Search
1,463 CVEs
CVEs (1,463, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 76–100 of 1,463 (capped at 500)
| CVE ID | Severity ↓ | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-49232 | NONE | — | 2026-06-08 | Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition ca… | |
| CVE-2026-49233 | NONE | — | 2026-06-08 | Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path travers… | |
| CVE-2026-43972 | NONE | Patched | — | 2026-06-08 | Origin Validation Error vulnerability in ninenines gun (gun_http2 module) allows cross-origin cookie injection via unvalidated HTTP/2 PUSH_PROMISE authority. In gun_http2:… |
| CVE-2026-43973 | NONE | Patched | — | 2026-06-08 | Uncontrolled Resource Consumption vulnerability in ninenines gun (gun_http module) allows a malicious server to exhaust client memory via unbounded HTTP/1.1 response buffer… |
| CVE-2026-43974 | NONE | Patched | — | 2026-06-08 | Unexpected Status Code or Return Value vulnerability in ninenines gun (gun_http module) allows a malicious HTTP server to force the client into raw protocol mode via an uns… |
| CVE-2026-7765 | NONE | — | 2026-06-08 | Incorrect authorization in the User Messages dashboard widget in Checkmk <2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather th… | |
| CVE-2026-8833 | NONE | — | 2026-06-08 | Improper neutralization of HTML-encoded characters in the URL validation function in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an authenticated … | |
| CVE-2026-47430 | NONE | Patched | — | 2026-06-08 | ## Summary The iOS implementation of `cordova-plugin-inappbrowser` passes the `id` field from a `WKScriptMessage` body to `commandDelegate sendPluginResult:callbackId:` wi… |
| CVE-2026-9506 | NONE | — | 2026-06-08 | This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could explo… | |
| CVE-2024-56120 | NONE | — | 2026-06-08 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |
| CVE-2024-56121 | NONE | — | 2026-06-08 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |
| CVE-2024-56122 | NONE | — | 2026-06-08 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |
| CVE-2024-56123 | NONE | — | 2026-06-08 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |
| CVE-2026-36229 | NONE | — | 2026-06-06 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a securit… | |
| CVE-2026-6240 | NONE | — | 2026-06-06 | A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when handling multiple user delet… | |
| CVE-2026-6241 | NONE | — | 2026-06-06 | An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed to formatting functions w… | |
| CVE-2026-6242 | NONE | — | 2026-06-06 | An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplied parameters within forma… | |
| CVE-2026-34123 | NONE | — | 2026-06-06 | On Tapo C520WS v2, restricted accounts (for example, hub users) are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’… | |
| CVE-2026-6239 | NONE | — | 2026-06-06 | A stack‑based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service, where the device fails to properly validate the number of XML user no… | |
| CVE-2026-45409 | NONE | — | 2026-06-05 | Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unicode IDNA Compatibility P… | |
| CVE-2026-11424 | NONE | Patched | — | 2026-06-05 | A server-side request forgery (SSRF) vulnerability exists in a GraphQL service component shared by Altium Enterprise Server and Altium 365. An authenticated user can submit… |
| CVE-2026-11429 | NONE | Patched | — | 2026-06-05 | A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-mani… |
| CVE-2026-11431 | NONE | Patched | — | 2026-06-05 | A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafte… |
| CVE-2026-11423 | NONE | — | 2026-06-05 | A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due to improper handling of user-supplied filenames in the MCAD and Simulation f… | |
| CVE-2026-46400 | NONE | — | 2026-06-05 | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and prior to version 25.0.0, the file upload functionality in HAXCMS PHP onl… |