Search
1,557 CVEs
CVEs (1,557, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 376–400 of 1,557 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↑ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-41178 | MEDIUM | 5.3 | 2026-06-04 | OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes `Parse` to process arbitrarily large/inval… | |
| CVE-2026-47707 | MEDIUM | Patched | 5.3 | 2026-06-04 | Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.172.0 through0.315.6, the MaxAliasesLimiter extension in Strawberry fails to account for the multip… |
| CVE-2026-47706 | MEDIUM | Patched | 5.3 | 2026-06-04 | Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due… |
| CVE-2026-49077 | MEDIUM | 5.3 | 2026-06-04 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded Sensitive Data. This iss… | |
| CVE-2026-50226 | MEDIUM | Patched | 5.3 | 2026-06-04 | Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to l… |
| CVE-2026-10597 | MEDIUM | 5.3 | 2026-06-04 | OMICARD EDM developed by ITPison has a Insecure Direct Object Reference vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to obtain us… | |
| CVE-2026-22054 | NONE | — | 2026-06-03 | Active IQ Config Advisor version 6.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport op… | |
| CVE-2026-22055 | NONE | — | 2026-06-03 | Active IQ OneCollect version 2.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations. | |
| CVE-2026-26825 | MEDIUM | 5.3 | 2026-06-03 | A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xls_parseWorkBook() and is triggered by unin… | |
| CVE-2026-44545 | MEDIUM | Patched | 5.3 | 2026-06-03 | daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because Autobahn defaults both values to 0 (unlimited), … |
| CVE-2026-5078 | MEDIUM | Patched | 5.3 | 2026-06-03 | Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without ne… |
| CVE-2026-42507 | MEDIUM | 5.3 | 2026-06-02 | When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to err… | |
| CVE-2026-10650 | MEDIUM | 5.3 | 2026-06-02 | A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lws_ssh_parse_plaintext of the file plugins/protocol_lws_ssh_base/sshd.c of the … | |
| CVE-2026-45289 | MEDIUM | Patched | 5.3 | 2026-06-02 | CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing vali… |
| CVE-2026-40571 | NONE | — | 2026-06-02 | NamelessMC is website software for Minecraft servers. In version 2.2.4, `core/classes/Misc/ProfilePostReactionContext.php` only verifies that the wall post exists and does … | |
| CVE-2026-35443 | NONE | — | 2026-06-02 | NamelessMC is website software for Minecraft servers. In version 2.2.4, `modules/Forum/classes/ForumPostReactionContext.php` only verifies that the caller can view the foru… | |
| CVE-2026-35447 | NONE | Patched | — | 2026-06-02 | NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page (modules/Core/pages/profile.php) processes wall post submissions and replies before… |
| CVE-2026-9590 | MEDIUM | Patched | 5.3 | 2026-06-02 | Improper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user with entry edit privileges to modify… |
| CVE-2026-45554 | MEDIUM | Patched | 5.3 | 2026-06-02 | NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may r… |
| CVE-2026-38978 | MEDIUM | 5.3 | 2026-06-02 | transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths. | |
| CVE-2026-10549 | NONE | — | 2026-06-02 | LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting i… | |
| CVE-2025-53302 | MEDIUM | 5.3 | 2026-06-02 | Missing Authorization vulnerability in Anton Shevchuk Constructor allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Constructor: from n/a… | |
| CVE-2026-10566 | MEDIUM | 5.3 | 2026-06-02 | A weakness has been identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function Message.check_instruct_content of the file metagpt/schema.py. Executing a … | |
| CVE-2026-10548 | MEDIUM | 5.3 | 2026-06-02 | A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.23. This affects the function _sync_anthropic_entry_from_credentials_file of the file agent/cr… | |
| CVE-2026-11533 | MEDIUM | 5.4 | 2026-06-08 | A security vulnerability has been detected in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this vulnerability is an unknow… |