Search
1,463 CVEs
CVEs (1,463, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 426–450 of 1,463 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2026-47320 | MEDIUM | 6.1 | 2026-06-04 | Access of uninitialized pointer, Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Pointer Manipulation, Oversized Serialized Data Payloads. This … | |
| CVE-2026-49510 | MEDIUM | 6.1 | 2026-06-04 | Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Integer Attacks. This issue affects rlottie: before 21292665023e5074b38254432716866d00f1985f. | |
| CVE-2026-49771 | HIGH | 7.6 | 2026-06-04 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue a… | |
| CVE-2026-4881 | NONE | — | 2026-06-04 | In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain A… | |
| CVE-2026-50214 | CRITICAL | Patched | 9.8 | 2026-06-04 | The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans. |
| CVE-2026-50224 | MEDIUM | Patched | 4.9 | 2026-06-04 | The web administration panel binds broadly to the public IPv6 address space on port [::]:8080 without default firewall limits, making internal API endpoints reachable over the WAN. |
| CVE-2026-50225 | CRITICAL | Patched | 9.1 | 2026-06-04 | The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database. |
| CVE-2026-50226 | MEDIUM | Patched | 5.3 | 2026-06-04 | Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to l… |
| CVE-2026-8916 | MEDIUM | 6.1 | 2026-06-04 | Out-of-bounds write vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before dcfde72eae1b0464dc0dd760aec00ada6a148635. | |
| CVE-2026-10801 | LOW | 3.6 | 2026-06-04 | A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template._save_pil_image of the file swift/template/base.py of the … | |
| CVE-2026-49077 | MEDIUM | 5.3 | 2026-06-04 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded Sensitive Data. This iss… | |
| CVE-2025-12694 | NONE | — | 2026-06-04 | A local privilege escalation vulnerability exists in Forcepoint VPN Client that allows a local non-administrative user to escalate privileges to SYSTEM. This issue affects … | |
| CVE-2025-52606 | MEDIUM | 4.3 | 2026-06-04 | HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is … | |
| CVE-2025-52608 | LOW | 3.1 | 2026-06-04 | HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure … | |
| CVE-2025-52609 | LOW | 3.7 | 2026-06-04 | HCL iControl was affected by Missing Security Headers vulnerability. which lead to cross-site scripting (XSS) attacks by enabling the built-in XSS filtering mechanisms of m… | |
| CVE-2025-52611 | LOW | 3.1 | 2026-06-04 | HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability. The error occurs due to an undefined property being accessed in the applicat… | |
| CVE-2025-52612 | HIGH | 7.1 | 2026-06-04 | HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficien… | |
| CVE-2026-10802 | MEDIUM | 4.3 | 2026-06-04 | A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.t… | |
| CVE-2026-10803 | LOW | Patched | 3.6 | 2026-06-04 | A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digest_utils of the file mlflow/data/digest_utils.py of the component Dataset Dige… |
| CVE-2026-10804 | LOW | 3.6 | 2026-06-04 | A vulnerability has been found in Streamlit up to 1.53.0. Impacted is an unknown function in the library lib/streamlit/runtime/caching/hashing.py of the component Palette H… | |
| CVE-2026-10840 | CRITICAL | 9.6 | 2026-06-04 | A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and ce… | |
| CVE-2026-10843 | HIGH | 7.2 | 2026-06-04 | A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive act… | |
| CVE-2026-45431 | NONE | — | 2026-06-04 | This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authen… | |
| CVE-2026-45432 | NONE | — | 2026-06-04 | This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could… | |
| CVE-2026-4104 | CRITICAL | 9.8 | 2026-06-04 | Authorization bypass through User-Controlled SQL primary key vulnerability in Akmer Informatics Automation Industry and Trade Ltd. Co. TeknoPass allows SQL Injection. This… |