Search
153,531 CVEs · Medium severity
CVEs (153,531, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 376–400 of 153,531 (capped at 500)
| CVE ID | Severity ↓ | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-36175 | MEDIUM | 6.8 | 2026-06-04 | An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access via interrupting the boot sequence … | |
| CVE-2026-36178 | MEDIUM | 4.6 | 2026-06-04 | The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to rec… | |
| CVE-2026-36180 | MEDIUM | 4.6 | 2026-06-04 | A lack of runtime integrity in GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass file system read-only protections and modify system files and binaries for t… | |
| CVE-2026-10860 | MEDIUM | Patched | 6.5 | 2026-06-04 | A logic error in the MISP CRUD component delete handler allowed validation failures to be bypassed when requests used the HTTP DELETE method. Due to missing parentheses in … |
| CVE-2026-10864 | MEDIUM | Patched | 4.3 | 2026-06-04 | A vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the fields option and influence which fields were returned by the New Users and Ne… |
| CVE-2026-10811 | MEDIUM | 6.3 | 2026-06-04 | A security vulnerability has been detected in itsourcecode Fees Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /receipt.php. … | |
| CVE-2026-10861 | MEDIUM | Patched | 6.1 | 2026-06-04 | An open redirect vulnerability existed in MISP UsersController::routeafterlogin() because the value stored in the pre_login_requested_url session key was used as the post-l… |
| CVE-2026-10808 | MEDIUM | 6.3 | 2026-06-04 | A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown function of the file /manage_student.php. The manipulation of the argumen… | |
| CVE-2026-10809 | MEDIUM | 6.3 | 2026-06-04 | A security flaw has been discovered in itsourcecode Fees Management System 1.0. This impacts an unknown function of the file /manage_user.php. The manipulation of the argum… | |
| CVE-2026-10810 | MEDIUM | 4.3 | 2026-06-04 | A weakness has been identified in itsourcecode Fees Management System up to 1.0. Affected is an unknown function of the file /navbar.php. This manipulation of the argument … | |
| CVE-2026-10854 | MEDIUM | Patched | 4.3 | 2026-06-04 | A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event templ… |
| CVE-2026-10855 | MEDIUM | Patched | 4.3 | 2026-06-04 | An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application checked whether a … |
| CVE-2026-10856 | MEDIUM | Patched | 6.1 | 2026-06-04 | A URL validation flaw in the MISP dashboard button widget allowed a crafted relative-looking URL to be accepted as a local path while being interpreted by browsers as an ex… |
| CVE-2026-10806 | MEDIUM | 6.3 | 2026-06-04 | A vulnerability was found in mjperpinosa stumasy. The affected element is an unknown function of the file application/PHP/objects/updates/add_post.php. Performing a manipul… | |
| CVE-2026-10807 | MEDIUM | 6.3 | 2026-06-04 | A vulnerability was determined in mjperpinosa stumasy. The impacted element is an unknown function of the file application/PHP/objects/profiles/change_profile_image.php. Ex… | |
| CVE-2019-25742 | MEDIUM | 6.4 | 2026-06-04 | WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Ad… | |
| CVE-2019-25743 | MEDIUM | 6.4 | 2026-06-04 | WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script … | |
| CVE-2019-25744 | MEDIUM | 6.4 | 2026-06-04 | WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of opt… | |
| CVE-2019-25739 | MEDIUM | 6.4 | 2026-06-04 | GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal d… | |
| CVE-2019-25740 | MEDIUM | 6.5 | 2026-06-04 | Joomla com_jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. A… | |
| CVE-2019-25734 | MEDIUM | 4.0 | 2026-06-04 | Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary … | |
| CVE-2026-10802 | MEDIUM | 4.3 | 2026-06-04 | A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.t… | |
| CVE-2025-52606 | MEDIUM | 4.3 | 2026-06-04 | HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is … | |
| CVE-2026-49077 | MEDIUM | 5.3 | 2026-06-04 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded Sensitive Data. This iss… | |
| CVE-2026-50224 | MEDIUM | Patched | 4.9 | 2026-06-04 | The web administration panel binds broadly to the public IPv6 address space on port [::]:8080 without default firewall limits, making internal API endpoints reachable over the WAN. |