Search
1,463 CVEs
CVEs (1,463, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 451–475 of 1,463 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-41722 | HIGH | 8.0 | 2026-06-08 | VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets… | |
| CVE-2026-41723 | HIGH | 8.0 | 2026-06-08 | VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets… | |
| CVE-2026-41724 | HIGH | 8.0 | 2026-06-08 | VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets… | |
| CVE-2026-11400 | HIGH | Patched | 8.0 | 2026-06-05 | An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege act… |
| CVE-2026-11401 | HIGH | Patched | 8.0 | 2026-06-05 | An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor… |
| CVE-2026-45745 | HIGH | 8.0 | 2026-06-05 | Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop (Electron) disables … | |
| CVE-2026-11241 | HIGH | Patched | 8.0 | 2026-06-05 | Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to perform privilege escalation … |
| CVE-2025-14773 | HIGH | 8.0 | 2026-06-03 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | |
| CVE-2026-35482 | HIGH | 8.0 | 2026-06-02 | alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the… | |
| CVE-2026-33245 | HIGH | Patched | 8.0 | 2026-06-02 | React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there is a potential client-sid… |
| CVE-2026-50264 | HIGH | 7.8 | 2026-06-05 | An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attach… | |
| CVE-2026-50258 | HIGH | Patched | 7.8 | 2026-06-05 | A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel * XkbNumKbdGroups but CheckK… |
| CVE-2026-50259 | HIGH | Patched | 7.8 | 2026-06-05 | A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type in… |
| CVE-2026-50260 | HIGH | 7.8 | 2026-06-05 | A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a … | |
| CVE-2026-50261 | HIGH | 7.8 | 2026-06-05 | A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client that sets up multiple SyncCounters can trigger a use-after-free when des… | |
| CVE-2026-50256 | HIGH | Patched | 7.8 | 2026-06-05 | A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can ca… |
| CVE-2026-50257 | HIGH | Patched | 7.8 | 2026-06-05 | A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence(). A client that sets up multiple fence triggers can trigger a use-after-free funct… |
| CVE-2026-21029 | HIGH | 7.8 | 2026-06-05 | Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations. | |
| CVE-2026-21030 | HIGH | 7.8 | 2026-06-05 | Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions. | |
| CVE-2026-21031 | HIGH | 7.8 | 2026-06-05 | Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vuln… | |
| CVE-2026-11332 | HIGH | 7.8 | 2026-06-05 | A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neut… | |
| CVE-2026-20245 | HIGH | Patched | 7.8 | 2026-06-04 | A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, local attacker to execute arbitrary commands as root by … |
| CVE-2026-11103 | HIGH | Patched | 7.8 | 2026-06-04 | Inappropriate implementation in Installer in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform OS-level privilege escalation via a malicio… |
| CVE-2026-11072 | HIGH | Patched | 7.8 | 2026-06-04 | Use after free in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to execute arbitrary code via a malicious file. (Chromium security sev… |
| CVE-2026-10942 | HIGH | Patched | 7.8 | 2026-06-04 | Inappropriate implementation in UI in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform privilege escalation via a malicious file. (Chromi… |