Search
1,557 CVEs
CVEs (1,557, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 176–200 of 1,557 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2026-48594 | NONE | Patched | — | 2026-06-02 | Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodi… |
| CVE-2026-48595 | NONE | Patched | — | 2026-06-02 | Improper Handling of Case Sensitivity vulnerability in elixir-tesla tesla allows credential leakage to a third-party origin on cross-origin redirects. Tesla.Middleware.Fol… |
| CVE-2026-48596 | NONE | Patched | — | 2026-06-02 | Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in elixir-tesla tesla allows HTTP header injection via Tesla.Mul… |
| CVE-2026-48597 | NONE | Patched | — | 2026-06-02 | Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Ad… |
| CVE-2026-48598 | NONE | Patched | — | 2026-06-02 | Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. Tesl… |
| CVE-2026-48682 | MEDIUM | 5.9 | 2026-06-02 | FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the IPv4 packet parser. In src/simple_packet_parser_ng.cpp, after validating that the packet co… | |
| CVE-2026-49120 | HIGH | Patched | 8.5 | 2026-06-02 | Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform unauthorized internal netwo… |
| CVE-2026-5073 | HIGH | 7.5 | 2026-06-02 | The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'arm_directory_paging_action' AJAX action in all versions up to, a… | |
| CVE-2026-5074 | MEDIUM | 6.5 | 2026-06-02 | The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'sSortDir_0' parameter of the `get_private_content_data` AJAX action in all versions up to,… | |
| CVE-2026-5076 | CRITICAL | 9.8 | 2026-06-02 | The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext c… | |
| CVE-2026-5385 | NONE | Patched | — | 2026-06-02 | An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: before 11.0.7. |
| CVE-2026-8035 | HIGH | Patched | 7.1 | 2026-06-02 | Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due to a NULL pointer derefere… |
| CVE-2026-8036 | HIGH | Patched | 7.1 | 2026-06-02 | Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability … |
| CVE-2026-10619 | HIGH | 7.3 | 2026-06-02 | A vulnerability was detected in sayan365 student-management-system up to 7f3c9ce7d410332335c2affac93a385485051800. This impacts an unknown function. The manipulation result… | |
| CVE-2026-10620 | HIGH | 7.3 | 2026-06-02 | A flaw has been found in code-projects Student Admission System 1.0. Affected is an unknown function of the file /index.php. This manipulation of the argument eid/did cause… | |
| CVE-2026-10624 | MEDIUM | 4.3 | 2026-06-02 | A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the file /detailview.php of th… | |
| CVE-2026-41569 | MEDIUM | Patched | 6.1 | 2026-06-02 | authentik is an open-source identity provider. Prior to version 2026.2.3, the WS-Federation provider validates the user-supplied wreply parameter using a raw string prefix … |
| CVE-2026-42849 | CRITICAL | Patched | 9.3 | 2026-06-02 | authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, due to the implementation of stages in the SFE (Simple Flow Executor) in order to m… |
| CVE-2026-45289 | MEDIUM | Patched | 5.3 | 2026-06-02 | CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing vali… |
| CVE-2026-47201 | HIGH | Patched | 8.5 | 2026-06-02 | authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrap… |
| CVE-2026-49143 | HIGH | 8.8 | 2026-06-02 | BrowserStack Runner through 0.9.5 contains a remote code execution vulnerability in the /_log HTTP handler that allows unauthenticated network-adjacent attackers to execute… | |
| CVE-2026-49144 | MEDIUM | 6.5 | 2026-06-02 | BrowserStack Runner through 0.9.5 contains a path traversal vulnerability in the _default HTTP handler in lib/server.js that allows unauthenticated network-adjacent attacke… | |
| CVE-2026-49443 | HIGH | Patched | 8.8 | 2026-06-02 | authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an accou… |
| CVE-2026-49448 | CRITICAL | Patched | 9.8 | 2026-06-02 | authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, the Source stage can be bypassed by sending an empty POST. This issue ha… |
| CVE-2021-4480 | HIGH | 8.2 | 2026-06-02 | Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to … |