Search
1,463 CVEs
CVEs (1,463, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 476–500 of 1,463 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2026-10808 | MEDIUM | 6.3 | 2026-06-04 | A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown function of the file /manage_student.php. The manipulation of the argumen… | |
| CVE-2026-10809 | MEDIUM | 6.3 | 2026-06-04 | A security flaw has been discovered in itsourcecode Fees Management System 1.0. This impacts an unknown function of the file /manage_user.php. The manipulation of the argum… | |
| CVE-2026-10810 | MEDIUM | 4.3 | 2026-06-04 | A weakness has been identified in itsourcecode Fees Management System up to 1.0. Affected is an unknown function of the file /navbar.php. This manipulation of the argument … | |
| CVE-2026-10854 | MEDIUM | Patched | 4.3 | 2026-06-04 | A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event templ… |
| CVE-2026-10855 | MEDIUM | Patched | 4.3 | 2026-06-04 | An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application checked whether a … |
| CVE-2026-10856 | MEDIUM | Patched | 6.1 | 2026-06-04 | A URL validation flaw in the MISP dashboard button widget allowed a crafted relative-looking URL to be accepted as a local path while being interpreted by browsers as an ex… |
| CVE-2026-10861 | MEDIUM | Patched | 6.1 | 2026-06-04 | An open redirect vulnerability existed in MISP UsersController::routeafterlogin() because the value stored in the pre_login_requested_url session key was used as the post-l… |
| CVE-2026-40605 | NONE | — | 2026-06-04 | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.1, a path traversal vulnerability in the cache deletion endpoint allows… | |
| CVE-2026-43926 | NONE | — | 2026-06-04 | FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint `/client/reset-password-confirm/:h… | |
| CVE-2026-45433 | NONE | — | 2026-06-04 | This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacker could exploit this vuln… | |
| CVE-2026-8037 | CRITICAL | 9.6 | 2026-06-04 | OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster… | |
| CVE-2026-8762 | NONE | — | 2026-06-04 | Rejected reason: After analysis, the originally reported behaviour was determined not to constitute a security vulnerability. The findings were parser-strictness defects wi… | |
| CVE-2026-10811 | MEDIUM | 6.3 | 2026-06-04 | A security vulnerability has been detected in itsourcecode Fees Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /receipt.php. … | |
| CVE-2026-10812 | LOW | 3.6 | 2026-06-04 | A vulnerability was detected in zilliztech GPTCache up to 0.1.44. Affected by this issue is the function BufferedReader.peek of the file gptcache/processor/pre.py of the co… | |
| CVE-2026-10860 | MEDIUM | Patched | 6.5 | 2026-06-04 | A logic error in the MISP CRUD component delete handler allowed validation failures to be bypassed when requests used the HTTP DELETE method. Due to missing parentheses in … |
| CVE-2026-10863 | HIGH | Patched | 8.1 | 2026-06-04 | A security issue was fixed in the correlations over-correlation endpoint where the order query parameter was accepted from user-controlled named request parameters. This al… |
| CVE-2026-10864 | MEDIUM | Patched | 4.3 | 2026-06-04 | A vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the fields option and influence which fields were returned by the New Users and Ne… |
| CVE-2026-28318 | HIGH | Patched | 7.5 | 2026-06-04 | SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps a… |
| CVE-2026-35904 | CRITICAL | 9.8 | 2026-06-04 | Incorrect access control in the web management interface of T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 allows unauthorized attackers to ena… | |
| CVE-2026-35905 | CRITICAL | 9.8 | 2026-06-04 | T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 were discovered to contain a hardcoded password for root access under the "superadmin" account. | |
| CVE-2026-35906 | CRITICAL | 9.6 | 2026-06-04 | An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03 allows unauthenticated attackers to execute arbitrary system commands as root… | |
| CVE-2026-36174 | MEDIUM | 4.6 | 2026-06-04 | GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-p… | |
| CVE-2026-36175 | MEDIUM | 6.8 | 2026-06-04 | An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access via interrupting the boot sequence … | |
| CVE-2026-36176 | HIGH | 7.1 | 2026-06-04 | GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs (PUT requests) in plaintext to the serial console. This allows physically-proximate attackers t… | |
| CVE-2026-36178 | MEDIUM | 4.6 | 2026-06-04 | The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to rec… |