Search
1,463 CVEs
CVEs (1,463, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 126–150 of 1,463 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-50589 | MEDIUM | Patched | 5.3 | 2026-06-05 | In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a ser… |
| CVE-2026-50292 | HIGH | Patched | 7.4 | 2026-06-04 | In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code execution |
| CVE-2026-50266 | LOW | Patched | 2.2 | 2026-06-04 | In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set device_owner to a value that has "net… |
| CVE-2026-50265 | NONE | — | 2026-06-05 | Rejected reason: This CVE ID was assigned as a duplicate of CVE-2026-50292 | |
| CVE-2026-50264 | HIGH | 7.8 | 2026-06-05 | An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attach… | |
| CVE-2026-50263 | MEDIUM | 5.5 | 2026-06-05 | A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and f… | |
| CVE-2026-50262 | MEDIUM | 5.5 | 2026-06-05 | An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled … | |
| CVE-2026-50261 | HIGH | 7.8 | 2026-06-05 | A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client that sets up multiple SyncCounters can trigger a use-after-free when des… | |
| CVE-2026-50260 | HIGH | 7.8 | 2026-06-05 | A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a … | |
| CVE-2026-50259 | HIGH | Patched | 7.8 | 2026-06-05 | A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type in… |
| CVE-2026-50258 | HIGH | Patched | 7.8 | 2026-06-05 | A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel * XkbNumKbdGroups but CheckK… |
| CVE-2026-50257 | HIGH | Patched | 7.8 | 2026-06-05 | A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence(). A client that sets up multiple fence triggers can trigger a use-after-free funct… |
| CVE-2026-50256 | HIGH | Patched | 7.8 | 2026-06-05 | A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can ca… |
| CVE-2026-50235 | MEDIUM | 6.1 | 2026-06-05 | Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying … | |
| CVE-2026-50234 | HIGH | 7.5 | 2026-06-05 | Lyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting directory traversal in the web… | |
| CVE-2026-50233 | MEDIUM | 5.3 | 2026-06-05 | Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI service (TCP port 9090) and the HTT… | |
| CVE-2026-50232 | HIGH | 7.2 | 2026-06-05 | Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE… | |
| CVE-2026-50231 | HIGH | 7.2 | 2026-06-05 | Lyrion Music Server 9.2.0 contains an unauthenticated stored cross-site scripting vulnerability in the log viewer that allows attackers to inject malicious scripts by explo… | |
| CVE-2026-50230 | MEDIUM | 6.1 | 2026-06-05 | Lyrion Music Server 9.2.0 contains an unauthenticated reflected cross-site scripting vulnerability in the server.log endpoint that allows attackers to inject arbitrary HTML… | |
| CVE-2026-50226 | MEDIUM | Patched | 5.3 | 2026-06-04 | Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to l… |
| CVE-2026-50225 | CRITICAL | Patched | 9.1 | 2026-06-04 | The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database. |
| CVE-2026-50224 | MEDIUM | Patched | 4.9 | 2026-06-04 | The web administration panel binds broadly to the public IPv6 address space on port [::]:8080 without default firewall limits, making internal API endpoints reachable over the WAN. |
| CVE-2026-50219 | MEDIUM | Patched | 4.9 | 2026-06-04 | libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in c… |
| CVE-2026-50214 | CRITICAL | Patched | 9.8 | 2026-06-04 | The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans. |
| CVE-2026-50213 | HIGH | Patched | 7.5 | 2026-06-04 | The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings. |