Search
19,628 CVEs · High severity
CVEs (19,628, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 351–375 of 19,628 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↓ | Description |
|---|---|---|---|---|---|
| CVE-2025-67448 | HIGH | 7.1 | 2026-06-04 | The SMS module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to stored XSS. The application does not properly sanitize user input in SMS messages before… | |
| CVE-2026-49942 | HIGH | Patched | 7.3 | 2026-06-04 | Net::CIDR::Set versions through 0.20 for Perl did not validate network masks. The mask portion of a network mask could contain Unicode digits such as the Arabic-Indic One … |
| CVE-2026-49941 | HIGH | Patched | 7.5 | 2026-06-04 | Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method called the _encode method to parse addresses. If the addresses did not look lik… |
| CVE-2026-46741 | HIGH | Patched | 7.5 | 2026-06-04 | Etsy::StatsD versions through 1.002002 for Perl allow metric injections. The metric names and values are not checked for newlines, colons or pipes. Metrics generated from … |
| CVE-2026-5228 | HIGH | 8.8 | 2026-06-04 | Improper Access Control, Missing Authorization vulnerability in Kurt Software Studio WriteUp Mobile App allows Accessing Functionality Not Properly Constrained by ACLs. Th… | |
| CVE-2026-44393 | HIGH | 7.4 | 2026-06-04 | An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when connecting to t… | |
| CVE-2026-43985 | HIGH | 8.8 | 2026-06-04 | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose `configUpdate` as a state-changing administrator endpoint, bu… | |
| CVE-2026-43984 | HIGH | 8.9 | 2026-06-04 | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose `log_js_errors` to any authenticated user, including guest us… | |
| CVE-2026-38570 | HIGH | 7.5 | 2026-06-04 | bacnet_stack 1.3.1 contains an Out-of-bounds Read in bacnet_tag_number_decode which allows attackers to cause a denial of service. | |
| CVE-2026-36176 | HIGH | 7.1 | 2026-06-04 | GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs (PUT requests) in plaintext to the serial console. This allows physically-proximate attackers t… | |
| CVE-2026-28318 | HIGH | Patched | 7.5 | 2026-06-04 | SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps a… |
| CVE-2026-10863 | HIGH | Patched | 8.1 | 2026-06-04 | A security issue was fixed in the correlations over-correlation endpoint where the order query parameter was accepted from user-controlled named request parameters. This al… |
| CVE-2025-59874 | HIGH | 8.1 | 2026-06-04 | HCL Hive Telco Observability is affected by a Required directives missing from the CSP issue is detected in keycloak component of the web application. Missing essential di… | |
| CVE-2025-46638 | HIGH | 7.5 | 2026-06-04 | Dell BSAFE SSL-J contains an allocation of resources without limits or throttling vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerabi… | |
| CVE-2019-25745 | HIGH | 8.2 | 2026-06-04 | WordPress Plugin Google Review Slider 6.1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by in… | |
| CVE-2019-25737 | HIGH | 7.2 | 2026-06-04 | Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the chat input fiel… | |
| CVE-2019-25736 | HIGH | 8.4 | 2026-06-04 | LabF nfsAxe 3.7 Ping Client contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the Host IP f… | |
| CVE-2019-25735 | HIGH | 8.4 | 2026-06-04 | AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an exces… | |
| CVE-2019-25733 | HIGH | 8.4 | 2026-06-04 | NetShareWatcher 1.5.8.0 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious i… | |
| CVE-2019-25732 | HIGH | 8.2 | 2026-06-04 | PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the … | |
| CVE-2019-25731 | HIGH | 7.2 | 2026-06-04 | Zuz Music 2.1 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious JavaScript by submitting crafted contact fo… | |
| CVE-2019-25730 | HIGH | 8.2 | 2026-06-04 | Listing Hub CMS 1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id… | |
| CVE-2019-25728 | HIGH | 8.2 | 2026-06-04 | Care2x 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by manipulating the ck_config cookie param… | |
| CVE-2019-25726 | HIGH | 8.2 | 2026-06-04 | All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code t… | |
| CVE-2026-10843 | HIGH | 7.2 | 2026-06-04 | A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive act… |