Search
1,463 CVEs
CVEs (1,463, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 151–175 of 1,463 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-50212 | MEDIUM | Patched | 6.5 | 2026-06-04 | Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endpoints, causing severe denial of service. |
| CVE-2026-50211 | CRITICAL | Patched | 9.8 | 2026-06-04 | Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers. |
| CVE-2026-50210 | HIGH | Patched | 7.5 | 2026-06-04 | The device encrypts data using AES-CBC with static zero-filled Initialization Vectors (IVs), making it susceptible to replay attacks and known-plaintext decryption. |
| CVE-2026-50209 | HIGH | Patched | 7.8 | 2026-06-04 | Broadcast events allow malicious software to rewrite the device's default Mobile Device Management (MDM) endpoint address, shifting administrative ownership to an external … |
| CVE-2026-50208 | CRITICAL | Patched | 9.4 | 2026-06-04 | High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle (MITM) actor could… |
| CVE-2026-50207 | HIGH | Patched | 7.8 | 2026-06-04 | The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity. |
| CVE-2026-50206 | MEDIUM | Patched | 6.8 | 2026-06-04 | Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files. |
| CVE-2026-50205 | HIGH | Patched | 8.2 | 2026-06-04 | System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data. |
| CVE-2026-50076 | CRITICAL | Patched | 9.1 | 2026-06-04 | Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms allows a remote attacker to bypass c… |
| CVE-2026-50052 | NONE | Patched | — | 2026-06-03 | In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack (request smugg… |
| CVE-2026-50033 | HIGH | 7.3 | 2026-06-03 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227. | |
| CVE-2026-50031 | HIGH | Patched | 7.5 | 2026-06-03 | ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set o… |
| CVE-2026-49975 | NONE | — | 2026-06-08 | Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. This issue affects Apach… | |
| CVE-2026-49943 | MEDIUM | 6.3 | 2026-06-02 | CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP AS_PATH mask matching implementation in nest/a-path.c. The as_path_matc… | |
| CVE-2026-49942 | HIGH | Patched | 7.3 | 2026-06-04 | Net::CIDR::Set versions through 0.20 for Perl did not validate network masks. The mask portion of a network mask could contain Unicode digits such as the Arabic-Indic One … |
| CVE-2026-49941 | HIGH | Patched | 7.5 | 2026-06-04 | Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method called the _encode method to parse addresses. If the addresses did not look lik… |
| CVE-2026-49940 | MEDIUM | Patched | 6.5 | 2026-06-04 | Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks. Unicode digits such as the Arabic-Indic One (U+0661) were accepted but not proper… |
| CVE-2026-49782 | MEDIUM | 5.4 | 2026-06-02 | Missing Authorization vulnerability in Elementor Elementor Website Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elem… | |
| CVE-2026-49777 | CRITICAL | Patched | 10.0 | 2026-06-05 | Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue af… |
| CVE-2026-49771 | HIGH | 7.6 | 2026-06-04 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue a… | |
| CVE-2026-49756 | NONE | Patched | — | 2026-06-08 | Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in wojtekmach Req allows multipart parameter smuggling via attacker-influenced part metadata. Re… |
| CVE-2026-49755 | NONE | Patched | — | 2026-06-08 | Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in wojtekmach Req allows attacker-controlled HTTP servers to exhaust memory in a Req client v… |
| CVE-2026-49754 | NONE | Patched | — | 2026-06-02 | Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client (HTTP/2 … |
| CVE-2026-49753 | NONE | Patched | — | 2026-06-02 | Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronis… |
| CVE-2026-49510 | MEDIUM | 6.1 | 2026-06-04 | Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Integer Attacks. This issue affects rlottie: before 21292665023e5074b38254432716866d00f1985f. |