Search
1,557 CVEs
CVEs (1,557, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 401–425 of 1,557 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↑ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-7186 | MEDIUM | 5.4 | 2026-06-08 | Stored cross-site scripting in the URL dashboard widget in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows a user with dashboard editing permissions t… | |
| CVE-2026-11569 | MEDIUM | 5.4 | 2026-06-08 | A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious … | |
| CVE-2026-11467 | MEDIUM | 5.4 | 2026-06-08 | A security vulnerability has been detected in jishenghua jshERP up to 3.6. This vulnerability affects the function addAccountHeadAndDetail of the file jshERP-boot/src/main/… | |
| CVE-2026-11466 | MEDIUM | 5.4 | 2026-06-07 | A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collection_router.p… | |
| CVE-2026-50591 | MEDIUM | Patched | 5.4 | 2026-06-05 | In Znuny LTS before 6.5.21 and Znuny before 7.3.3, XSS can occur via stored user preferences. |
| CVE-2026-11243 | MEDIUM | Patched | 5.4 | 2026-06-05 | Inappropriate implementation in Downloads in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chro… |
| CVE-2026-11232 | MEDIUM | 5.4 | 2026-06-04 | Inappropriate implementation in TabGroups in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium … | |
| CVE-2026-11157 | MEDIUM | Patched | 5.4 | 2026-06-04 | Script injection in Accessibility in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scri… |
| CVE-2026-10984 | MEDIUM | Patched | 5.4 | 2026-06-04 | Inappropriate implementation in Accessibility in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (… |
| CVE-2026-42547 | MEDIUM | 5.4 | 2026-06-04 | IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for … | |
| CVE-2026-40930 | MEDIUM | 5.4 | 2026-06-04 | LIBPNG is a reference library for use in applications that process PNG (Portable Network Graphics) raster image files. In version 1.8.0, three inter-frame chunk discard pat… | |
| CVE-2026-49192 | MEDIUM | Patched | 5.4 | 2026-06-04 | The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping. |
| CVE-2026-26378 | MEDIUM | Patched | 5.4 | 2026-06-03 | Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features |
| CVE-2026-33244 | MEDIUM | Patched | 5.4 | 2026-06-02 | React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP `Location` h… |
| CVE-2026-9522 | MEDIUM | Patched | 5.4 | 2026-06-02 | Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without administrative privileges to d… |
| CVE-2026-34460 | MEDIUM | Patched | 5.4 | 2026-06-02 | NamelessMC is website software for Minecraft servers. In versions 2.2.4 and prior, the OAuth callback handling does not validate the state parameter server-side before exch… |
| CVE-2026-49782 | MEDIUM | 5.4 | 2026-06-02 | Missing Authorization vulnerability in Elementor Elementor Website Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elem… | |
| CVE-2026-27351 | MEDIUM | 5.4 | 2026-06-02 | Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from … | |
| CVE-2026-5191 | MEDIUM | 5.4 | 2026-06-02 | The Tiled Gallery Carousel Without JetPack plugin for WordPress is vulnerable to stored cross-site scripting via the 'data-image-title' parameter in all versions up to, and… | |
| CVE-2026-45581 | MEDIUM | Patched | 5.5 | 2026-06-08 | fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs. From version 2.3.1 to before version 2.5.10, when chaincode is deployed in c… |
| CVE-2026-11516 | MEDIUM | 5.5 | 2026-06-08 | A vulnerability was found in UTT HiPER 2610G up to 3.0.0-171107. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the arg… | |
| CVE-2026-50262 | MEDIUM | 5.5 | 2026-06-05 | An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled … | |
| CVE-2026-50263 | MEDIUM | 5.5 | 2026-06-05 | A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and f… | |
| CVE-2026-21026 | MEDIUM | 5.5 | 2026-06-05 | Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information. | |
| CVE-2026-21028 | MEDIUM | 5.5 | 2026-06-05 | Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information. |