Search
6,811 CVEs
CVEs (6,811, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 476–500 of 6,811 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-50751 | CRITICAL | 9.3 | 2026-06-08 | A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user au… | |
| CVE-2026-45779 | NONE | Patched | — | 2026-06-05 | OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows an unauthe… |
| CVE-2026-45777 | NONE | Patched | — | 2026-06-05 | OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary s… |
| CVE-2026-46496 | NONE | — | 2026-06-05 | HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 26.0.0 due to improper sa… | |
| CVE-2026-46395 | NONE | — | 2026-06-05 | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the `hmacBase64()` function in the HAXcms Node.js backend contains two critica… | |
| CVE-2026-46396 | NONE | — | 2026-06-05 | HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 26.0.0 due to improper sa… | |
| CVE-2026-42849 | CRITICAL | Patched | 9.3 | 2026-06-02 | authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, due to the implementation of stages in the SFE (Simple Flow Executor) in order to m… |
| CVE-2026-42684 | CRITICAL | 9.3 | 2026-06-02 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP… | |
| CVE-2026-34906 | NONE | — | 2026-06-02 | Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution (RCE). In the endpoint redirectToUrl and par… | |
| CVE-2026-42672 | CRITICAL | 9.3 | 2026-06-01 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This is… | |
| CVE-2026-45668 | NONE | Patched | — | 2026-05-29 | Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Prior to 0.102.2, a malicious ZIP archive import… |
| CVE-2026-45043 | NONE | Patched | — | 2026-05-29 | RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper validation in the PUT /rustfs/admin/v3/import-iam endpoint allows a user with I… |
| CVE-2026-9037 | NONE | — | 2026-05-28 | A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device's management interface.… | |
| CVE-2026-45261 | NONE | Patched | — | 2026-05-28 | GitButler is a modern Git-based version control interface for AI-powered workflows. Prior to 0.19.7, a emote code execution vulnerability exists in the Tauri-based GitButle… |
| CVE-2026-44672 | NONE | Patched | — | 2026-05-28 | mapfish-print is a component of MapFish for printing templated cartographic maps. From 3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3, the attacker can exec… |
| CVE-2026-8980 | NONE | — | 2026-05-28 | The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to privilege escalation. An authenticated low-privileged user can change the passwords of the admin (o… | |
| CVE-2026-8979 | NONE | — | 2026-05-28 | The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to an authentication bypass. An unauthenticated remote attacker can change the password of the user ac… | |
| CVE-2026-44590 | CRITICAL | Patched | 9.3 | 2026-05-27 | Sherlock hunts down social media accounts by username across social networks. Prior to 0.16.1, the GitHub Actions workflow validate_modified_targets.yml is vulnerable to co… |
| CVE-2026-35090 | NONE | Patched | — | 2026-05-27 | In Slican telephone exchanges it is possible to manage the control panel remotely. An unauthenticated attacker can connect to the modem via a telephone with a specific call… |
| CVE-2026-35087 | NONE | Patched | — | 2026-05-27 | Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate comm… |
| CVE-2026-42761 | CRITICAL | 9.3 | 2026-05-27 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tabl… | |
| CVE-2026-42747 | CRITICAL | 9.3 | 2026-05-27 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL In… | |
| CVE-2026-42755 | CRITICAL | 9.3 | 2026-05-27 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 TableOn posts-table-filterable allows Blind SQL Injection.T… | |
| CVE-2026-42740 | CRITICAL | 9.3 | 2026-05-27 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tainacan Tainacan tainacan allows Blind SQL Injection.This issue affec… | |
| CVE-2026-42727 | CRITICAL | 9.3 | 2026-05-27 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tabl… |