Search
1,557 CVEs
CVEs (1,557, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 476–500 of 1,557 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↑ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-10861 | MEDIUM | Patched | 6.1 | 2026-06-04 | An open redirect vulnerability existed in MISP UsersController::routeafterlogin() because the value stored in the pre_login_requested_url session key was used as the post-l… |
| CVE-2026-10856 | MEDIUM | Patched | 6.1 | 2026-06-04 | A URL validation flaw in the MISP dashboard button widget allowed a crafted relative-looking URL to be accepted as a local path while being interpreted by browsers as an ex… |
| CVE-2026-8916 | MEDIUM | 6.1 | 2026-06-04 | Out-of-bounds write vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before dcfde72eae1b0464dc0dd760aec00ada6a148635. | |
| CVE-2026-47318 | MEDIUM | 6.1 | 2026-06-04 | Stack-based buffer overflow vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before ce72b35a7ad0dded03051d3aa0ef75321c3bd035. | |
| CVE-2026-47319 | MEDIUM | Patched | 6.1 | 2026-06-04 | Memory allocation with excessive size value vulnerability in Samsung Open Source rlottie allows Excessive Allocation. This issue affects rlottie: before 0b4e308fa88c72cbb6… |
| CVE-2026-47320 | MEDIUM | 6.1 | 2026-06-04 | Access of uninitialized pointer, Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Pointer Manipulation, Oversized Serialized Data Payloads. This … | |
| CVE-2026-49510 | MEDIUM | 6.1 | 2026-06-04 | Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Integer Attacks. This issue affects rlottie: before 21292665023e5074b38254432716866d00f1985f. | |
| CVE-2026-47306 | MEDIUM | 6.1 | 2026-06-04 | Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Oversized Serialized Data Payloads. This issue affects rlottie: before e2d19e3b150e0e4a9586fa90b… | |
| CVE-2026-10305 | MEDIUM | Patched | 6.1 | 2026-06-04 | Out-of-bounds read vulnerability in Samsung Open Source rlottie allows Overread Buffers. This issue affects rlottie: before 223a2a41ba4f462e4abe767bebba49a366c9b9fd. |
| CVE-2026-20233 | MEDIUM | 6.1 | 2026-06-03 | A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attac… | |
| CVE-2026-20175 | MEDIUM | 6.1 | 2026-06-03 | A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected de… | |
| CVE-2026-6657 | MEDIUM | 6.1 | 2026-06-03 | A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the `allow_origin_pat` configuration is used. The … | |
| CVE-2026-35212 | MEDIUM | Patched | 6.1 | 2026-06-02 | OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Versions prior to 7.260227.0 are vulnerable to XSS in the rendering of … |
| CVE-2026-41569 | MEDIUM | Patched | 6.1 | 2026-06-02 | authentik is an open-source identity provider. Prior to version 2026.2.3, the WS-Federation provider validates the user-supplied wreply parameter using a raw string prefix … |
| CVE-2026-40181 | MEDIUM | Patched | 6.1 | 2026-06-02 | React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to … |
| CVE-2026-30586 | MEDIUM | 6.1 | 2026-06-02 | Cross Site Scripting vulnerability in usememos Memos v.0.26.0 allows a remote attacker to obtain sensitive information via the SANITIZE_SCHEMA, Memo Rendering Component, an… | |
| CVE-2026-33553 | MEDIUM | Patched | 6.1 | 2026-06-02 | Northern.tech CFEngine Enterprise 3.24.3 before 3.24.4 and 3.27.0 before 3.27.1 allows XSS. |
| CVE-2026-40713 | MEDIUM | Patched | 6.1 | 2026-06-02 | Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access control vulnerability. An unauthenticated attacker with physical access could potentiall… |
| CVE-2026-1450 | MEDIUM | 6.1 | 2026-06-02 | The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mode' parameter in versions up to, and including, 0.6.2 due to insufficient input … | |
| CVE-2026-1451 | MEDIUM | 6.1 | 2026-06-02 | The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'a' parameter in versions up to, and including, 0.6.2 due to insufficient input san… | |
| CVE-2026-2425 | MEDIUM | 6.1 | 2026-06-02 | The hiWeb Migration Simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'new_domain' parameter in all versions up to, and including, 2.0.0.1… | |
| CVE-2026-10510 | MEDIUM | 6.1 | 2026-06-02 | Cross-Site Scripting (XSS) in GeniexWebView component in Transsion AI Assistant Lifestyle application (com.transsion.aiassistantlifestyle) all versions on Android allows re… | |
| CVE-2022-50953 | MEDIUM | 6.2 | 2026-06-08 | WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte … | |
| CVE-2026-11619 | MEDIUM | 6.3 | 2026-06-09 | A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown function of the file htdocs/core/filemanagerdol/connectors/php/config.in… | |
| CVE-2026-11585 | MEDIUM | 6.3 | 2026-06-08 | A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of the file /attendance-php/Admin/createClassArms.php.… |