Search
6,811 CVEs
CVEs (6,811, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 451–475 of 6,811 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-41448 | CRITICAL | 9.4 | 2026-06-08 | AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supply… | |
| CVE-2026-46442 | NONE | Patched | — | 2026-06-08 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, POST /api/v1/node-custom-function lacks route-level authori… |
| CVE-2026-11429 | NONE | Patched | — | 2026-06-05 | A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-mani… |
| CVE-2026-11423 | NONE | — | 2026-06-05 | A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due to improper handling of user-supplied filenames in the MCAD and Simulation f… | |
| CVE-2026-11419 | NONE | — | 2026-06-05 | A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image… | |
| CVE-2026-46399 | NONE | — | 2026-06-05 | HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file overwrite vulnerability. A… | |
| CVE-2026-50208 | CRITICAL | Patched | 9.4 | 2026-06-04 | High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle (MITM) actor could… |
| CVE-2026-8931 | NONE | — | 2026-06-01 | A critical Remote Code Execution (RCE) vulnerability exists in Disig Web Signer versions 2.0.3 through 2.5.3. | |
| CVE-2026-45058 | NONE | — | 2026-05-28 | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bo… | |
| CVE-2026-32998 | NONE | — | 2026-05-28 | This vulnerability in Veeam Service Provider Console allows for remote code execution. | |
| CVE-2026-9739 | NONE | — | 2026-05-27 | Vulnerable to DNS rebinding attacks when using SSE (http://b/499408790). During the beta phase, we implemented `allowed-origins` and `allowed-hosts` flags to align with MCP… | |
| CVE-2026-44326 | CRITICAL | Patched | 9.4 | 2026-05-27 | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-traffic-influence API without inbound OAuth2/bearer-token aut… |
| CVE-2026-44315 | CRITICAL | Patched | 9.4 | 2026-05-27 | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-pfd-management API without inbound OAuth2/bearer-token author… |
| CVE-2026-49103 | NONE | Patched | — | 2026-05-27 | Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs in mailboxes/detachall.cgi. |
| CVE-2026-9129 | NONE | — | 2026-05-20 | A path traversal vulnerability exists in the Altium Enterprise Server Viewer StorageController due to improper handling of file path route parameters. On on-premise deploym… | |
| CVE-2026-9102 | NONE | — | 2026-05-20 | A path traversal vulnerability exists in the Altium Enterprise Server ComparisonService due to missing filename sanitization in the Gerber file upload APIs. A regular authe… | |
| CVE-2026-39405 | NONE | Patched | — | 2026-05-20 | Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In versions 2.50.0 and below, a user with course editing role could u… |
| CVE-2026-41948 | CRITICAL | Patched | 9.4 | 2026-05-18 | Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST A… |
| CVE-2026-44592 | CRITICAL | Patched | 9.4 | 2026-05-14 | Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENT_DISCOVERABLE=true (the default, and the NixOS module default), anyone who can reach /proto ca… |
| CVE-2026-44670 | NONE | Patched | — | 2026-05-14 | SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the kernel stores Attribute View (AV / database) names without any HTML escape, then a render… |
| CVE-2026-44588 | NONE | Patched | — | 2026-05-14 | SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, he tooltip mouseover handler in app/src/block/popover.ts reads aria-label via getAttribute a… |
| CVE-2026-42596 | CRITICAL | Patched | 9.4 | 2026-05-14 | Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, the default deny-lists used by Gotenberg's downloadFrom feature and webhook feature are bypassab… |
| CVE-2026-44262 | CRITICAL | Patched | 9.4 | 2026-05-12 | Scramble generates API documentation for Laravel project. From 0.13.2 to before 0.13.22, when documentation endpoints are publicly accessible and validation rules reference… |
| CVE-2026-42882 | CRITICAL | Patched | 9.4 | 2026-05-11 | oxyno-zeta/s3-proxy is an aws s3 proxy written in go. Prior to 5.0.0, s3-proxy contains an authentication bypass caused by inconsistent URL path interpretation between the … |
| CVE-2026-42613 | CRITICAL | Patched | 9.4 | 2026-05-11 | Grav is a file-based Web platform. Prior to 2.0.0-beta.2, the Login::register() method in the Login plugin accepts attacker-controlled groups and access fields from the reg… |