Search
153,531 CVEs · Medium severity
CVEs (153,531, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 26–50 of 153,531 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-9831 | MEDIUM | 6.3 | 2026-05-29 | A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow … | |
| CVE-2026-9829 | MEDIUM | 6.5 | 2026-06-06 | The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compact_album_order_by' Shortcode Parameter i… | |
| CVE-2026-9811 | MEDIUM | 5.4 | 2026-05-29 | A stored Cross-Site Scripting (XSS) vulnerability exists in the project selector component of Mautic 7. When rendering selection menus for associating projects with system … | |
| CVE-2026-9807 | MEDIUM | Patched | 4.3 | 2026-05-28 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions c… |
| CVE-2026-9803 | MEDIUM | 5.3 | 2026-05-28 | A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST reques… | |
| CVE-2026-9802 | MEDIUM | 6.8 | 2026-05-28 | A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mechanisms. This … | |
| CVE-2026-9801 | MEDIUM | 4.9 | 2026-05-28 | A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol (LDAP) ser… | |
| CVE-2026-9798 | MEDIUM | 4.3 | 2026-05-28 | A flaw was found in Keycloak, an open-source identity and access management solution. When a user account is temporarily locked due to repeated failed login attempts, an at… | |
| CVE-2026-9796 | MEDIUM | 6.5 | 2026-05-28 | A flaw was found in Keycloak. An authenticated administrator with the `manage-clients` role can exploit a Time-of-check to time-of-use (TOCTOU) vulnerability in the name-ba… | |
| CVE-2026-9794 | MEDIUM | 5.3 | 2026-05-28 | A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP (Security Asserti… | |
| CVE-2026-9793 | MEDIUM | 5.9 | 2026-05-28 | A flaw was found in Keycloak. When a JSON Web Encryption (JWE) encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted cont… | |
| CVE-2026-9792 | MEDIUM | 6.5 | 2026-05-28 | A flaw was found in Keycloak's Client Policies, specifically within the `org.keycloak.protocol.oidc` component. When certain condition providers (client-type, client-roles,… | |
| CVE-2026-9791 | MEDIUM | 4.3 | 2026-05-28 | A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by… | |
| CVE-2026-9759 | MEDIUM | Patched | 5.5 | 2026-05-27 | ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service |
| CVE-2026-9732 | MEDIUM | 4.3 | 2026-06-03 | The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This … | |
| CVE-2026-9730 | MEDIUM | 4.3 | 2026-06-02 | The Remove NoFollow Commenter URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or inco… | |
| CVE-2026-9723 | MEDIUM | 4.3 | 2026-06-02 | The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is due to missing or incorrect… | |
| CVE-2026-9722 | MEDIUM | 4.3 | 2026-06-02 | The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce valid… | |
| CVE-2026-9719 | MEDIUM | 4.3 | 2026-06-06 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5… | |
| CVE-2026-9714 | MEDIUM | 6.4 | 2026-05-29 | The Simple Divi Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the [showmodule] shortcode in versions up to, and incl… | |
| CVE-2026-9704 | MEDIUM | 6.8 | 2026-05-27 | A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subject_token JSON Web Token (JWT) to the Tok… | |
| CVE-2026-9689 | MEDIUM | 4.2 | 2026-05-27 | A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Iden… | |
| CVE-2026-9674 | MEDIUM | Patched | 4.3 | 2026-05-27 | A cross-site request forgery (CSRF) vulnerability in Jenkins Multijob Plugin 662.vd2e0001f6b_b_d and earlier allows attackers to resume failed Multijob builds. |
| CVE-2026-9673 | MEDIUM | Patched | 6.8 | 2026-05-28 | Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can i… |
| CVE-2026-9646 | MEDIUM | 6.1 | 2026-05-28 | A reflected cross-site scripting issue exists in URL handling. |