Search
153,552 CVEs · Medium severity
CVEs (153,552, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 176–200 of 153,552 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-9116 | MEDIUM | Patched | 4.3 | 2026-05-20 | Insufficient policy enforcement in ServiceWorker in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (C… |
| CVE-2026-9115 | MEDIUM | Patched | 4.3 | 2026-05-20 | Insufficient policy enforcement in Service Worker in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to bypass same origin policy via a crafted HTML page… |
| CVE-2026-9113 | MEDIUM | Patched | 4.3 | 2026-05-20 | Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromi… |
| CVE-2026-9110 | MEDIUM | Patched | 4.2 | 2026-05-20 | Inappropriate implementation in UI in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to perform UI spoo… |
| CVE-2026-9104 | MEDIUM | 6.4 | 2026-05-22 | The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input … | |
| CVE-2026-9101 | MEDIUM | 4.3 | 2026-05-20 | Prototype pollution in csv parsing logic during import can lead to untrusted file paths (but not arguments) entering shell.openExternal after specific user behavior leading… | |
| CVE-2026-9100 | MEDIUM | 5.9 | 2026-05-20 | The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection may cause a… | |
| CVE-2026-9091 | MEDIUM | 5.3 | 2026-05-28 | Casdoor versions 2.362.0 and earlier contain a logic flaw in the social‑login binding flow that allows users to bypass configured MFA requirements. The binding‑rule code pa… | |
| CVE-2026-9087 | MEDIUM | 6.4 | 2026-05-20 | A flaw was found in Keycloak. The cross-session verification proof is keyed only by (local userId, idpAlias) and is not bound to the upstream identity that was actually ver… | |
| CVE-2026-9082 | MEDIUM | Patched | 6.5 | 2026-05-20 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal co… |
| CVE-2026-9078 | MEDIUM | Patched | 5.4 | 2026-05-25 | Firefox for iOS displayed specially crafted right-to-left (RTL) and internationalized domain names (IDNs) incorrectly in link preview UI surfaces. A crafted RTL hostname co… |
| CVE-2026-9056 | MEDIUM | 5.4 | 2026-05-20 | A stored cross-site scripting vulnerability has been found in the Talend Administration Center. An attacker with permission to manage servers can store a XSS payload that c… | |
| CVE-2026-9050 | MEDIUM | 4.3 | 2026-06-02 | The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 and 7.0.0-7.0.14 is vulnerable to unauthorized modification of data. This is due to the plugin not prope… | |
| CVE-2026-9048 | MEDIUM | 4.3 | 2026-06-02 | The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it … | |
| CVE-2026-9035 | MEDIUM | Patched | 6.5 | 2026-05-27 | IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Tr… |
| CVE-2026-9022 | MEDIUM | 6.4 | 2026-05-27 | The Splide Carousel Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'url' Block Attribute in all versions up to, and including, 1.7.1 due to ins… | |
| CVE-2026-9016 | MEDIUM | 5.3 | 2026-06-06 | The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is vulnerable to Improper Output Neutralization for Logs in all versions up to, and inc… | |
| CVE-2026-9015 | MEDIUM | 4.3 | 2026-05-28 | The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass in all versions up to, and… | |
| CVE-2026-9014 | MEDIUM | 5.3 | 2026-05-27 | The WP Promoter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_stats() function in versions up to, a… | |
| CVE-2026-9008 | MEDIUM | 4.3 | 2026-06-06 | The Page-list plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.2. This is due to the pagelist_unqprfx_ext_shortcode() fun… | |
| CVE-2026-8995 | MEDIUM | 4.3 | 2026-05-29 | The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 6.3.7. This… | |
| CVE-2026-8993 | MEDIUM | 6.5 | 2026-06-02 | D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could … | |
| CVE-2026-8991 | MEDIUM | 4.4 | 2026-06-06 | The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'drag_n_drop_text' and 'drag_n_drop_browse_t… | |
| CVE-2026-8978 | MEDIUM | 4.9 | 2026-06-06 | The OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin for WordPress is vulnerable to generic SQL Injection via the 'order_by' parameter in all versions u… | |
| CVE-2026-8976 | MEDIUM | 4.3 | 2026-06-06 | The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorization bypass in all versions … |