Search
1,463 CVEs
CVEs (1,463, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 151–175 of 1,463 (capped at 500)
| CVE ID | Severity ↓ | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-41065 | NONE | — | 2026-06-04 | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 are vulnerable to remote code execution via the newsletter custom te… | |
| CVE-2026-8762 | NONE | — | 2026-06-04 | Rejected reason: After analysis, the originally reported behaviour was determined not to constitute a security vulnerability. The findings were parser-strictness defects wi… | |
| CVE-2026-43926 | NONE | — | 2026-06-04 | FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint `/client/reset-password-confirm/:h… | |
| CVE-2026-45433 | NONE | — | 2026-06-04 | This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacker could exploit this vuln… | |
| CVE-2026-40605 | NONE | — | 2026-06-04 | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.1, a path traversal vulnerability in the cache deletion endpoint allows… | |
| CVE-2026-45431 | NONE | — | 2026-06-04 | This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authen… | |
| CVE-2026-45432 | NONE | — | 2026-06-04 | This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could… | |
| CVE-2025-12694 | NONE | — | 2026-06-04 | A local privilege escalation vulnerability exists in Forcepoint VPN Client that allows a local non-administrative user to escalate privileges to SYSTEM. This issue affects … | |
| CVE-2026-4881 | NONE | — | 2026-06-04 | In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain A… | |
| CVE-2026-2596 | NONE | — | 2026-06-03 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |
| CVE-2026-22054 | NONE | — | 2026-06-03 | Active IQ Config Advisor version 6.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport op… | |
| CVE-2026-22055 | NONE | — | 2026-06-03 | Active IQ OneCollect version 2.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations. | |
| CVE-2026-43924 | NONE | — | 2026-06-03 | FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Redirect module does not validate the URL scheme of administrator-confi… | |
| CVE-2026-40495 | NONE | — | 2026-06-03 | FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system version through asset cache buster parameters in HTML… | |
| CVE-2026-42839 | NONE | — | 2026-06-03 | An authenticated ERPNext user with Item record edit permissions can persist arbitrary HTML/JavaScript in the item_name, description, or image fields of an Item and trigger … | |
| CVE-2026-42840 | NONE | — | 2026-06-03 | An authenticated user can persist arbitrary HTML/JavaScript in the email_id or mobile_no fields of a Customer record and trigger unescaped rendering in the Point of Sale (P… | |
| CVE-2026-7888 | NONE | — | 2026-06-03 | Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that lack the allowed_classes re… | |
| CVE-2026-46272 | NONE | — | 2026-06-03 | In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etr: Fix race condition between sysfs and perf mode When trying to run perf and sysfs m… | |
| CVE-2026-46267 | NONE | — | 2026-06-03 | In the Linux kernel, the following vulnerability has been resolved: nfc: hci: shdlc: Stop timers and work before freeing context llc_shdlc_deinit() purges SHDLC skb queue… | |
| CVE-2026-46268 | NONE | — | 2026-06-03 | In the Linux kernel, the following vulnerability has been resolved: PCI/P2PDMA: Fix p2pmem_alloc_mmap() warning condition Commit b7e282378773 has already changed the init… | |
| CVE-2026-46269 | NONE | — | 2026-06-03 | In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix NULL pointer dereference when parsing devicetree When probing the k230 pinc… | |
| CVE-2026-46261 | NONE | — | 2026-06-03 | In the Linux kernel, the following vulnerability has been resolved: spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe() platform_get_resource_byname… | |
| CVE-2026-46262 | NONE | — | 2026-06-03 | In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl_xcvr: Revert fix missing lock in fsl_xcvr_mode_put() This reverts commit f51424872760 ("ASoC… | |
| CVE-2026-46254 | NONE | — | 2026-06-03 | In the Linux kernel, the following vulnerability has been resolved: AppArmor: Allow apparmor to handle unaligned dfa tables The dfa tables can originate from kernel or us… | |
| CVE-2026-46255 | NONE | — | 2026-06-03 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-edma: don't explicitly disable clocks in .remove() The clocks in fsl_edma_engine::muxcl… |