Search
59,123 CVEs
EOL hidden · Show all products
CVEs (59,123, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 426–450 of 59,123 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↓ | Description |
|---|---|---|---|---|---|
| CVE-2026-21031 | HIGH | 7.8 | 2026-06-05 | Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vuln… | |
| CVE-2026-21030 | HIGH | 7.8 | 2026-06-05 | Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions. | |
| CVE-2026-21029 | HIGH | 7.8 | 2026-06-05 | Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations. | |
| CVE-2026-21028 | MEDIUM | 5.5 | 2026-06-05 | Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information. | |
| CVE-2026-21027 | LOW | 3.3 | 2026-06-05 | Improper export of android application components in ImsSettings prior to SMR Jun-2026 Release 1 allows local attackers to trigger logging function. | |
| CVE-2026-21026 | MEDIUM | 5.5 | 2026-06-05 | Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information. | |
| CVE-2026-21025 | MEDIUM | 5.5 | 2026-06-05 | Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information. | |
| CVE-2026-21017 | MEDIUM | 5.5 | 2026-06-05 | Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files. | |
| CVE-2026-11347 | NONE | — | 2026-06-05 | The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initia… | |
| CVE-2026-6274 | CRITICAL | Patched | 9.8 | 2026-06-05 | Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allow… |
| CVE-2026-49777 | CRITICAL | Patched | 10.0 | 2026-06-05 | Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue af… |
| CVE-2026-11332 | HIGH | 7.8 | 2026-06-05 | A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neut… | |
| CVE-2026-9088 | LOW | 2.7 | 2026-06-05 | A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the g… | |
| CVE-2026-48907 | NONE | — | 2026-06-05 | A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution. | |
| CVE-2026-21837 | NONE | — | 2026-06-05 | HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system command… | |
| CVE-2026-21826 | MEDIUM | 6.1 | 2026-06-05 | HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the applicati… | |
| CVE-2026-21825 | MEDIUM | 6.1 | 2026-06-05 | HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center. An attacker could execute arbitrary JavaScript in … | |
| CVE-2026-10732 | MEDIUM | 6.4 | 2026-06-05 | All versions of the package decompress are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) when extracting a ZIP archive containing two entries with th… | |
| CVE-2026-50593 | HIGH | Patched | 7.3 | 2026-06-05 | Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the allowed … |
| CVE-2026-7763 | CRITICAL | 9.8 | 2026-06-05 | A heap-based buffer overflow vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticated… | |
| CVE-2026-7762 | CRITICAL | 9.8 | 2026-06-05 | A heap-based buffer overflow vulnerability in the dot11ah.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticat… | |
| CVE-2026-50592 | MEDIUM | Patched | 6.4 | 2026-06-05 | In Znuny LTS before 6.5.21 and Znuny before 7.3.3, there is reflected XSS in AdminCommunicationLog (aka the communication log administration view). |
| CVE-2026-50591 | MEDIUM | Patched | 5.4 | 2026-06-05 | In Znuny LTS before 6.5.21 and Znuny before 7.3.3, XSS can occur via stored user preferences. |
| CVE-2026-50590 | MEDIUM | Patched | 4.5 | 2026-06-05 | In Mimecast Incydr before 2.6.0, arbitrary file access can occur. |
| CVE-2026-41567 | HIGH | Patched | 7.2 | 2026-06-05 | Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container vi… |