Search
6,811 CVEs
CVEs (6,811, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 26–50 of 6,811 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2026-6104 | CRITICAL | Patched | 9.1 | 2026-05-10 | In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mb_convert_encoding() or related mbstring fun… |
| CVE-2026-7263 | HIGH | Patched | 7.5 | 2026-05-10 | In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() method may process the XML data incorrectly, causing a circular linked list in the data structur… |
| CVE-2026-8231 | MEDIUM | 6.3 | 2026-05-10 | A vulnerability has been found in CodeAstro Online Catering Ordering System 1.0. This affects an unknown function of the file /deleteorder.php. The manipulation of the argu… | |
| CVE-2026-8232 | LOW | 3.5 | 2026-05-10 | A vulnerability was found in Dotouch XproUPF 2.0.0-release-088aa7c4. This impacts the function vlib_worker_loop in the library /usr/xpro/upf/tools/libs/libvlib.so of the co… | |
| CVE-2026-8233 | MEDIUM | 4.6 | 2026-05-10 | A vulnerability was determined in Dotouch XproUPF 2.0.0-release-088aa7c4. Affected is an unknown function of the component UPF. This manipulation causes improper access con… | |
| CVE-2026-45186 | LOW | Patched | 2.9 | 2026-05-10 | In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input. |
| CVE-2026-8234 | HIGH | 8.8 | 2026-05-10 | A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vulnerability affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The mani… | |
| CVE-2026-8235 | MEDIUM | 5.5 | 2026-05-10 | A vulnerability was detected in 8421bit MiniClaw 0.8.0/0.9.0. This issue affects the function resolveSkillScriptPath of the file src/kernel.ts of the component System Comma… | |
| CVE-2026-8241 | MEDIUM | 5.3 | 2026-05-10 | A vulnerability has been found in Industrial Application Software IAS Canias ERP 8.03. The affected element is the function iasGetServerInfoEvent of the component RMI Inter… | |
| CVE-2026-8242 | LOW | 3.7 | 2026-05-10 | A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Perfor… | |
| CVE-2026-8243 | MEDIUM | 5.3 | 2026-05-10 | A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03. This affects an unknown function of the component JNLP Deployment Endpoint. Executing… | |
| CVE-2026-8244 | MEDIUM | 5.3 | 2026-05-10 | A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This impacts an unknown function of the component Login RMI Interface. The manipulati… | |
| CVE-2021-47907 | MEDIUM | 6.4 | 2026-05-10 | Rocket LMS 1.1 contains a persistent cross-site scripting vulnerability in the support ticket module that allows authenticated users to inject malicious script code through… | |
| CVE-2021-47910 | MEDIUM | 6.4 | 2026-05-10 | AccessPress Social Icons 1.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering JavaScript p… | |
| CVE-2021-47922 | MEDIUM | 6.4 | 2026-05-10 | Slider by Soliloquy 2.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the title parameter. … | |
| CVE-2021-47923 | CRITICAL | 9.8 | 2026-05-10 | OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie. Attackers c… | |
| CVE-2021-47924 | MEDIUM | 6.4 | 2026-05-10 | Ultimate Product Catalogue 5.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the price para… | |
| CVE-2021-47925 | MEDIUM | 6.4 | 2026-05-10 | CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject arbitrary web script or HTML via crafted input in … | |
| CVE-2021-47926 | MEDIUM | 6.4 | 2026-05-10 | Contact Form to Email 1.3.24 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating forms with scr… | |
| CVE-2021-47927 | MEDIUM | 6.4 | 2026-05-10 | WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting… | |
| CVE-2021-47928 | HIGH | 8.2 | 2026-05-10 | Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code thro… | |
| CVE-2021-47929 | MEDIUM | 6.4 | 2026-05-10 | Filterable Portfolio Gallery 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by entering payload… | |
| CVE-2021-47930 | HIGH | 8.2 | 2026-05-10 | Balbooa Joomla Forms Builder 2.0.6 contains an unauthenticated SQL injection vulnerability in the form submission handler that allows remote attackers to execute arbitrary … | |
| CVE-2021-47931 | MEDIUM | 6.4 | 2026-05-10 | Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block param… | |
| CVE-2021-47932 | CRITICAL | 9.8 | 2026-05-10 | WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that allows attackers to create administrator accounts by submitting crafted r… |