Search
1,557 CVEs
CVEs (1,557, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 426–450 of 1,557 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↑ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-21017 | MEDIUM | 5.5 | 2026-06-05 | Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files. | |
| CVE-2026-21025 | MEDIUM | 5.5 | 2026-06-05 | Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information. | |
| CVE-2025-70100 | MEDIUM | 5.5 | 2026-06-03 | A divide-by-zero vulnerability in the ext4_block_set_lb_size function in src/ext4_blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by pr… | |
| CVE-2026-10688 | MEDIUM | 5.5 | 2026-06-02 | A vulnerability was determined in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The impacted element is the function execute_blender_code of the file… | |
| CVE-2026-45676 | MEDIUM | Patched | 5.5 | 2026-06-02 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI's replacement ELF parser trusts section of… |
| CVE-2025-5085 | MEDIUM | 5.5 | 2026-06-02 | The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrole_link’ parameter in all versions up to, and including, 1.31 due to insuffi… | |
| CVE-2026-43965 | NONE | — | 2026-06-02 | Path traversal vulnerability in Gleam's dependency management allows arbitrary directory deletion via malicious build/packages/packages.toml content. Package keys read fro… | |
| CVE-2026-25624 | MEDIUM | Patched | 5.7 | 2026-06-05 | An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firew… |
| CVE-2026-40605 | NONE | — | 2026-06-04 | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.1, a path traversal vulnerability in the cache deletion endpoint allows… | |
| CVE-2026-41918 | MEDIUM | 5.7 | 2026-06-02 | A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V4.0). The affected applications stores sensitive information in the browser cache… | |
| CVE-2026-7473 | MEDIUM | 5.8 | 2026-06-05 | On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsul… | |
| CVE-2026-46447 | MEDIUM | Patched | 5.8 | 2026-06-03 | OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info. |
| CVE-2026-2379 | MEDIUM | 5.9 | 2026-06-05 | On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical in… | |
| CVE-2026-21038 | NONE | — | 2026-06-05 | Improper input validation in Samsung Android USB Driver for Windows prior to version 1.9.5.0 allows local attacker to access out-of-bounds memory. | |
| CVE-2026-11238 | MEDIUM | Patched | 5.9 | 2026-06-05 | Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to obtain potenti… |
| CVE-2026-11199 | MEDIUM | Patched | 5.9 | 2026-06-04 | Inappropriate implementation in WebRTC in Google Chrome prior to 149.0.7827.53 allowed an attacker in a privileged network position to leak cross-origin data via malicious … |
| CVE-2023-5502 | MEDIUM | 5.9 | 2026-06-04 | On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, and routing enabled on the access VLAN of the ports, a malicious s… | |
| CVE-2026-48681 | MEDIUM | Patched | 5.9 | 2026-06-04 | OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image. |
| CVE-2026-36610 | MEDIUM | 5.9 | 2026-06-03 | Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding. The firmware contains no TLS implementati… | |
| CVE-2026-36616 | MEDIUM | 5.9 | 2026-06-03 | Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded… | |
| CVE-2026-42320 | NONE | Patched | — | 2026-06-03 | GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 10.0.25 and 11.0.7, a technician can read arbitrary files inside the… |
| CVE-2023-52951 | MEDIUM | Patched | 5.9 | 2026-06-03 | A cleartext transmission of sensitive information vulnerability in Synology Note Station Client before 2.2.4-703 allows man-in-the-middle attackers to obtain user credential. |
| CVE-2026-25861 | MEDIUM | Patched | 5.9 | 2026-06-02 | QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the… |
| CVE-2026-48682 | MEDIUM | 5.9 | 2026-06-02 | FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the IPv4 packet parser. In src/simple_packet_parser_ng.cpp, after validating that the packet co… | |
| CVE-2026-10584 | MEDIUM | Patched | 5.9 | 2026-06-02 | Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when certificate files are missing, which might allow remote threat actors to obtain sensitive information vi… |