Search
1,463 CVEs
CVEs (1,463, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 51–75 of 1,463 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2026-34906 | NONE | — | 2026-06-02 | Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution (RCE). In the endpoint redirectToUrl and par… | |
| CVE-2026-34907 | NONE | — | 2026-06-02 | Wirtualna Uczelnia is vulnerable to Reflected Cross‑Site Scripting (XSS) due to insecure handling of the locale parameter across multiple endpoints. An attacker can craft a… | |
| CVE-2026-41115 | MEDIUM | Patched | 4.3 | 2026-06-02 | An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMER_GROUP_DESCRIBE (69) API validates the DESCRIBE operation on… |
| CVE-2026-46718 | MEDIUM | Patched | 6.5 | 2026-06-02 | Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.… |
| CVE-2026-5191 | MEDIUM | 5.4 | 2026-06-02 | The Tiled Gallery Carousel Without JetPack plugin for WordPress is vulnerable to stored cross-site scripting via the 'data-image-title' parameter in all versions up to, and… | |
| CVE-2026-5422 | HIGH | 8.1 | 2026-06-02 | A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the _get_os_path() function within jupyter_serve… | |
| CVE-2025-53440 | HIGH | 8.1 | 2026-06-02 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Confidant allows PHP Local File Inclusi… | |
| CVE-2025-58024 | HIGH | 7.5 | 2026-06-02 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in UnboundStudio Accordion FAQ allows PHP Local File I… | |
| CVE-2025-58705 | HIGH | 8.1 | 2026-06-02 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Crafti allows PHP Local File Inclusion.… | |
| CVE-2026-39550 | HIGH | 8.1 | 2026-06-02 | Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6. | |
| CVE-2026-39551 | HIGH | 8.1 | 2026-06-02 | Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a through 1.8.1. | |
| CVE-2026-42669 | HIGH | 7.5 | 2026-06-02 | Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventPrime: from n/a through 4.3.2.0. | |
| CVE-2026-42670 | HIGH | 7.5 | 2026-06-02 | Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Lev… | |
| CVE-2026-42684 | CRITICAL | 9.3 | 2026-06-02 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP… | |
| CVE-2026-42685 | HIGH | 7.1 | 2026-06-02 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job P… | |
| CVE-2026-8993 | MEDIUM | 6.5 | 2026-06-02 | D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could … | |
| CVE-2019-25717 | MEDIUM | 4.3 | 2026-06-02 | Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log file… | |
| CVE-2019-25719 | HIGH | 8.6 | 2026-06-02 | Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and lower contain network message handling vulne… | |
| CVE-2025-58707 | HIGH | 8.1 | 2026-06-02 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Spin allows PHP Local File Inclusion. … | |
| CVE-2025-58897 | HIGH | 8.1 | 2026-06-02 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Fermentio allows PHP Local File Inclusi… | |
| CVE-2025-68886 | HIGH | 8.1 | 2026-06-02 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in androThemes Cookiteer allows PHP Local File Inclusi… | |
| CVE-2025-69369 | HIGH | 8.1 | 2026-06-02 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Racquet allows PHP Local File Inclusion… | |
| CVE-2026-10611 | NONE | — | 2026-06-02 | An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true… | |
| CVE-2026-10621 | HIGH | 7.5 | 2026-06-02 | Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and ca… | |
| CVE-2026-10622 | HIGH | 8.2 | 2026-06-02 | Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker to access privileged functionality via exposed '/rest/* endpoints. |