Search
19,079 CVEs
CVEs (19,079, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 151–175 of 19,079 (capped at 500)
| CVE ID | Severity ↑ | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-38500 | NONE | — | 2026-06-05 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a securit… | |
| CVE-2026-11345 | NONE | — | 2026-06-05 | An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnon… | |
| CVE-2026-11346 | NONE | — | 2026-06-05 | A Server-Side Request Forgery (SSRF) vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By… | |
| CVE-2026-8914 | NONE | — | 2026-06-05 | In Teltonika Networks RUTOS devices, running versions 7.22 through 7.23.2 and TSWOS devices running versions 1.09 through 1.09.1, due to unsafe calls to an eval function in… | |
| CVE-2026-21034 | NONE | — | 2026-06-05 | Improper export of android application components in Samsung Auto prior to version 3.1.2.61 in Android 15 and 3.2.0.38 in Android 16 allows local attacker to change audio c… | |
| CVE-2026-21035 | NONE | — | 2026-06-05 | Improper input validation in Samsung Plus TV prior to version 1.0.28.6 allows remote attackers to access sensitive information. | |
| CVE-2026-21036 | NONE | — | 2026-06-05 | Improper authorization in Samsung Internet prior to version 30.0.0.39 allows local attackers to access sensitive information. | |
| CVE-2026-21037 | NONE | — | 2026-06-05 | Improper input validation in Samsung Members prior to version 5.8.01.5 allows local attackers to access arbitrary URL and launch arbitrary activity with Samsung Members privilege. | |
| CVE-2026-21038 | NONE | — | 2026-06-05 | Improper input validation in Samsung Android USB Driver for Windows prior to version 1.9.5.0 allows local attacker to access out-of-bounds memory. | |
| CVE-2026-50265 | NONE | — | 2026-06-05 | Rejected reason: This CVE ID was assigned as a duplicate of CVE-2026-50292 | |
| CVE-2026-21032 | NONE | — | 2026-06-05 | Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script. | |
| CVE-2026-21033 | NONE | — | 2026-06-05 | Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script. | |
| CVE-2026-11347 | NONE | — | 2026-06-05 | The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initia… | |
| CVE-2026-48907 | NONE | — | 2026-06-05 | A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution. | |
| CVE-2026-21837 | NONE | — | 2026-06-05 | HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system command… | |
| CVE-2026-11326 | NONE | Patched | — | 2026-06-05 | OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on *.openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be … |
| CVE-2026-11029 | NONE | — | 2026-06-04 | Insufficient validation of untrusted input in Drag and Drop in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer pr… | |
| CVE-2026-41522 | NONE | Patched | — | 2026-06-04 | Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional Gr… |
| CVE-2026-48480 | NONE | — | 2026-06-04 | The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does n… | |
| CVE-2026-41235 | NONE | — | 2026-06-04 | Froxlor is open source server administration software. Version 2.3.6 lets administrators configure `system.available_shells` as the approved shell list that customers may a… | |
| CVE-2026-41237 | NONE | — | 2026-06-04 | Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses `\s+` which matches newlines (allowing embedded newlines to p… | |
| CVE-2026-7774 | NONE | — | 2026-06-04 | tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the inten… | |
| CVE-2026-45287 | NONE | — | 2026-06-04 | OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, `go.opentelemetry.io/otel/schema/v1.0` and `go.opentelemetry.io/otel/schema/v1.1` leaks… | |
| CVE-2026-10868 | NONE | — | 2026-06-04 | A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of user-supplied fields in UsersController::edit(). When processing… | |
| CVE-2026-41065 | NONE | — | 2026-06-04 | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 are vulnerable to remote code execution via the newsletter custom te… |