Search
153,552 CVEs · Medium severity
CVEs (153,552, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 151–175 of 153,552 (capped at 500)
| CVE ID | Severity ↑ | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-50230 | MEDIUM | 6.1 | 2026-06-05 | Lyrion Music Server 9.2.0 contains an unauthenticated reflected cross-site scripting vulnerability in the server.log endpoint that allows attackers to inject arbitrary HTML… | |
| CVE-2026-50233 | MEDIUM | 5.3 | 2026-06-05 | Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI service (TCP port 9090) and the HTT… | |
| CVE-2026-50235 | MEDIUM | 6.1 | 2026-06-05 | Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying … | |
| CVE-2026-50262 | MEDIUM | 5.5 | 2026-06-05 | An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled … | |
| CVE-2026-50263 | MEDIUM | 5.5 | 2026-06-05 | A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and f… | |
| CVE-2026-25659 | MEDIUM | Patched | 6.5 | 2026-06-05 | Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an attacker continuously sending a sp… |
| CVE-2026-25657 | MEDIUM | Patched | 6.5 | 2026-06-05 | Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure (CWE-228) vulnerability where an attacker continuo… |
| CVE-2026-25658 | MEDIUM | Patched | 6.5 | 2026-06-05 | Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an attacker continuously sending a sp… |
| CVE-2026-21026 | MEDIUM | 5.5 | 2026-06-05 | Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information. | |
| CVE-2026-21028 | MEDIUM | 5.5 | 2026-06-05 | Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information. | |
| CVE-2026-21017 | MEDIUM | 5.5 | 2026-06-05 | Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files. | |
| CVE-2026-21025 | MEDIUM | 5.5 | 2026-06-05 | Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information. | |
| CVE-2026-10732 | MEDIUM | 6.4 | 2026-06-05 | All versions of the package decompress are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) when extracting a ZIP archive containing two entries with th… | |
| CVE-2026-21825 | MEDIUM | 6.1 | 2026-06-05 | HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center. An attacker could execute arbitrary JavaScript in … | |
| CVE-2026-21826 | MEDIUM | 6.1 | 2026-06-05 | HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the applicati… | |
| CVE-2026-50590 | MEDIUM | Patched | 4.5 | 2026-06-05 | In Mimecast Incydr before 2.6.0, arbitrary file access can occur. |
| CVE-2026-50591 | MEDIUM | Patched | 5.4 | 2026-06-05 | In Znuny LTS before 6.5.21 and Znuny before 7.3.3, XSS can occur via stored user preferences. |
| CVE-2026-50592 | MEDIUM | Patched | 6.4 | 2026-06-05 | In Znuny LTS before 6.5.21 and Znuny before 7.3.3, there is reflected XSS in AdminCommunicationLog (aka the communication log administration view). |
| CVE-2026-11309 | MEDIUM | Patched | 4.3 | 2026-06-05 | Insufficient policy enforcement in History in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium secur… |
| CVE-2026-50589 | MEDIUM | Patched | 5.3 | 2026-06-05 | In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a ser… |
| CVE-2026-11302 | MEDIUM | Patched | 4.3 | 2026-06-05 | Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a craf… |
| CVE-2026-11308 | MEDIUM | Patched | 6.3 | 2026-06-05 | Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to perform priv… |
| CVE-2026-11294 | MEDIUM | 4.3 | 2026-06-05 | Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium securi… | |
| CVE-2026-11298 | MEDIUM | 4.3 | 2026-06-05 | Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page… | |
| CVE-2026-11299 | MEDIUM | 6.5 | 2026-06-05 | Integer overflow in Fonts in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HT… |