Search
6,811 CVEs
CVEs (6,811, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 426–450 of 6,811 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2026-43876 | MEDIUM | 6.4 | 2026-05-11 | WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/notifySubscribers.json.php takes the raw message POST parameter and passes it in… | |
| CVE-2026-43877 | MEDIUM | 5.4 | 2026-05-11 | WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/userSavePhoto.php is a legacy profile-photo endpoint that accepts a base64 POST … | |
| CVE-2026-43878 | MEDIUM | 6.1 | 2026-05-11 | WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/Meet/iframe.php echoes the attacker-controlled user and pass query parameters une… | |
| CVE-2026-43879 | MEDIUM | 5.4 | 2026-05-11 | WWBN AVideo is an open source video platform. In versions up to and including 29.0, an authenticated user can configure their own donation-notification webhook URL to point… | |
| CVE-2026-43880 | MEDIUM | 5.3 | 2026-05-11 | WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/sendEmail.json.php exposes two branches depending on whether contactForm=1 is su… | |
| CVE-2026-43881 | MEDIUM | 5.3 | 2026-05-11 | WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/users.json.php exposes two unauthenticated paths that disclose the full set of r… | |
| CVE-2026-43882 | MEDIUM | 4.3 | 2026-05-11 | WWBN AVideo is an open source video platform. In versions up to and including 29.0, the unauthenticated plugin/Scheduler/downloadICS.php endpoint passes attacker-controlled… | |
| CVE-2026-43883 | MEDIUM | 4.2 | 2026-05-11 | WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/PayPalYPT/agreementCancel.json.php cancels a PayPal billing agreement using an at… | |
| CVE-2026-43884 | HIGH | 7.7 | 2026-05-11 | WWBN AVideo is an open source video platform. In versions up to and including 29.0, two endpoints (plugin/AI/receiveAsync.json.php and objects/EpgParser.php) in AVideo call… | |
| CVE-2026-43885 | NONE | — | 2026-05-11 | WWBN AVideo is an open source video platform. In versions up to and including 29.0, an unauthenticated user can read APISecret from objects/plugins.json.php and use it to c… | |
| CVE-2026-43886 | HIGH | Patched | 8.2 | 2026-05-11 | Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.6.1, a logic error in OAuthInterface.validateScope() uses Array.some() to validate reques… |
| CVE-2026-43887 | HIGH | Patched | 7.3 | 2026-05-11 | Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.6.1, the Outline comment section permits users to mention other users; however, the backe… |
| CVE-2026-43888 | HIGH | Patched | 8.7 | 2026-05-11 | Outline is a service that allows for collaborative documentation. Prior to 1.7.0, ZipHelper.extract computes the extraction path for each entry by passing a full filesystem… |
| CVE-2026-43889 | MEDIUM | Patched | 6.5 | 2026-05-11 | Outline is a service that allows for collaborative documentation. Prior to 1.7.0, the shares.create API accepts both collectionId and documentId simultaneously and, when pu… |
| CVE-2026-43890 | HIGH | Patched | 7.7 | 2026-05-11 | Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.7.0, the subscriptions.create API endpoint in server/routes/api/subscriptions/subscriptio… |
| CVE-2026-43893 | HIGH | Patched | 8.2 | 2026-05-11 | exiftool-vendored provides cross-platform Node.js access to ExifTool. Prior to 35.19.0, exiftool-vendored starts ExifTool in -stay_open True -@ - mode, where arguments are … |
| CVE-2026-43897 | NONE | Patched | — | 2026-05-11 | Link Preview JS extracts web links information. Prior to 4.0.1, the library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be … |
| CVE-2026-44695 | MEDIUM | Patched | 5.8 | 2026-05-11 | Outline is a service that allows for collaborative documentation. Prior to 1.7.1, the Slack integration callback for GET /auth/slack.post accepts an unsigned, session-indep… |
| CVE-2026-7010 | MEDIUM | Patched | 6.5 | 2026-05-11 | HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the r… |
| CVE-2026-8344 | MEDIUM | 6.3 | 2026-05-11 | A weakness has been identified in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this vulnerability is the function sub_445E7C of the file /goform/formDMZ.cgi. This man… | |
| CVE-2026-34962 | MEDIUM | Patched | 6.2 | 2026-05-11 | barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4_common.c where the ext4fs_iterate_dir() function fai… |
| CVE-2026-34963 | HIGH | Patched | 8.4 | 2026-05-11 | barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size comp… |
| CVE-2026-42554 | MEDIUM | Patched | 6.1 | 2026-05-11 | Fiber is a web framework for Go. Prior to 2.52.12 and 3.1.0, Cross-Site Scripting vulnerability in Go Fiber allows a remote attacker to inject arbitrary HTML/JavaScript by … |
| CVE-2026-43899 | CRITICAL | Patched | 9.6 | 2026-05-11 | DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, An incomplete mitigation for CVE-2025-5573… |
| CVE-2026-43900 | CRITICAL | Patched | 9.3 | 2026-05-11 | DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, a Cross-Site Scripting (XSS) vulnerability… |