Search
127,912 CVEs · High severity
CVEs (127,912, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 351–375 of 127,912 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↓ | Description |
|---|---|---|---|---|---|
| CVE-2026-49190 | HIGH | Patched | 8.8 | 2026-06-04 | The system fails to evaluate instructional permissions over multiple internal operation codes (opcodes), permitting unauthorized application installations or command executions. |
| CVE-2026-49189 | HIGH | Patched | 7.8 | 2026-06-04 | Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations. |
| CVE-2026-49187 | HIGH | Patched | 7.5 | 2026-06-04 | The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse. |
| CVE-2026-41010 | HIGH | Patched | 8.2 | 2026-06-04 | ReleaseJob#unpack builds job_dir = File.join(@release_dir, 'jobs', name) and job_tgz = File.join(@release_dir, 'jobs', "#{name}.tgz") where name returns @job_meta['name'], … |
| CVE-2026-8829 | HIGH | Patched | 7.5 | 2026-06-04 | HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities. The XS routine backing HTML::Entities::_decode_entities cached a pointer (repl) in… |
| CVE-2026-41860 | HIGH | Patched | 8.8 | 2026-06-04 | CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM. HttpRequestHelper#create_async_endpoint and #send_http_get_… |
| CVE-2026-41859 | HIGH | Patched | 7.8 | 2026-06-04 | A network man-in-the-middle between nats-sync and the BOSH director can steal the director credentials (Basic auth header or UAA client secret) and can tamper with the VM l… |
| CVE-2026-41858 | HIGH | Patched | 7.5 | 2026-06-04 | Weak Randomness / Insecure Cryptographic Primitive (CWE-338) in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a network attacker to estimate VM bo… |
| CVE-2026-41011 | HIGH | Patched | 8.2 | 2026-06-04 | PackagePersister.validate_tgz builds "tar -tf #{tgz} 2>&1" where tgz = File.join(release_dir, 'packages', "#{name}.tgz") and name = package_meta['name'] comes directly from… |
| CVE-2026-10737 | HIGH | 7.5 | 2026-06-04 | The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the view_file function in all versions up t… | |
| CVE-2026-10777 | HIGH | 7.3 | 2026-06-03 | A vulnerability was identified in ealpha072 Student-Management-System up to 01451bd7a2f58cdda07bd0b86e3967582e3ecd08. Affected by this issue is some unknown functionality o… | |
| CVE-2026-10771 | HIGH | 7.3 | 2026-06-03 | A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTempl… | |
| CVE-2026-50033 | HIGH | 7.3 | 2026-06-03 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227. | |
| CVE-2026-44682 | HIGH | 7.3 | 2026-06-03 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227. | |
| CVE-2026-44609 | HIGH | 7.3 | 2026-06-03 | Local privilege escalation due to EXE hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227. | |
| CVE-2026-42061 | HIGH | 7.3 | 2026-06-03 | Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.… | |
| CVE-2026-8889 | HIGH | 7.5 | 2026-06-03 | Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching (25,020 hashes) and CIPA blocklist matching (12,352 hashes). | |
| CVE-2026-8888 | HIGH | 7.5 | 2026-06-03 | Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() witho… | |
| CVE-2026-8881 | HIGH | 7.5 | 2026-06-03 | Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a si… | |
| CVE-2026-8879 | HIGH | 7.5 | 2026-06-03 | Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts() at runtime. This scri… | |
| CVE-2026-8878 | HIGH | 7.5 | 2026-06-03 | Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated access to sensitive data. The exposed information co… | |
| CVE-2026-8876 | HIGH | 7.3 | 2026-06-03 | Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention… | |
| CVE-2026-8874 | HIGH | 7.1 | 2026-06-03 | Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpo… | |
| CVE-2026-46273 | HIGH | 8.6 | 2026-06-03 | In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapters on Power systems do not support… | |
| CVE-2026-46271 | HIGH | 7.8 | 2026-06-03 | In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: do WoW offloads only on primary link In case of multi-link connection, WCN7850 firmware … |