Search
153,531 CVEs · Medium severity
CVEs (153,531, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 151–175 of 153,531 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-9305 | MEDIUM | 6.3 | 2026-05-23 | A weakness has been identified in QuantumNous new-api up to 0.12.1. The impacted element is the function SearchUserTopUps/SearchAllTopUps of the file model/topup.go of the … | |
| CVE-2026-9304 | MEDIUM | 5.0 | 2026-05-23 | A security flaw has been discovered in calcom cal.diy up to 4.9.4. The affected element is the function validateUrlForSSRF of the file apps/web/app/api/logo/route.ts of the… | |
| CVE-2026-9303 | MEDIUM | 4.3 | 2026-05-23 | A vulnerability was identified in calcom cal.diy up to 4.9.4. Impacted is an unknown function. The manipulation leads to cross-site request forgery. It is possible to initi… | |
| CVE-2026-9302 | MEDIUM | 6.3 | 2026-05-23 | A vulnerability was determined in 546669204 vps-inventory-monitoring up to 98c00b370668c96ae75e91c15548d9ea113652d9. This issue affects the function eval of the file app/in… | |
| CVE-2026-9301 | MEDIUM | 6.3 | 2026-05-23 | A vulnerability was found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGReset Message Handler. Performing a manipulation resul… | |
| CVE-2026-9300 | MEDIUM | 6.3 | 2026-05-23 | A vulnerability has been found in omec-project amf up to 2.1.1. This affects an unknown part of the component NGSetupRequest Handler. Such manipulation leads to memory corr… | |
| CVE-2026-9299 | MEDIUM | 6.3 | 2026-05-23 | A flaw has been found in omec-project amf up to 2.1.1. Affected by this issue is the function PDUSessionResourceModifyIndication of the file /go/src/amf/ngap/handler.go. Th… | |
| CVE-2026-9298 | MEDIUM | 6.3 | 2026-05-23 | A vulnerability was detected in omec-project amf up to 2.1.1. Affected by this vulnerability is an unknown functionality of the component PathSwitchRequest Handler. The man… | |
| CVE-2026-9297 | MEDIUM | 6.3 | 2026-05-23 | A security vulnerability has been detected in Edimax BR-6428NS 1.10. Affected is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Hand… | |
| CVE-2026-9296 | MEDIUM | 6.3 | 2026-05-23 | A weakness has been identified in Edimax BR-6428NS 1.10. This impacts the function system of the file /goform/formWlanM of the component POST Request Handler. Executing a m… | |
| CVE-2026-9281 | MEDIUM | 6.4 | 2026-06-06 | The Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'j… | |
| CVE-2026-9280 | MEDIUM | 6.1 | 2026-06-06 | The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and… | |
| CVE-2026-9243 | MEDIUM | 6.4 | 2026-05-29 | The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carousel_direction' parameter of the Carousel Anything widget in ve… | |
| CVE-2026-9241 | MEDIUM | 4.3 | 2026-05-28 | The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and in… | |
| CVE-2026-9236 | MEDIUM | 4.3 | 2026-05-27 | The CM Ad Changer – A simple tool to control and optimize your site's banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and in… | |
| CVE-2026-9234 | MEDIUM | 4.3 | 2026-06-02 | The JTL-Connector for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.4.1. This is due to missing capability che… | |
| CVE-2026-9228 | MEDIUM | 4.3 | 2026-05-28 | The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.16 via the ac… | |
| CVE-2026-9197 | MEDIUM | 4.9 | 2026-06-06 | The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.5.1.36 via the replaceHTMLImage function. This makes it… | |
| CVE-2026-9189 | MEDIUM | 5.3 | 2026-05-29 | The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Payment Bypass via Insufficient Verification of Data Authenticity in all versions up to, a… | |
| CVE-2026-9156 | MEDIUM | Patched | 6.5 | 2026-05-27 | Tanium addressed a denial of service vulnerability in Tanium Server. |
| CVE-2026-9150 | MEDIUM | Patched | 6.5 | 2026-05-20 | A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository m… |
| CVE-2026-9149 | MEDIUM | Patched | 6.5 | 2026-05-21 | A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the … |
| CVE-2026-9136 | MEDIUM | Patched | 6.5 | 2026-05-20 | A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the … |
| CVE-2026-9124 | MEDIUM | Patched | 5.3 | 2026-05-20 | Insufficient validation of untrusted input in Input in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to leak c… |
| CVE-2026-9122 | MEDIUM | Patched | 6.5 | 2026-05-20 | Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to obtain potentially sensitive information from process memory via a cr… |