Search
23,984 CVEs · Medium severity
CVEs (23,984, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 126–150 of 23,984 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↓ | Description |
|---|---|---|---|---|---|
| CVE-2026-37737 | MEDIUM | 6.5 | 2026-06-05 | sanic-cors version 2.2.0 and prior contains an improper regular expression in the try_match() function in sanic_cors/core.py that uses re.match without end-anchoring. This … | |
| CVE-2026-11335 | MEDIUM | 6.3 | 2026-06-05 | A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This impacts the function … | |
| CVE-2026-11333 | MEDIUM | 6.3 | 2026-06-05 | A security vulnerability has been detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. The i… | |
| CVE-2025-59174 | MEDIUM | Patched | 6.5 | 2026-06-05 | Ericsson Packet Core Controller (PCC) versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause servic… |
| CVE-2020-25900 | MEDIUM | 5.3 | 2026-06-05 | HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city. Furthermore, these coordinates are placed int… | |
| CVE-2026-50235 | MEDIUM | 6.1 | 2026-06-05 | Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying … | |
| CVE-2026-50233 | MEDIUM | 5.3 | 2026-06-05 | Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI service (TCP port 9090) and the HTT… | |
| CVE-2026-50230 | MEDIUM | 6.1 | 2026-06-05 | Lyrion Music Server 9.2.0 contains an unauthenticated reflected cross-site scripting vulnerability in the server.log endpoint that allows attackers to inject arbitrary HTML… | |
| CVE-2026-50263 | MEDIUM | 5.5 | 2026-06-05 | A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and f… | |
| CVE-2026-50262 | MEDIUM | 5.5 | 2026-06-05 | An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled … | |
| CVE-2026-25659 | MEDIUM | Patched | 6.5 | 2026-06-05 | Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an attacker continuously sending a sp… |
| CVE-2026-25658 | MEDIUM | Patched | 6.5 | 2026-06-05 | Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an attacker continuously sending a sp… |
| CVE-2026-25657 | MEDIUM | Patched | 6.5 | 2026-06-05 | Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure (CWE-228) vulnerability where an attacker continuo… |
| CVE-2026-21028 | MEDIUM | 5.5 | 2026-06-05 | Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information. | |
| CVE-2026-21026 | MEDIUM | 5.5 | 2026-06-05 | Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information. | |
| CVE-2026-21025 | MEDIUM | 5.5 | 2026-06-05 | Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information. | |
| CVE-2026-21017 | MEDIUM | 5.5 | 2026-06-05 | Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files. | |
| CVE-2026-21826 | MEDIUM | 6.1 | 2026-06-05 | HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the applicati… | |
| CVE-2026-21825 | MEDIUM | 6.1 | 2026-06-05 | HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center. An attacker could execute arbitrary JavaScript in … | |
| CVE-2026-10732 | MEDIUM | 6.4 | 2026-06-05 | All versions of the package decompress are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) when extracting a ZIP archive containing two entries with th… | |
| CVE-2026-50592 | MEDIUM | Patched | 6.4 | 2026-06-05 | In Znuny LTS before 6.5.21 and Znuny before 7.3.3, there is reflected XSS in AdminCommunicationLog (aka the communication log administration view). |
| CVE-2026-50591 | MEDIUM | Patched | 5.4 | 2026-06-05 | In Znuny LTS before 6.5.21 and Znuny before 7.3.3, XSS can occur via stored user preferences. |
| CVE-2026-50590 | MEDIUM | Patched | 4.5 | 2026-06-05 | In Mimecast Incydr before 2.6.0, arbitrary file access can occur. |
| CVE-2026-50589 | MEDIUM | Patched | 5.3 | 2026-06-05 | In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a ser… |
| CVE-2026-11309 | MEDIUM | Patched | 4.3 | 2026-06-05 | Insufficient policy enforcement in History in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium secur… |