Search
59,872 CVEs
CVEs (59,872, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 351–375 of 59,872 (capped at 500)
| CVE ID | Severity ↓ | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-21036 | NONE | — | 2026-06-05 | Improper authorization in Samsung Internet prior to version 30.0.0.39 allows local attackers to access sensitive information. | |
| CVE-2026-21037 | NONE | — | 2026-06-05 | Improper input validation in Samsung Members prior to version 5.8.01.5 allows local attackers to access arbitrary URL and launch arbitrary activity with Samsung Members privilege. | |
| CVE-2026-21038 | NONE | — | 2026-06-05 | Improper input validation in Samsung Android USB Driver for Windows prior to version 1.9.5.0 allows local attacker to access out-of-bounds memory. | |
| CVE-2026-50265 | NONE | — | 2026-06-05 | Rejected reason: This CVE ID was assigned as a duplicate of CVE-2026-50292 | |
| CVE-2026-11347 | NONE | — | 2026-06-05 | The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initia… | |
| CVE-2026-48907 | NONE | — | 2026-06-05 | A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution. | |
| CVE-2026-11326 | NONE | Patched | — | 2026-06-05 | OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on *.openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be … |
| CVE-2026-41522 | NONE | Patched | — | 2026-06-04 | Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional Gr… |
| CVE-2026-48480 | NONE | — | 2026-06-04 | The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does n… | |
| CVE-2026-41235 | NONE | — | 2026-06-04 | Froxlor is open source server administration software. Version 2.3.6 lets administrators configure `system.available_shells` as the approved shell list that customers may a… | |
| CVE-2026-41237 | NONE | — | 2026-06-04 | Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses `\s+` which matches newlines (allowing embedded newlines to p… | |
| CVE-2026-7774 | NONE | — | 2026-06-04 | tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the inten… | |
| CVE-2026-45287 | NONE | — | 2026-06-04 | OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, `go.opentelemetry.io/otel/schema/v1.0` and `go.opentelemetry.io/otel/schema/v1.1` leaks… | |
| CVE-2026-10868 | NONE | — | 2026-06-04 | A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of user-supplied fields in UsersController::edit(). When processing… | |
| CVE-2026-41065 | NONE | — | 2026-06-04 | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 are vulnerable to remote code execution via the newsletter custom te… | |
| CVE-2026-8762 | NONE | — | 2026-06-04 | Rejected reason: After analysis, the originally reported behaviour was determined not to constitute a security vulnerability. The findings were parser-strictness defects wi… | |
| CVE-2026-43926 | NONE | — | 2026-06-04 | FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint `/client/reset-password-confirm/:h… | |
| CVE-2026-45433 | NONE | — | 2026-06-04 | This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacker could exploit this vuln… | |
| CVE-2026-40605 | NONE | — | 2026-06-04 | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.1, a path traversal vulnerability in the cache deletion endpoint allows… | |
| CVE-2026-45431 | NONE | — | 2026-06-04 | This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authen… | |
| CVE-2026-45432 | NONE | — | 2026-06-04 | This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could… | |
| CVE-2025-12694 | NONE | — | 2026-06-04 | A local privilege escalation vulnerability exists in Forcepoint VPN Client that allows a local non-administrative user to escalate privileges to SYSTEM. This issue affects … | |
| CVE-2026-4881 | NONE | — | 2026-06-04 | In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain A… | |
| CVE-2026-2596 | NONE | — | 2026-06-03 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |
| CVE-2026-22054 | NONE | — | 2026-06-03 | Active IQ Config Advisor version 6.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport op… |