Search
153,531 CVEs · Medium severity
CVEs (153,531, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 451–475 of 153,531 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-8174 | MEDIUM | Patched | 5.7 | 2026-05-26 | Zohocorp Zoho Mail wordpress plugin is vulnerable to Cross-Site request forgery (CSRF). This issue affects Zoho Mail wordpress plugin versions before 1.6.2. |
| CVE-2026-8144 | MEDIUM | Patched | 4.3 | 2026-05-14 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an aut… |
| CVE-2026-8142 | MEDIUM | 6.5 | 2026-05-07 | VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions such as Tick… | |
| CVE-2026-8140 | MEDIUM | Patched | 6.5 | 2026-05-21 | Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/install/download/<remoteId>. The download() method in concrete/c… |
| CVE-2026-8139 | MEDIUM | Patched | 5.4 | 2026-05-21 | Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page cvName because updateCollectionAliasExternal bypasses being sanitized. The Concrete CMS secu… |
| CVE-2026-8127 | MEDIUM | 6.3 | 2026-05-08 | A vulnerability has been found in eladmin up to 2.7. Impacted is the function checkLevel of the file /rest/UserController.java of the component Users API Endpoint. Such man… | |
| CVE-2026-8125 | MEDIUM | 6.3 | 2026-05-08 | A vulnerability was detected in code-projects Simple Chat System 1.0. This vulnerability affects unknown code of the file sendMessage.php. The manipulation of the argument … | |
| CVE-2026-8123 | MEDIUM | Patched | 4.3 | 2026-05-08 | A vulnerability was determined in Open5GS up to 2.7.7. This impacts the function ogs_sbi_discovery_option_add_snssais in the library /lib/sbi/message.c of the component NSS… |
| CVE-2026-8122 | MEDIUM | Patched | 4.3 | 2026-05-08 | A vulnerability was found in Open5GS up to 2.7.7. This affects the function ogs_sbi_discovery_option_add_service_names in the library /lib/sbi/message.c of the component NS… |
| CVE-2026-8121 | MEDIUM | Patched | 4.3 | 2026-05-08 | A vulnerability has been found in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_parse_plmn_list in the library /lib/sbi/conv.c of the component NSSF. Th… |
| CVE-2026-8120 | MEDIUM | Patched | 4.3 | 2026-05-08 | A flaw has been found in Open5GS up to 2.7.7. The affected element is the function nssf_nnrf_nsselection_handle_get_from_amf_or_vnssf of the file /src/nssf/nnssf-handler.c … |
| CVE-2026-8117 | MEDIUM | 4.3 | 2026-05-08 | A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. This issue affects some unknown processing of the file /admin/index.php. Such man… | |
| CVE-2026-8116 | MEDIUM | 6.3 | 2026-05-08 | A weakness has been identified in huangjunsen0406 xiaozhi-mcphub up to 1.0.3. This vulnerability affects unknown code of the file src/controllers/dxtController.ts. This man… | |
| CVE-2026-8115 | MEDIUM | 5.3 | 2026-05-07 | A security flaw has been discovered in gyoridavid short-video-maker up to 1.3.4. This affects an unknown part of the file src/server/routers/rest.ts of the component REST A… | |
| CVE-2026-8114 | MEDIUM | 6.3 | 2026-05-07 | A vulnerability was identified in JeecgBoot up to 3.9.1. Affected by this issue is some unknown functionality of the file /sys/dict/loadTreeData of the component JSON Objec… | |
| CVE-2026-8113 | MEDIUM | Patched | 4.3 | 2026-05-07 | A vulnerability was determined in 8421bit MiniClaw up to 43905b934cf76489ab28e4d17da28ee97970f91f. Affected by this vulnerability is the function isPathInside of the file s… |
| CVE-2026-8112 | MEDIUM | Patched | 6.3 | 2026-05-07 | A vulnerability was found in 8421bit MiniClaw up to 223c16a1088e138838dcbd18cd65a37c35ac5a84. Affected is the function executeCognitivePulse of the file src/kernel.ts. Perf… |
| CVE-2026-8109 | MEDIUM | Patched | 6.5 | 2026-05-12 | An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials. |
| CVE-2026-8106 | MEDIUM | Patched | 6.1 | 2026-05-07 | A reflected HTML injection vulnerability was identified in the GitHub Enterprise Server Management Console login page that could allow credential theft. The redirect_to que… |
| CVE-2026-8097 | MEDIUM | 6.3 | 2026-05-07 | A security flaw has been discovered in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /askquery.php. The manipulation of the argument s… | |
| CVE-2026-8096 | MEDIUM | 6.5 | 2026-05-19 | The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.6. This… | |
| CVE-2026-8087 | MEDIUM | Patched | 5.3 | 2026-05-07 | A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation o… |
| CVE-2026-8086 | MEDIUM | Patched | 5.3 | 2026-05-07 | A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the … |
| CVE-2026-8081 | MEDIUM | 6.3 | 2026-05-07 | A vulnerability has been found in router-for-me CLIProxyAPI 6.9.29. Affected by this issue is some unknown functionality of the file internal/api/handlers/management/api_to… | |
| CVE-2026-8080 | MEDIUM | Patched | 5.4 | 2026-05-07 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in misp allows Stored XSS. This issue affects MISP before 2.… |