Search
19,079 CVEs
CVEs (19,079, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 401–425 of 19,079 (capped at 500)
| CVE ID | Severity ↑ | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-46109 | NONE | — | 2026-05-28 | In the Linux kernel, the following vulnerability has been resolved: usb: ulpi: fix memory leak on ulpi_register() error paths Commit 01af542392b5 ("usb: ulpi: fix double … | |
| CVE-2026-46104 | NONE | — | 2026-05-28 | In the Linux kernel, the following vulnerability has been resolved: selinux: use sk blob accessor in socket permission helpers SELinux socket state lives in the composite… | |
| CVE-2026-46106 | NONE | — | 2026-05-28 | In the Linux kernel, the following vulnerability has been resolved: eventfs: Hold eventfs_mutex and SRCU when remount walks events Commit 340f0c7067a9 ("eventfs: Update a… | |
| CVE-2024-47097 | NONE | — | 2026-05-28 | Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter o… | |
| CVE-2024-47096 | NONE | — | 2026-05-28 | Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the showSupportExpir… | |
| CVE-2026-9806 | NONE | — | 2026-05-28 | A stored cross-site scripting (XSS) vulnerability exists in the notification panel of CTI Transmute in versions prior to the patched release. Notification messages containi… | |
| CVE-2026-32996 | NONE | — | 2026-05-28 | This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation. | |
| CVE-2026-32997 | NONE | — | 2026-05-28 | A vulnerability allowing an authenticated user with the Backup Administrator role to write arbitrary files on Linux-based Veeam Backup & Replication server. | |
| CVE-2026-32998 | NONE | — | 2026-05-28 | This vulnerability in Veeam Service Provider Console allows for remote code execution. | |
| CVE-2026-9789 | NONE | — | 2026-05-28 | A Local Privilege Escalation (LPE) vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the the PSAdminAgent service, wh… | |
| CVE-2026-9739 | NONE | — | 2026-05-27 | Vulnerable to DNS rebinding attacks when using SSE (http://b/499408790). During the beta phase, we implemented `allowed-origins` and `allowed-hosts` flags to align with MCP… | |
| CVE-2026-44720 | NONE | Patched | — | 2026-05-27 | OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to 2.0.4, a critical authentication vulnerability was identified in OpenLearnX that coul… |
| CVE-2026-47161 | NONE | — | 2026-05-27 | RELATE is a web-based courseware package. Prior to commit d66ba5659b459bf1ba56b7109b5f9ecf197cbefb, RELATE LMS configures its Celery workers to accept and deserialize untru… | |
| CVE-2026-44886 | NONE | Patched | — | 2026-05-27 | Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 2024-06-29 to before 2026-05-07, the web application endpoint is vulnerable to SQL injection. T… |
| CVE-2026-48148 | NONE | Patched | — | 2026-05-27 | Budibase is an open-source low-code platform. Prior to 3.35.3, the VectorDB configuration endpoint in Budibase accepts a host parameter that undergoes no validation agains… |
| CVE-2026-48128 | NONE | Patched | — | 2026-05-27 | Budibase is an open-source low-code platform. Prior to 3.39.0, the executeQuery automation step in Budibase accepts a queryId from automation step inputs and passes it dire… |
| CVE-2026-42553 | NONE | Patched | — | 2026-05-27 | Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes (for example in a DM) c… |
| CVE-2026-9712 | NONE | — | 2026-05-27 | When creating an export through the pretix API, API clients are returned an UUID value for their export job (a long, random string like 35742818-c375-4d15-839f-d49aecce94… | |
| CVE-2026-49103 | NONE | Patched | — | 2026-05-27 | Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs in mailboxes/detachall.cgi. |
| CVE-2026-44830 | NONE | Patched | — | 2026-05-27 | Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when API_TOKEN is unset or empty, the BearerTokenAuthMidd… |
| CVE-2026-46101 | NONE | — | 2026-05-27 | In the Linux kernel, the following vulnerability has been resolved: netfilter: reject zero shift in nft_bitwise Reject zero shift operands for nft_bitwise left and right … | |
| CVE-2026-46103 | NONE | — | 2026-05-27 | In the Linux kernel, the following vulnerability has been resolved: can: ucan: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources sho… | |
| CVE-2026-46095 | NONE | — | 2026-05-27 | In the Linux kernel, the following vulnerability has been resolved: md/md-llbitmap: raise barrier before state machine transition Move the barrier raise operation before … | |
| CVE-2026-46096 | NONE | — | 2026-05-27 | In the Linux kernel, the following vulnerability has been resolved: tpm2-sessions: Fix missing tpm_buf_destroy() in tpm2_read_public() tpm2_read_public() calls tpm_buf_in… | |
| CVE-2026-46097 | NONE | — | 2026-05-27 | In the Linux kernel, the following vulnerability has been resolved: Input: edt-ft5x06 - fix use-after-free in debugfs teardown The commit 68743c500c6e ("Input: edt-ft5x06… |