An authenticated user can persist arbitrary HTML/JavaScript in the email_id or mobile_no fields of a Customer record and trigger unescaped rendering in the Point of Sale (P… | |
| CVE-2026-45614 | MEDIUM | Patched | 4.7 | 2026-06-03 | OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to v… |
| CVE-2026-45702 | MEDIUM | Patched | 4.4 | 2026-06-03 | OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting i… |
| CVE-2026-7888 | NONE | — | 2026-06-03 | Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that lack the allowed_classes re… | |
| CVE-2026-8874 | HIGH | 7.1 | 2026-06-03 | Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpo… | |
| CVE-2026-8876 | HIGH | 7.3 | 2026-06-03 | Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention… | |
| CVE-2026-8878 | HIGH | 7.5 | 2026-06-03 | Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated access to sensitive data. The exposed information co… | |
| CVE-2026-8879 | HIGH | 7.5 | 2026-06-03 | Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts() at runtime. This scri… | |
| CVE-2026-8881 | HIGH | 7.5 | 2026-06-03 | Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a si… | |
| CVE-2026-8888 | HIGH | 7.5 | 2026-06-03 | Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() witho… | |
| CVE-2026-8889 | HIGH | 7.5 | 2026-06-03 | Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching (25,020 hashes) and CIPA blocklist matching (12,352 hashes). | |
| CVE-2026-10766 | LOW | 3.6 | 2026-06-03 | A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculate_dataframe_hash of the file mlrun/utils/helpers.py of the c… | |
| CVE-2026-26824 | MEDIUM | Patched | 6.5 | 2026-06-03 | libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table (MSAT… |
| CVE-2026-26825 | MEDIUM | 5.3 | 2026-06-03 | A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xls_parseWorkBook() and is triggered by unin… | |
| CVE-2026-37700 | MEDIUM | 4.1 | 2026-06-03 | Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by admin_page | |
| CVE-2026-40495 | NONE | — | 2026-06-03 | FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system version through asset cache buster parameters in HTML… | |
| CVE-2026-42061 | HIGH | 7.3 | 2026-06-03 | Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.… | |
| CVE-2026-43924 | NONE | — | 2026-06-03 | FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Redirect module does not validate the URL scheme of administrator-confi… | |
| CVE-2026-44609 | HIGH | 7.3 | 2026-06-03 | Local privilege escalation due to EXE hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227. | |
| CVE-2026-44682 | HIGH | 7.3 | 2026-06-03 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227. | |
| CVE-2026-50033 | HIGH | 7.3 | 2026-06-03 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227. | |
| CVE-2026-10771 | HIGH | 7.3 | 2026-06-03 | A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTempl… | |
| CVE-2026-22054 | NONE | — | 2026-06-03 | Active IQ Config Advisor version 6.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport op… |