Search
1,463 CVEs
CVEs (1,463, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 476–500 of 1,463 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-41115 | MEDIUM | Patched | 4.3 | 2026-06-02 | An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMER_GROUP_DESCRIBE (69) API validates the DESCRIBE operation on… |
| CVE-2026-41065 | NONE | — | 2026-06-04 | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 are vulnerable to remote code execution via the newsletter custom te… | |
| CVE-2026-4104 | CRITICAL | 9.8 | 2026-06-04 | Authorization bypass through User-Controlled SQL primary key vulnerability in Akmer Informatics Automation Industry and Trade Ltd. Co. TeknoPass allows SQL Injection. This… | |
| CVE-2026-41032 | HIGH | 7.5 | 2026-06-03 | It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information. | |
| CVE-2026-41011 | HIGH | Patched | 8.2 | 2026-06-04 | PackagePersister.validate_tgz builds "tar -tf #{tgz} 2>&1" where tgz = File.join(release_dir, 'packages', "#{name}.tgz") and name = package_meta['name'] comes directly from… |
| CVE-2026-41010 | HIGH | Patched | 8.2 | 2026-06-04 | ReleaseJob#unpack builds job_dir = File.join(@release_dir, 'jobs', name) and job_tgz = File.join(@release_dir, 'jobs', "#{name}.tgz") where name returns @job_meta['name'], … |
| CVE-2026-40930 | MEDIUM | 5.4 | 2026-06-04 | LIBPNG is a reference library for use in applications that process PNG (Portable Network Graphics) raster image files. In version 1.8.0, three inter-frame chunk discard pat… | |
| CVE-2026-40898 | MEDIUM | Patched | 5.3 | 2026-06-04 | quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.59.1, an attacker can cause excessive memory allocation in quic-go's HTTP/3 client and server im… |
| CVE-2026-4081 | MEDIUM | 6.4 | 2026-06-02 | The ZeM STL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [zemstl] shortcode in all versions up to and including 1.0. This is due to insufficien… | |
| CVE-2026-4080 | MEDIUM | 6.4 | 2026-06-02 | The Easy Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add_to_cart' shortcode in all versions up to and including 1.8. This is due to insu… | |
| CVE-2026-40780 | HIGH | Patched | 7.5 | 2026-06-02 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation. This issue affects BookIt: f… |
| CVE-2026-40715 | HIGH | Patched | 7.8 | 2026-06-02 | Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exp… |
| CVE-2026-40713 | MEDIUM | Patched | 6.1 | 2026-06-02 | Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access control vulnerability. An unauthenticated attacker with physical access could potentiall… |
| CVE-2026-4071 | MEDIUM | 4.3 | 2026-06-02 | The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing nonce validation in the bi… | |
| CVE-2026-40619 | HIGH | 7.8 | 2026-06-02 | A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main serve… | |
| CVE-2026-40605 | NONE | — | 2026-06-04 | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.1, a path traversal vulnerability in the cache deletion endpoint allows… | |
| CVE-2026-40571 | NONE | — | 2026-06-02 | NamelessMC is website software for Minecraft servers. In version 2.2.4, `core/classes/Misc/ProfilePostReactionContext.php` only verifies that the wall post exists and does … | |
| CVE-2026-40519 | HIGH | Patched | 7.5 | 2026-06-08 | Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execution vulnerability via OS command injection in the se… |
| CVE-2026-40495 | NONE | — | 2026-06-03 | FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system version through asset cache buster parameters in HTML… | |
| CVE-2026-4035 | HIGH | Patched | 7.7 | 2026-06-03 | A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sen… |
| CVE-2026-40314 | NONE | — | 2026-06-02 | NamelessMC is website software for Minecraft servers. In version 2.2.4,`core/classes/Misc/ProfilePostReactionContext.php` only verifies that the wall post exists and does n… | |
| CVE-2026-40290 | HIGH | Patched | 7.8 | 2026-06-03 | OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting i… |
| CVE-2026-40215 | NONE | — | 2026-06-08 | A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote attackers to potentially cause a server crash or leak heap memory via a use-afte… | |
| CVE-2026-40181 | MEDIUM | Patched | 6.1 | 2026-06-02 | React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to … |
| CVE-2026-40108 | NONE | Patched | — | 2026-06-02 | GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, a technician can store an XSS payload in a ITIL costs. This issue has been fixed… |