Search
153,552 CVEs · Medium severity
CVEs (153,552, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 401–425 of 153,552 (capped at 500)
| CVE ID | Severity ↑ | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-10864 | MEDIUM | Patched | 4.3 | 2026-06-04 | A vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the fields option and influence which fields were returned by the New Users and Ne… |
| CVE-2026-10811 | MEDIUM | 6.3 | 2026-06-04 | A security vulnerability has been detected in itsourcecode Fees Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /receipt.php. … | |
| CVE-2026-10861 | MEDIUM | Patched | 6.1 | 2026-06-04 | An open redirect vulnerability existed in MISP UsersController::routeafterlogin() because the value stored in the pre_login_requested_url session key was used as the post-l… |
| CVE-2026-10808 | MEDIUM | 6.3 | 2026-06-04 | A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown function of the file /manage_student.php. The manipulation of the argumen… | |
| CVE-2026-10809 | MEDIUM | 6.3 | 2026-06-04 | A security flaw has been discovered in itsourcecode Fees Management System 1.0. This impacts an unknown function of the file /manage_user.php. The manipulation of the argum… | |
| CVE-2026-10810 | MEDIUM | 4.3 | 2026-06-04 | A weakness has been identified in itsourcecode Fees Management System up to 1.0. Affected is an unknown function of the file /navbar.php. This manipulation of the argument … | |
| CVE-2026-10854 | MEDIUM | Patched | 4.3 | 2026-06-04 | A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event templ… |
| CVE-2026-10855 | MEDIUM | Patched | 4.3 | 2026-06-04 | An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application checked whether a … |
| CVE-2026-10856 | MEDIUM | Patched | 6.1 | 2026-06-04 | A URL validation flaw in the MISP dashboard button widget allowed a crafted relative-looking URL to be accepted as a local path while being interpreted by browsers as an ex… |
| CVE-2026-10806 | MEDIUM | 6.3 | 2026-06-04 | A vulnerability was found in mjperpinosa stumasy. The affected element is an unknown function of the file application/PHP/objects/updates/add_post.php. Performing a manipul… | |
| CVE-2026-10807 | MEDIUM | 6.3 | 2026-06-04 | A vulnerability was determined in mjperpinosa stumasy. The impacted element is an unknown function of the file application/PHP/objects/profiles/change_profile_image.php. Ex… | |
| CVE-2019-25742 | MEDIUM | 6.4 | 2026-06-04 | WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Ad… | |
| CVE-2019-25743 | MEDIUM | 6.4 | 2026-06-04 | WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script … | |
| CVE-2019-25744 | MEDIUM | 6.4 | 2026-06-04 | WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of opt… | |
| CVE-2019-25739 | MEDIUM | 6.4 | 2026-06-04 | GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal d… | |
| CVE-2019-25740 | MEDIUM | 6.5 | 2026-06-04 | Joomla com_jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. A… | |
| CVE-2019-25734 | MEDIUM | 4.0 | 2026-06-04 | Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary … | |
| CVE-2026-10802 | MEDIUM | 4.3 | 2026-06-04 | A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.t… | |
| CVE-2025-52606 | MEDIUM | 4.3 | 2026-06-04 | HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is … | |
| CVE-2026-49077 | MEDIUM | 5.3 | 2026-06-04 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded Sensitive Data. This iss… | |
| CVE-2026-50224 | MEDIUM | Patched | 4.9 | 2026-06-04 | The web administration panel binds broadly to the public IPv6 address space on port [::]:8080 without default firewall limits, making internal API endpoints reachable over the WAN. |
| CVE-2026-50226 | MEDIUM | Patched | 5.3 | 2026-06-04 | Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to l… |
| CVE-2026-8916 | MEDIUM | 6.1 | 2026-06-04 | Out-of-bounds write vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before dcfde72eae1b0464dc0dd760aec00ada6a148635. | |
| CVE-2026-47318 | MEDIUM | 6.1 | 2026-06-04 | Stack-based buffer overflow vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before ce72b35a7ad0dded03051d3aa0ef75321c3bd035. | |
| CVE-2026-47319 | MEDIUM | Patched | 6.1 | 2026-06-04 | Memory allocation with excessive size value vulnerability in Samsung Open Source rlottie allows Excessive Allocation. This issue affects rlottie: before 0b4e308fa88c72cbb6… |