Search
153,552 CVEs · Medium severity
CVEs (153,552, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 376–400 of 153,552 (capped at 500)
| CVE ID | Severity ↑ | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-42547 | MEDIUM | 5.4 | 2026-06-04 | IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for … | |
| CVE-2026-11322 | MEDIUM | 6.5 | 2026-06-04 | Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files o… | |
| CVE-2024-6858 | MEDIUM | 6.5 | 2026-06-04 | In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN. | |
| CVE-2026-42329 | MEDIUM | 4.7 | 2026-06-04 | Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an atta… | |
| CVE-2026-42538 | MEDIUM | 6.3 | 2026-06-04 | IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploade… | |
| CVE-2026-5066 | MEDIUM | 6.3 | 2026-06-04 | A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem (subsys/net/lib/sockets/sockets_tls.c). When the TLS session cac… | |
| CVE-2026-5589 | MEDIUM | 6.3 | 2026-06-04 | An integer underflow in bt_mesh_sol_recv() in the Bluetooth Mesh solicitation handling (subsys/bluetooth/mesh/solicitation.c) leads to an out-of-bounds write. When CONFIG_B… | |
| CVE-2026-21404 | MEDIUM | 6.3 | 2026-06-04 | NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) implementation. If the SOAP functionality is enab… | |
| CVE-2026-36499 | MEDIUM | 6.5 | 2026-06-04 | A missing upper-bound check in the udpif_set_threads() function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler… | |
| CVE-2026-40898 | MEDIUM | Patched | 5.3 | 2026-06-04 | quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.59.1, an attacker can cause excessive memory allocation in quic-go's HTTP/3 client and server im… |
| CVE-2025-65640 | MEDIUM | 6.3 | 2026-06-04 | Cross Site Scripting (XSS) vulnerability in the "Task in Progress / Recent" page in Arket Globe Document Intelligence 5.0.0.559 due to improper sanitization of user input i… | |
| CVE-2026-41207 | MEDIUM | Patched | 5.3 | 2026-06-04 | The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDF_expand returns non-NULL on failure. The byte[] is filled with zer… |
| CVE-2026-49940 | MEDIUM | Patched | 6.5 | 2026-06-04 | Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks. Unicode digits such as the Arabic-Indic One (U+0661) were accepted but not proper… |
| CVE-2026-46739 | MEDIUM | Patched | 5.3 | 2026-06-04 | Net::Statsd versions before 0.13 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources… |
| CVE-2026-41178 | MEDIUM | 5.3 | 2026-06-04 | OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes `Parse` to process arbitrarily large/inval… | |
| CVE-2026-40930 | MEDIUM | 5.4 | 2026-06-04 | LIBPNG is a reference library for use in applications that process PNG (Portable Network Graphics) raster image files. In version 1.8.0, three inter-frame chunk discard pat… | |
| CVE-2026-10814 | MEDIUM | 4.5 | 2026-06-04 | A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoord/kv_catalog.go of the co… | |
| CVE-2026-10815 | MEDIUM | 6.3 | 2026-06-04 | A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file … | |
| CVE-2026-47707 | MEDIUM | Patched | 5.3 | 2026-06-04 | Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.172.0 through0.315.6, the MaxAliasesLimiter extension in Strawberry fails to account for the multip… |
| CVE-2026-47706 | MEDIUM | Patched | 5.3 | 2026-06-04 | Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due… |
| CVE-2026-36174 | MEDIUM | 4.6 | 2026-06-04 | GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-p… | |
| CVE-2026-36175 | MEDIUM | 6.8 | 2026-06-04 | An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access via interrupting the boot sequence … | |
| CVE-2026-36178 | MEDIUM | 4.6 | 2026-06-04 | The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to rec… | |
| CVE-2026-36180 | MEDIUM | 4.6 | 2026-06-04 | A lack of runtime integrity in GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass file system read-only protections and modify system files and binaries for t… | |
| CVE-2026-10860 | MEDIUM | Patched | 6.5 | 2026-06-04 | A logic error in the MISP CRUD component delete handler allowed validation failures to be bypassed when requests used the HTTP DELETE method. Due to missing parentheses in … |