Search
6,905 CVEs
CVEs (6,905, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 451–475 of 6,905 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↑ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-42873 | NONE | Patched | 0.0 | 2026-05-11 | WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, when attempting to upload a file with malicious content to funcionario/docdependente_upload… |
| CVE-2025-63750 | NONE | — | 2026-05-11 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2026-21709. Reason: This record is a duplicate of CVE-2026-21709. Notes: All CVE users should reference CVE-202… | |
| CVE-2026-0238 | NONE | — | 2026-05-13 | A vulnerability in Palo Alto Networks Broker VM allows an authenticated administrator to inject arbitrary content into certain Broker VM fields. | |
| CVE-2026-10729 | NONE | — | 2026-06-03 | An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research Canarytokens, enabling In… | |
| CVE-2026-7860 | NONE | Patched | — | 2026-05-19 | A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs … |
| CVE-2026-10719 | NONE | — | 2026-06-02 | Out of bounds write in openSeaChest’s --showSupportedFormats in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing 1 extra byte outside of alloca… | |
| CVE-2026-10717 | NONE | — | 2026-06-02 | Out of bounds write and reads in openSeaChest’s --showSCSIDefects in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing defect information out of… | |
| CVE-2025-71310 | NONE | — | 2026-05-26 | The GDPR cookies module for Backdrop CMS (before 1.x-1.3.5) doesn't sufficiently protect visitors from Cross Site Scripting (XSS) if a malicious value has been provided f… | |
| CVE-2025-14575 | NONE | — | 2026-05-19 | An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network (qtbase) in Qt Qt Framework (Unix) allows a local attacker to load a rogue CA cer… | |
| CVE-2024-21950 | NONE | — | 2026-05-15 | An out of bounds read in the remote management firmware could allow a privileged attacker read a limited section of memory outside of established bounds potentially resulti… | |
| CVE-2026-0428 | NONE | — | 2026-05-15 | Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_COPY_VF_CHIPLET_REGS to write invalid data to a remo… | |
| CVE-2025-66660 | NONE | — | 2026-05-15 | Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_CHECK_TA_COMPAT to cause incorrect shared memory map… | |
| CVE-2021-26380 | NONE | — | 2026-05-15 | A compromised Trusted OS (TOS) driver could issue a malformed call that could potentially allow memory access outside the intended range resulting in loss of integrity. | |
| CVE-2022-23826 | NONE | — | 2026-05-15 | A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss… | |
| CVE-2026-30904 | LOW | Patched | 1.8 | 2026-05-13 | Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access. |
| CVE-2026-4387 | NONE | Patched | — | 2026-05-29 | StrongDM Desktop Application before 23.74.0 (Desktop Client before 53.77.0) on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key … |
| CVE-2026-47713 | LOW | Patched | 2.0 | 2026-05-28 | AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, an approved mobile device token… |
| CVE-2026-45403 | LOW | Patched | 2.0 | 2026-05-28 | AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesyste… |
| CVE-2025-52532 | NONE | — | 2026-05-15 | A race condition in the MxGPU-Virtualization driver’s ioctl path caused by concurrent unsynchronized access to the global variable amdgv_cmd in an unlocked ioctl handler co… | |
| CVE-2026-47344 | NONE | — | 2026-06-08 | When ALLOW_INSECURE_RAW_TEXT is enabled, whitespace-variant closing tags (e.g., </style\t>) are not recognized by the sanitizer but accepted by browsers as valid end tags, … | |
| CVE-2026-49756 | NONE | Patched | — | 2026-06-08 | Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in wojtekmach Req allows multipart parameter smuggling via attacker-influenced part metadata. Re… |
| CVE-2026-45287 | NONE | — | 2026-06-04 | OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, `go.opentelemetry.io/otel/schema/v1.0` and `go.opentelemetry.io/otel/schema/v1.1` leaks… | |
| CVE-2026-48596 | NONE | Patched | — | 2026-06-02 | Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in elixir-tesla tesla allows HTTP header injection via Tesla.Mul… |
| CVE-2026-48598 | NONE | Patched | — | 2026-06-02 | Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. Tesl… |
| CVE-2026-48861 | NONE | Patched | — | 2026-06-02 | Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/… |