Search
23,984 CVEs · Medium severity
CVEs (23,984, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 451–475 of 23,984 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↓ | Description |
|---|---|---|---|---|---|
| CVE-2026-5078 | MEDIUM | Patched | 5.3 | 2026-06-03 | Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without ne… |
| CVE-2026-10703 | MEDIUM | 6.3 | 2026-06-03 | A security vulnerability has been detected in EIPStackGroup OpENer up to 2.3.0. Affected is the function CreateMessageRouterRequestStructure of the file cipmessagerouter.c … | |
| CVE-2026-10693 | MEDIUM | 6.3 | 2026-06-03 | A security vulnerability has been detected in SourceCodester Online Boat Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the component… | |
| CVE-2026-9732 | MEDIUM | 4.3 | 2026-06-03 | The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This … | |
| CVE-2026-7421 | MEDIUM | 4.4 | 2026-06-03 | The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0. This is due to the `get_shop_url()` metho… | |
| CVE-2026-10692 | MEDIUM | 4.3 | 2026-06-03 | A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function is_safe_regex_pattern of the component search_code_advanced. Executing … | |
| CVE-2026-10691 | MEDIUM | 4.3 | 2026-06-03 | A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component st… | |
| CVE-2026-10690 | MEDIUM | 6.3 | 2026-06-03 | A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component re… | |
| CVE-2026-44653 | MEDIUM | Patched | 6.5 | 2026-06-02 | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only `VIEW` access to an MCP server can retrie… |
| CVE-2026-42507 | MEDIUM | 5.3 | 2026-06-02 | When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to err… | |
| CVE-2026-41412 | MEDIUM | 4.9 | 2026-06-02 | alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, the alf.io extension sandbox injects … | |
| CVE-2026-27145 | MEDIUM | 6.5 | 2026-06-02 | (*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to e… | |
| CVE-2026-25861 | MEDIUM | Patched | 5.9 | 2026-06-02 | QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the… |
| CVE-2026-10688 | MEDIUM | 5.5 | 2026-06-02 | A vulnerability was determined in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The impacted element is the function execute_blender_code of the file… | |
| CVE-2026-10662 | MEDIUM | 6.3 | 2026-06-02 | A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The affected element is the function requests.get of the file src/blender_… | |
| CVE-2026-35212 | MEDIUM | Patched | 6.1 | 2026-06-02 | OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Versions prior to 7.260227.0 are vulnerable to XSS in the rendering of … |
| CVE-2026-10661 | MEDIUM | 4.3 | 2026-06-02 | A vulnerability has been found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. Impacted is the function Open of the file src/blender_mcp/server.py. … | |
| CVE-2026-10650 | MEDIUM | 5.3 | 2026-06-02 | A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lws_ssh_parse_plaintext of the file plugins/protocol_lws_ssh_base/sshd.c of the … | |
| CVE-2025-15653 | MEDIUM | 6.8 | 2026-06-02 | Dräger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical … | |
| CVE-2026-49144 | MEDIUM | 6.5 | 2026-06-02 | BrowserStack Runner through 0.9.5 contains a path traversal vulnerability in the _default HTTP handler in lib/server.js that allows unauthenticated network-adjacent attacke… | |
| CVE-2026-45289 | MEDIUM | Patched | 5.3 | 2026-06-02 | CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing vali… |
| CVE-2026-41569 | MEDIUM | Patched | 6.1 | 2026-06-02 | authentik is an open-source identity provider. Prior to version 2026.2.3, the WS-Federation provider validates the user-supplied wreply parameter using a raw string prefix … |
| CVE-2026-10624 | MEDIUM | 4.3 | 2026-06-02 | A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the file /detailview.php of th… | |
| CVE-2026-5074 | MEDIUM | 6.5 | 2026-06-02 | The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'sSortDir_0' parameter of the `get_private_content_data` AJAX action in all versions up to,… | |
| CVE-2026-48682 | MEDIUM | 5.9 | 2026-06-02 | FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the IPv4 packet parser. In src/simple_packet_parser_ng.cpp, after validating that the packet co… |