Search
6,811 CVEs
CVEs (6,811, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 476–500 of 6,811 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2026-40136 | MEDIUM | 4.3 | 2026-05-12 | SAP Financial Consolidation allows an authenticated attacker to disconnect other users by terminating their sessions temporarily preventing access. However, the application… | |
| CVE-2026-40137 | MEDIUM | 6.1 | 2026-05-12 | SAP TAF_APPLAUNCHER within Business Server Pages allows an unauthenticated attacker to craft malicious links that, when clicked by a victim, redirects them to attacker?cont… | |
| CVE-2026-45430 | HIGH | Patched | 7.1 | 2026-05-12 | The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authorization flow against CSRF attacks. |
| CVE-2026-7255 | MEDIUM | 6.5 | 2026-05-12 | ** UNSUPPORTED WHEN ASSIGNED ** An improper restriction of excessive authentication attempts vulnerability in the web management interface of Zyxel WRE6505 v2 firmware vers… | |
| CVE-2026-7256 | HIGH | 8.8 | 2026-05-12 | ** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker o… | |
| CVE-2026-7257 | MEDIUM | 4.4 | 2026-05-12 | ** UNSUPPORTED WHEN ASSIGNED ** An insecure storage of sensitive information vulnerability in the configuration file of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 co… | |
| CVE-2026-7287 | HIGH | 7.5 | 2026-05-12 | ** UNSUPPORTED WHEN ASSIGNED ** A buffer overflow vulnerability in the formWep(), formWlAc(), formPasswordSetup(), formUpgradeCert(), and formDelcert() functions of the “we… | |
| CVE-2026-41530 | LOW | 3.3 | 2026-05-12 | The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the a… | |
| CVE-2026-41872 | HIGH | 7.4 | 2026-05-12 | "Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack may allow eavesdropping on, or altering, the co… | |
| CVE-2026-0541 | MEDIUM | Patched | 6.7 | 2026-05-12 | ACAP applications can gain elevated privileges due to improper input validation during the installation process, potentially leading to privilege escalation. This vulnerabi… |
| CVE-2026-0802 | MEDIUM | Patched | 6.0 | 2026-05-12 | An ACAP configuration file lacked sufficient input validation, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only… |
| CVE-2026-0804 | MEDIUM | Patched | 6.7 | 2026-05-12 | An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can o… |
| CVE-2026-1185 | MEDIUM | Patched | 5.4 | 2026-05-12 | A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerabilit… |
| CVE-2026-1681 | MEDIUM | 6.1 | 2026-05-12 | Issuing an ICMP ping via the `net ping` shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work… | |
| CVE-2026-35227 | NONE | — | 2026-05-12 | An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is successful… | |
| CVE-2026-2300 | MEDIUM | 6.4 | 2026-05-12 | The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `filter_images()` function in all versions up to, and including, 1.0.9. This is d… | |
| CVE-2026-2993 | HIGH | 7.5 | 2026-05-12 | The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.17 due to insufficient escaping on us… | |
| CVE-2026-39432 | HIGH | 8.2 | 2026-05-12 | Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Timetics: from n/a th… | |
| CVE-2026-3604 | MEDIUM | 4.9 | 2026-05-12 | The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `_kcseo_ative_tab` parameter in all versions up to, and includin… | |
| CVE-2026-4301 | MEDIUM | 4.3 | 2026-05-12 | The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwr… | |
| CVE-2026-4663 | NONE | — | 2026-05-12 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39608. Reason: This candidate is a reservation duplicate of CVE-2026-39608. Notes: All … | |
| CVE-2026-4859 | MEDIUM | 6.4 | 2026-05-12 | The SP Blog Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'design' attribute of the `wpsbd_post_carousel` shortcode in all versions up … | |
| CVE-2026-4920 | MEDIUM | 6.4 | 2026-05-12 | The Next Date plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in all versions up to, and including, 1.0 due to insuf… | |
| CVE-2026-5028 | MEDIUM | 6.5 | 2026-05-12 | The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the `pp-get-articles` AJAX action in all… | |
| CVE-2026-5340 | MEDIUM | 6.4 | 2026-05-12 | The Fancy Image Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `fancy-img-show` shortcode in all versions up to, and including, 9.1… |