Search
7,815 CVEs · Medium severity
CVEs (7,815, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 401–425 of 7,815 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↓ | Description |
|---|---|---|---|---|---|
| CVE-2026-50226 | MEDIUM | Patched | 5.3 | 2026-06-04 | Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to l… |
| CVE-2026-50224 | MEDIUM | Patched | 4.9 | 2026-06-04 | The web administration panel binds broadly to the public IPv6 address space on port [::]:8080 without default firewall limits, making internal API endpoints reachable over the WAN. |
| CVE-2026-49510 | MEDIUM | 6.1 | 2026-06-04 | Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Integer Attacks. This issue affects rlottie: before 21292665023e5074b38254432716866d00f1985f. | |
| CVE-2026-47320 | MEDIUM | 6.1 | 2026-06-04 | Access of uninitialized pointer, Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Pointer Manipulation, Oversized Serialized Data Payloads. This … | |
| CVE-2026-47319 | MEDIUM | Patched | 6.1 | 2026-06-04 | Memory allocation with excessive size value vulnerability in Samsung Open Source rlottie allows Excessive Allocation. This issue affects rlottie: before 0b4e308fa88c72cbb6… |
| CVE-2026-47318 | MEDIUM | 6.1 | 2026-06-04 | Stack-based buffer overflow vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before ce72b35a7ad0dded03051d3aa0ef75321c3bd035. | |
| CVE-2026-47306 | MEDIUM | 6.1 | 2026-06-04 | Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Oversized Serialized Data Payloads. This issue affects rlottie: before e2d19e3b150e0e4a9586fa90b… | |
| CVE-2026-10305 | MEDIUM | Patched | 6.1 | 2026-06-04 | Out-of-bounds read vulnerability in Samsung Open Source rlottie allows Overread Buffers. This issue affects rlottie: before 223a2a41ba4f462e4abe767bebba49a366c9b9fd. |
| CVE-2026-50212 | MEDIUM | Patched | 6.5 | 2026-06-04 | Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endpoints, causing severe denial of service. |
| CVE-2026-50206 | MEDIUM | Patched | 6.8 | 2026-06-04 | Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files. |
| CVE-2026-49204 | MEDIUM | Patched | 6.5 | 2026-06-04 | Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation. |
| CVE-2026-49192 | MEDIUM | Patched | 5.4 | 2026-06-04 | The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping. |
| CVE-2026-50219 | MEDIUM | Patched | 4.9 | 2026-06-04 | libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in c… |
| CVE-2026-10805 | MEDIUM | 6.7 | 2026-06-04 | A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage D… | |
| CVE-2026-48681 | MEDIUM | Patched | 5.9 | 2026-06-04 | OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image. |
| CVE-2026-44917 | MEDIUM | Patched | 4.9 | 2026-06-04 | OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_template. |
| CVE-2026-10597 | MEDIUM | 5.3 | 2026-06-04 | OMICARD EDM developed by ITPison has a Insecure Direct Object Reference vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to obtain us… | |
| CVE-2026-8653 | MEDIUM | 6.5 | 2026-06-04 | The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'columns' parameter in all versions up to, and including, 4.8.20 due to ins… | |
| CVE-2026-7764 | MEDIUM | 6.8 | 2026-06-04 | An out-of-bounds read vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.12 allows an unauthenticated attack… | |
| CVE-2026-8722 | MEDIUM | Patched | 6.5 | 2026-06-04 | Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from … |
| CVE-2026-46447 | MEDIUM | Patched | 5.8 | 2026-06-03 | OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info. |
| CVE-2026-37700 | MEDIUM | 4.1 | 2026-06-03 | Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by admin_page | |
| CVE-2026-26825 | MEDIUM | 5.3 | 2026-06-03 | A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xls_parseWorkBook() and is triggered by unin… | |
| CVE-2026-26824 | MEDIUM | Patched | 6.5 | 2026-06-03 | libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table (MSAT… |
| CVE-2026-45702 | MEDIUM | Patched | 4.4 | 2026-06-03 | OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting i… |