Search
153,526 CVEs · Medium severity
CVEs (153,526, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 476–500 of 153,526 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↓ | Description |
|---|---|---|---|---|---|
| CVE-2026-10702 | MEDIUM | Patched | 4.3 | 2026-06-02 | JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3. |
| CVE-2026-10616 | MEDIUM | 4.3 | 2026-06-02 | A weakness has been identified in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function TeamTasksTool.executeComplete of the file internal/tools/team_t… | |
| CVE-2026-10584 | MEDIUM | Patched | 5.9 | 2026-06-02 | Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when certificate files are missing, which might allow remote threat actors to obtain sensitive information vi… |
| CVE-2021-4479 | MEDIUM | 4.0 | 2026-06-02 | Dräger Atlan A350 software versions 1.00 through 1.01 contains an improper input handling vulnerability that allows attackers to cause a denial of service by sending specif… | |
| CVE-2019-25724 | MEDIUM | 6.5 | 2026-06-02 | Dräger Infinity M300 patient worn monitors with software version VG2.x and earlier contain a network-based denial of service vulnerability that allows attackers with access… | |
| CVE-2019-25723 | MEDIUM | 4.0 | 2026-06-02 | Dräger Perseus A500 software versions 2.00 through 2.02 contains an improper input handling vulnerability that allows external attackers to cause a denial of service by sen… | |
| CVE-2019-25721 | MEDIUM | 6.5 | 2026-06-02 | Dräger Infinity M300 patient worn monitors with software version VG2.3.1 and earlier contain a network-based denial of service vulnerability that allows network-adjacent at… | |
| CVE-2026-49943 | MEDIUM | 6.3 | 2026-06-02 | CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP AS_PATH mask matching implementation in nest/a-path.c. The as_path_matc… | |
| CVE-2026-42073 | MEDIUM | Patched | 6.5 | 2026-06-02 | OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the OpenClaude MCP authentication flow starts … |
| CVE-2026-40713 | MEDIUM | Patched | 6.1 | 2026-06-02 | Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access control vulnerability. An unauthenticated attacker with physical access could potentiall… |
| CVE-2026-33244 | MEDIUM | Patched | 5.4 | 2026-06-02 | React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP `Location` h… |
| CVE-2026-1871 | MEDIUM | 6.5 | 2026-06-02 | TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can… | |
| CVE-2026-9590 | MEDIUM | Patched | 5.3 | 2026-06-02 | Improper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user with entry edit privileges to modify… |
| CVE-2026-9522 | MEDIUM | Patched | 5.4 | 2026-06-02 | Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without administrative privileges to d… |
| CVE-2026-7299 | MEDIUM | Patched | 6.3 | 2026-06-02 | Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to … |
| CVE-2026-45684 | MEDIUM | Patched | 4.9 | 2026-06-02 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, OBI's log enricher mishand… |
| CVE-2026-45682 | MEDIUM | Patched | 5.1 | 2026-06-02 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the custom CappedConcurrentHashMap introduced … |
| CVE-2026-45681 | MEDIUM | Patched | 5.9 | 2026-06-02 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses … |
| CVE-2026-45680 | MEDIUM | Patched | 5.9 | 2026-06-02 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe hits into histogram obse… |
| CVE-2026-45679 | MEDIUM | Patched | 6.5 | 2026-06-02 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI exports raw Redis error text as the span s… |
| CVE-2026-45676 | MEDIUM | Patched | 5.5 | 2026-06-02 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI's replacement ELF parser trusts section of… |
| CVE-2026-45554 | MEDIUM | Patched | 5.3 | 2026-06-02 | NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may r… |
| CVE-2026-38978 | MEDIUM | 5.3 | 2026-06-02 | transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths. | |
| CVE-2026-35718 | MEDIUM | Patched | 6.5 | 2026-06-02 | A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware 0300a allows authenticated attackers to read any file on the de… |
| CVE-2026-35716 | MEDIUM | 6.3 | 2026-06-02 | A stack-based buffer overflow in the motion_privacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code … |