Search
1,463 CVEs
CVEs (1,463, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 101–125 of 1,463 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2026-33398 | NONE | — | 2026-06-02 | NamelessMC is website software for Minecraft servers. In version 2.2.4, `modules/Forum/pages/forum/get_quotes.php` only checks whether the caller is logged in, then reads a… | |
| CVE-2026-34460 | MEDIUM | Patched | 5.4 | 2026-06-02 | NamelessMC is website software for Minecraft servers. In versions 2.2.4 and prior, the OAuth callback handling does not validate the state parameter server-side before exch… |
| CVE-2026-35716 | MEDIUM | 6.3 | 2026-06-02 | A stack-based buffer overflow in the motion_privacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code … | |
| CVE-2026-35718 | MEDIUM | Patched | 6.5 | 2026-06-02 | A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware 0300a allows authenticated attackers to read any file on the de… |
| CVE-2026-38978 | MEDIUM | 5.3 | 2026-06-02 | transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths. | |
| CVE-2026-40619 | HIGH | 7.8 | 2026-06-02 | A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main serve… | |
| CVE-2026-40780 | HIGH | Patched | 7.5 | 2026-06-02 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation. This issue affects BookIt: f… |
| CVE-2026-42654 | HIGH | 7.1 | 2026-06-02 | Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects… | |
| CVE-2026-44367 | LOW | Patched | 2.7 | 2026-06-02 | Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms d… |
| CVE-2026-45080 | NONE | Patched | — | 2026-06-02 | Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, improper access control allows disclosure of password hash. This issue… |
| CVE-2026-45553 | HIGH | Patched | 7.5 | 2026-06-02 | NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructured_text() renders reStructuredText server-side with Docutils without disabling file insertion … |
| CVE-2026-45554 | MEDIUM | Patched | 5.3 | 2026-06-02 | NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may r… |
| CVE-2026-45676 | MEDIUM | Patched | 5.5 | 2026-06-02 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI's replacement ELF parser trusts section of… |
| CVE-2026-45678 | HIGH | Patched | 7.5 | 2026-06-02 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Postgres protocol parser assumes BIND mess… |
| CVE-2026-45679 | MEDIUM | Patched | 6.5 | 2026-06-02 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI exports raw Redis error text as the span s… |
| CVE-2026-45680 | MEDIUM | Patched | 5.9 | 2026-06-02 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe hits into histogram obse… |
| CVE-2026-45681 | MEDIUM | Patched | 5.9 | 2026-06-02 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses … |
| CVE-2026-45682 | MEDIUM | Patched | 5.1 | 2026-06-02 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the custom CappedConcurrentHashMap introduced … |
| CVE-2026-45683 | LOW | Patched | 3.8 | 2026-06-02 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Java TLS ioctl probe reads user-controlled… |
| CVE-2026-45684 | MEDIUM | Patched | 4.9 | 2026-06-02 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, OBI's log enricher mishand… |
| CVE-2026-45685 | HIGH | Patched | 7.5 | 2026-06-02 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.1.0 to before version 0.9.0, malformed MongoDB wire mes… |
| CVE-2026-45686 | HIGH | Patched | 7.5 | 2026-06-02 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, a remotely reachable integ… |
| CVE-2026-47117 | CRITICAL | Patched | 9.8 | 2026-06-02 | OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matchin… |
| CVE-2026-48861 | NONE | Patched | — | 2026-06-02 | Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/… |
| CVE-2026-48862 | NONE | Patched | — | 2026-06-02 | Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client via PUSH… |