Search
1,557 CVEs
CVEs (1,557, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 101–125 of 1,557 (capped at 500)
| CVE ID ↑ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2025-67448 | HIGH | 7.1 | 2026-06-04 | The SMS module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to stored XSS. The application does not properly sanitize user input in SMS messages before… | |
| CVE-2025-68886 | HIGH | 8.1 | 2026-06-02 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in androThemes Cookiteer allows PHP Local File Inclusi… | |
| CVE-2025-69369 | HIGH | 8.1 | 2026-06-02 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Racquet allows PHP Local File Inclusion… | |
| CVE-2025-69755 | HIGH | 8.2 | 2026-06-04 | An issue in Neterbit NW-431F Router vNW-431F-20241014-IR03 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted command to the … | |
| CVE-2025-70100 | MEDIUM | 5.5 | 2026-06-03 | A divide-by-zero vulnerability in the ext4_block_set_lb_size function in src/ext4_blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by pr… | |
| CVE-2025-70101 | MEDIUM | 6.5 | 2026-06-03 | An out-of-bounds read in the ext4_ext_binsearch_idx function in src/ext4_extent.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by supplying a s… | |
| CVE-2025-71313 | NONE | — | 2026-06-03 | In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Add missing NULL check for alloc_workqueue() alloc_workqueue() can return NULL on memor… | |
| CVE-2025-71314 | NONE | — | 2026-06-03 | In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Recover from panthor_gpu_flush_caches() failures We have seen a few cases where the whole… | |
| CVE-2025-71315 | NONE | — | 2026-06-08 | In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Convert to DRM's vblank timer Replace vkms' vblank timer with the DRM implementation. The DR… | |
| CVE-2025-71316 | CRITICAL | 9.8 | 2026-06-04 | SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option … | |
| CVE-2025-71317 | CRITICAL | 9.8 | 2026-06-05 | NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants administrative access. A remote, unauthenticated attacker can authentic… | |
| CVE-2025-71318 | CRITICAL | 9.8 | 2026-06-05 | NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages (… | |
| CVE-2025-8873 | HIGH | 7.5 | 2026-06-04 | On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane m… | |
| CVE-2026-0611 | CRITICAL | Patched | 9.8 | 2026-06-02 | Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthenticated remote code execution vulnerability through a deprecated .NET R… |
| CVE-2026-10038 | MEDIUM | 4.3 | 2026-06-06 | The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insecure Direct Object Reference / Author… | |
| CVE-2026-10046 | HIGH | 7.8 | 2026-06-02 | Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the BIOS INT 0x15 / E820 memory map handler, implemented in napoca/guests/bios_han… | |
| CVE-2026-10047 | HIGH | 7.8 | 2026-06-02 | The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in napoca/kernel/handler.c. The handle… | |
| CVE-2026-10100 | MEDIUM | 4.4 | 2026-06-02 | The Simple Custom Login Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the color settings fields (Page Background, Form Background, Text Color, … | |
| CVE-2026-10301 | MEDIUM | 4.3 | 2026-06-02 | A vulnerability was detected in itsourcecode Fees Management System 1.0. The affected element is an unknown function of the file index.php. Performing a manipulation of the… | |
| CVE-2026-10302 | MEDIUM | 6.3 | 2026-06-02 | A flaw has been found in itsourcecode Fees Management System 1.0. The impacted element is an unknown function of the file /manage_fee.php. Executing a manipulation of the a… | |
| CVE-2026-10305 | MEDIUM | Patched | 6.1 | 2026-06-04 | Out-of-bounds read vulnerability in Samsung Open Source rlottie allows Overread Buffers. This issue affects rlottie: before 223a2a41ba4f462e4abe767bebba49a366c9b9fd. |
| CVE-2026-10510 | MEDIUM | 6.1 | 2026-06-02 | Cross-Site Scripting (XSS) in GeniexWebView component in Transsion AI Assistant Lifestyle application (com.transsion.aiassistantlifestyle) all versions on Android allows re… | |
| CVE-2026-10514 | LOW | 2.4 | 2026-06-02 | A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestPar… | |
| CVE-2026-10528 | LOW | 3.3 | 2026-06-02 | A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11. This issue affects the function DcmItem::read of the file OrthancFramework/Sources/DicomParsing/F… | |
| CVE-2026-10529 | LOW | 2.4 | 2026-06-02 | A weakness has been identified in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is an unknown function of the file src/main/java/com/zhiliao/m… |