Search
1,463 CVEs
CVEs (1,463, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 451–475 of 1,463 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-42073 | MEDIUM | Patched | 6.5 | 2026-06-02 | OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the OpenClaude MCP authentication flow starts … |
| CVE-2026-42061 | HIGH | 7.3 | 2026-06-03 | Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.… | |
| CVE-2026-42029 | NONE | — | 2026-06-02 | Rejected reason: This CVE is a duplicate of another CVE. | |
| CVE-2026-41918 | MEDIUM | 5.7 | 2026-06-02 | A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V4.0). The affected applications stores sensitive information in the browser cache… | |
| CVE-2026-41860 | HIGH | Patched | 8.8 | 2026-06-04 | CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM. HttpRequestHelper#create_async_endpoint and #send_http_get_… |
| CVE-2026-41859 | HIGH | Patched | 7.8 | 2026-06-04 | A network man-in-the-middle between nats-sync and the BOSH director can steal the director credentials (Basic auth header or UAA client secret) and can tamper with the VM l… |
| CVE-2026-41858 | HIGH | Patched | 7.5 | 2026-06-04 | Weak Randomness / Insecure Cryptographic Primitive (CWE-338) in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a network attacker to estimate VM bo… |
| CVE-2026-41724 | HIGH | 8.0 | 2026-06-08 | VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets… | |
| CVE-2026-41723 | HIGH | 8.0 | 2026-06-08 | VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets… | |
| CVE-2026-41722 | HIGH | 8.0 | 2026-06-08 | VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets… | |
| CVE-2026-41577 | HIGH | Patched | 7.5 | 2026-06-02 | authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, the SAML source response processor (ResponseProcessor.parse()) does not validate th… |
| CVE-2026-41569 | MEDIUM | Patched | 6.1 | 2026-06-02 | authentik is an open-source identity provider. Prior to version 2026.2.3, the WS-Federation provider validates the user-supplied wreply parameter using a raw string prefix … |
| CVE-2026-41567 | HIGH | Patched | 7.2 | 2026-06-05 | Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container vi… |
| CVE-2026-41522 | NONE | Patched | — | 2026-06-04 | Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional Gr… |
| CVE-2026-41518 | HIGH | 7.6 | 2026-06-04 | Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authentic… | |
| CVE-2026-41448 | CRITICAL | 9.4 | 2026-06-08 | AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supply… | |
| CVE-2026-41412 | MEDIUM | 4.9 | 2026-06-02 | alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, the alf.io extension sandbox injects … | |
| CVE-2026-41283 | CRITICAL | 9.9 | 2026-06-04 | OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltrati… | |
| CVE-2026-41249 | HIGH | 8.2 | 2026-06-04 | CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow (`.github/workflows/static.yml`) uses the `pull_requ… | |
| CVE-2026-41237 | NONE | — | 2026-06-04 | Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses `\s+` which matches newlines (allowing embedded newlines to p… | |
| CVE-2026-41236 | HIGH | 8.8 | 2026-06-04 | Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization path used for customer FTP … | |
| CVE-2026-41235 | NONE | — | 2026-06-04 | Froxlor is open source server administration software. Version 2.3.6 lets administrators configure `system.available_shells` as the approved shell list that customers may a… | |
| CVE-2026-41234 | HIGH | 7.6 | 2026-06-04 | Froxlor is open source server administration software. Prior to version 2.3.7, the `DomainZones.add` API endpoint does not sanitize newline characters in TXT record content… | |
| CVE-2026-41207 | MEDIUM | Patched | 5.3 | 2026-06-04 | The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDF_expand returns non-NULL on failure. The byte[] is filled with zer… |
| CVE-2026-41178 | MEDIUM | 5.3 | 2026-06-04 | OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes `Parse` to process arbitrarily large/inval… |