Search
6,811 CVEs
CVEs (6,811, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 451–475 of 6,811 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2026-43901 | MEDIUM | Patched | 6.8 | 2026-05-11 | Wireshark MCP is an MCP Server that turns tshark into a structured analysis interface, then layers in optional Wireshark suite utilities. In 1.1.5 and earlier, wireshark-mc… |
| CVE-2026-43911 | MEDIUM | Patched | 6.8 | 2026-05-11 | Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, refresh tokens are not invalidated when the user's security_stamp is rotated by some security… |
| CVE-2026-43912 | HIGH | Patched | 8.7 | 2026-05-11 | Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden does not enforce that a groups_users.users_organizations_uuid entry belongs to th… |
| CVE-2026-43913 | HIGH | Patched | 8.1 | 2026-05-11 | Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden allows an unconfirmed organization owner to purge the entire organization vault. … |
| CVE-2026-43914 | HIGH | Patched | 7.3 | 2026-05-11 | Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.4, there is a security vulnerability in Vaultwarden that allows bypassing the login brute-force … |
| CVE-2026-8345 | MEDIUM | 6.3 | 2026-05-11 | A security vulnerability has been detected in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this issue is the function sub_445E7C of the file /goform/singlePortForward… | |
| CVE-2026-8346 | MEDIUM | 6.3 | 2026-05-12 | A vulnerability was detected in D-Link DIR-816 1.10CNB05_R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ip_address results i… | |
| CVE-2026-8349 | MEDIUM | 4.3 | 2026-05-12 | A flaw has been found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGAP Message Handler. Executing a manipulation can lead to m… | |
| CVE-2026-45321 | CRITICAL | 9.6 | 2026-05-12 | On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authen… | |
| CVE-2026-45362 | LOW | Patched | 3.2 | 2026-05-12 | Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file. |
| CVE-2026-45391 | HIGH | 7.8 | 2026-05-12 | A command injection vulnerability in Cribl Edge for Linux versions 3.2.0 through 4.17.0 allows a local unprivileged user to execute arbitrary commands in the context of the… | |
| CVE-2026-45392 | HIGH | Patched | 8.7 | 2026-05-12 | DOM-based cross-site scripting (XSS) in Cribl Stream before 4.17.1 allows a remote attacker to execute arbitrary JavaScript in the browser of an authenticated user who is t… |
| CVE-2026-45393 | HIGH | Patched | 7.8 | 2026-05-12 | A vulnerability chain in Cribl Edge for Windows before 4.17.1 allows a local authenticated user to escalate privileges to NT AUTHORITY\SYSTEM. Incorrect default permissions… |
| CVE-2026-0502 | MEDIUM | 5.4 | 2026-05-12 | Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests… | |
| CVE-2026-27682 | MEDIUM | 4.7 | 2026-05-12 | Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages), an unauthenticated attac… | |
| CVE-2026-34258 | MEDIUM | 4.7 | 2026-05-12 | SAPUI5 (Search UI) allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may misle… | |
| CVE-2026-34259 | HIGH | 8.2 | 2026-05-12 | Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative authorizations could abuse a non-remote-enabl… | |
| CVE-2026-34260 | CRITICAL | 9.6 | 2026-05-12 | SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-co… | |
| CVE-2026-34263 | CRITICAL | 9.6 | 2026-05-12 | Due to improper Spring Security configuration, SAP Commerce Cloud allows an unauthenticated user to perform malicious input injection, resulting in arbitrary server-side co… | |
| CVE-2026-40129 | MEDIUM | 4.3 | 2026-05-12 | Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to t… | |
| CVE-2026-40131 | LOW | 3.4 | 2026-05-12 | SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared st… | |
| CVE-2026-40132 | MEDIUM | 5.4 | 2026-05-12 | Due to missing authorization check in SAP Strategic Enterprise Management (Scorecard Wizard in Business Server Pages), an authenticated attacker could access information th… | |
| CVE-2026-40133 | MEDIUM | 6.3 | 2026-05-12 | Due to missing authorization check in SAP S/4HANA Condition Maintenance, an authenticated attacker could gain unauthorized access to view and modify condition table records… | |
| CVE-2026-40134 | MEDIUM | 4.3 | 2026-05-12 | Due to insufficient authorization checks in the SAP Incentive and Commission Management application, authenticated users could invoke a remote-enabled function module to pe… | |
| CVE-2026-40135 | MEDIUM | 6.5 | 2026-05-12 | An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative ac… |