Search
6,811 CVEs
CVEs (6,811, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 126–150 of 6,811 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2026-6433 | HIGH | 7.3 | 2026-05-11 | The Custom css-js-php WordPress plugin through 2.0.7 does not properly sanitize user input before using it in a SQL query, and the result is passed to eval(), allowing unau… | |
| CVE-2026-8275 | LOW | 3.7 | 2026-05-11 | A vulnerability was detected in bettercap up to 2.41.5. Affected by this vulnerability is the function ippReadChunkedBody of the file modules/zerogod/zerogod_ipp_primitives… | |
| CVE-2026-8276 | LOW | 3.7 | 2026-05-11 | A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysql_server/mysql_server.go of the component MySQ… | |
| CVE-2026-43500 | HIGH | Patched | 7.8 | 2026-05-11 | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrp… |
| CVE-2026-5084 | MEDIUM | 6.5 | 2026-05-11 | WebDyne::Session versions through 2.075 for Perl generates the session id insecurely. The session handler generates the session id from an MD5 hash seeded with a call to t… | |
| CVE-2026-41018 | MEDIUM | Patched | 6.5 | 2026-05-11 | The Elasticsearch logging provider, when configured with a `host` URL that embeds credentials (for example `https://user:password@server.example.com:9200`), wrote the full … |
| CVE-2026-43826 | MEDIUM | Patched | 6.5 | 2026-05-11 | The OpenSearch logging provider, when configured with a `host` URL that embeds credentials (for example `https://user:password@server.example.com:9200`), wrote the full hos… |
| CVE-2024-0391 | MEDIUM | Patched | 5.3 | 2026-05-11 | The check user account lock states feature within the email OTP flow fails to validate user input, allowing an attacker to infer the existence of registered user accounts. … |
| CVE-2025-10908 | HIGH | Patched | 7.3 | 2026-05-11 | Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods. This bypa… |
| CVE-2025-43992 | MEDIUM | Patched | 5.6 | 2026-05-11 | Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo r… |
| CVE-2025-8154 | MEDIUM | Patched | 5.3 | 2026-05-11 | In Webhook API invocations, the component accepts user-supplied input for HTTP request headers without sufficient validation or sanitization, allowing these headers to be i… |
| CVE-2025-8325 | MEDIUM | Patched | 6.3 | 2026-05-11 | The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, bypassing inten… |
| CVE-2026-26946 | MEDIUM | Patched | 6.7 | 2026-05-11 | Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileg… |
| CVE-2026-32658 | HIGH | Patched | 8.0 | 2026-05-11 | Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker with remote access could potentially exploit t… |
| CVE-2026-35157 | MEDIUM | Patched | 5.8 | 2026-05-11 | Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerabilit… |
| CVE-2026-40636 | CRITICAL | Patched | 9.8 | 2026-05-11 | Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacke… |
| CVE-2026-41951 | HIGH | 7.2 | 2026-05-11 | Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the server when an email server is runnin… | |
| CVE-2026-6909 | NONE | — | 2026-05-11 | ATutor is vulnerable to Reflected XSS in /install/upgrade.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript e… | |
| CVE-2026-6956 | NONE | — | 2026-05-11 | ATutor is vulnerable to Reflected XSS in /install/install.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript e… | |
| CVE-2025-10470 | HIGH | Patched | 8.6 | 2026-05-11 | The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage… |
| CVE-2025-9973 | MEDIUM | Patched | 6.4 | 2026-05-11 | Due to not validating the organization context when executing adaptive authentication flows, the WSO2 Identity Server allows adaptive authentication logic to be triggered o… |
| CVE-2026-8288 | MEDIUM | Patched | 4.3 | 2026-05-11 | A vulnerability was determined in Open5GS up to 2.7.7. This affects the function gsm_handle_pdu_session_modification_qos_flow_descriptions of the file src/smf/gsm-handler.c… |
| CVE-2026-4802 | HIGH | 8.0 | 2026-05-11 | A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parame… | |
| CVE-2026-8289 | MEDIUM | Patched | 4.3 | 2026-05-11 | A vulnerability was identified in Open5GS up to 2.7.7. This vulnerability affects the function smf_nsmf_handle_update_data_in_vsmf of the file /src/smf/nsmf-handler.c of th… |
| CVE-2026-8290 | MEDIUM | Patched | 4.3 | 2026-05-11 | A security flaw has been discovered in Open5GS up to 2.7.7. This issue affects the function smf_nsmf_handle_update_data_in_vsmf of the file /src/smf/nsmf-handler.c of the c… |