Search
1,557 CVEs
CVEs (1,557, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 451–475 of 1,557 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↑ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-45680 | MEDIUM | Patched | 5.9 | 2026-06-02 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe hits into histogram obse… |
| CVE-2026-45681 | MEDIUM | Patched | 5.9 | 2026-06-02 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses … |
| CVE-2026-28116 | MEDIUM | 5.9 | 2026-06-02 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Emilia Projects Progress Planner allows Stored XSS. This issue affect… | |
| CVE-2026-25620 | MEDIUM | 6.0 | 2026-06-05 | An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall … | |
| CVE-2026-25621 | MEDIUM | 6.0 | 2026-06-05 | A Reports application infrastructure vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW) due to insecure input validation. This i… | |
| CVE-2026-25622 | MEDIUM | Patched | 6.0 | 2026-06-05 | A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). On affected platforms, an … |
| CVE-2026-25623 | MEDIUM | Patched | 6.0 | 2026-06-05 | An input validation command execution vulnerability exists in the browser management pipeline of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Aut… |
| CVE-2026-11326 | NONE | Patched | — | 2026-06-05 | OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on *.openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be … |
| CVE-2026-4881 | NONE | — | 2026-06-04 | In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain A… | |
| CVE-2026-44746 | MEDIUM | 6.1 | 2026-06-09 | Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver JAVA (JDBC Test Servlet), an unauthenticated attacker could craft a URL that embeds a malicious… | |
| CVE-2026-40215 | NONE | — | 2026-06-08 | A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote attackers to potentially cause a server crash or leak heap memory via a use-afte… | |
| CVE-2026-29170 | MEDIUM | Patched | 6.1 | 2026-06-08 | A cross-site scripting vulnerability exists in mod_proxy_ftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents e… |
| CVE-2026-9280 | MEDIUM | 6.1 | 2026-06-06 | The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and… | |
| CVE-2026-50230 | MEDIUM | 6.1 | 2026-06-05 | Lyrion Music Server 9.2.0 contains an unauthenticated reflected cross-site scripting vulnerability in the server.log endpoint that allows attackers to inject arbitrary HTML… | |
| CVE-2026-50235 | MEDIUM | 6.1 | 2026-06-05 | Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying … | |
| CVE-2026-21825 | MEDIUM | 6.1 | 2026-06-05 | HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center. An attacker could execute arbitrary JavaScript in … | |
| CVE-2026-21826 | MEDIUM | 6.1 | 2026-06-05 | HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the applicati… | |
| CVE-2026-11273 | MEDIUM | Patched | 6.1 | 2026-06-05 | Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestur… |
| CVE-2026-11229 | MEDIUM | 6.1 | 2026-06-04 | Inappropriate implementation in Enterprise in Google Chrome prior to 149.0.7827.53 allowed a local attacker to perform privilege escalation via physical access to the devic… | |
| CVE-2026-11205 | MEDIUM | Patched | 6.1 | 2026-06-04 | Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in spec… |
| CVE-2026-11186 | MEDIUM | Patched | 6.1 | 2026-06-04 | Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (C… |
| CVE-2026-11150 | MEDIUM | Patched | 6.1 | 2026-06-04 | Inappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (C… |
| CVE-2026-11122 | MEDIUM | Patched | 6.1 | 2026-06-04 | Inappropriate implementation in Keyboard in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML pag… |
| CVE-2026-11034 | MEDIUM | Patched | 6.1 | 2026-06-04 | Insufficient validation of untrusted input in Tab Group Sync in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTM… |
| CVE-2026-10916 | MEDIUM | Patched | 6.1 | 2026-06-04 | Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to inject … |