Search
153,552 CVEs · Medium severity
CVEs (153,552, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 201–225 of 153,552 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-8971 | MEDIUM | Patched | 6.5 | 2026-05-19 | Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. |
| CVE-2026-8961 | MEDIUM | Patched | 6.5 | 2026-05-19 | Spoofing issue in the Form Autofill component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. |
| CVE-2026-8951 | MEDIUM | Patched | 6.5 | 2026-05-19 | Spoofing issue in the Toolbar component in Firefox for Android. This vulnerability was fixed in Firefox 151. |
| CVE-2026-8943 | MEDIUM | 4.3 | 2026-05-27 | The GoStats for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect no… | |
| CVE-2026-8942 | MEDIUM | 4.3 | 2026-05-27 | The MetaMagic SEO Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect non… | |
| CVE-2026-8941 | MEDIUM | 4.3 | 2026-05-27 | The CDN Linker lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce vali… | |
| CVE-2026-8939 | MEDIUM | 4.3 | 2026-05-27 | The Search Simple Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce v… | |
| CVE-2026-8938 | MEDIUM | 4.3 | 2026-05-27 | The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect no… | |
| CVE-2026-8922 | MEDIUM | 5.4 | 2026-05-19 | A flaw was found in Keycloak. When both realm-level and client-level `notBefore` revocation policies are configured, Keycloak's OpenID Connect (OIDC) Introspection feature … | |
| CVE-2026-8916 | MEDIUM | 6.1 | 2026-06-04 | Out-of-bounds write vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before dcfde72eae1b0464dc0dd760aec00ada6a148635. | |
| CVE-2026-8911 | MEDIUM | 6.1 | 2026-05-27 | The WP AutoBuzz plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce vali… | |
| CVE-2026-8906 | MEDIUM | 6.1 | 2026-05-27 | The WP Promoter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce valida… | |
| CVE-2026-8903 | MEDIUM | 4.3 | 2026-05-27 | The Two-factor authentication (formerly IP Vault) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to… | |
| CVE-2026-8900 | MEDIUM | 6.4 | 2026-06-06 | The Simple SEO Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.2.8 due to insuf… | |
| CVE-2026-8899 | MEDIUM | 6.4 | 2026-05-27 | The Auto Thumbnail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'thumbnails' shortcode in all versions up to, and including, 1.0. This is due t… | |
| CVE-2026-8898 | MEDIUM | 6.4 | 2026-05-27 | The Events In City plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'org-events' shortcode in versions up to, and including, 3.0. This is due to in… | |
| CVE-2026-8897 | MEDIUM | 6.4 | 2026-05-27 | The Shortcode Buddy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 0.1.9.5 due to insuffic… | |
| CVE-2026-8894 | MEDIUM | 6.4 | 2026-05-27 | The iWR Tooltip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `iwrtooltip` shortcode in versions up to, and including, 1.0. This is due… | |
| CVE-2026-8893 | MEDIUM | 6.4 | 2026-06-06 | The Express Payment For Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the [stripe-express] shortcode in versions up t… | |
| CVE-2026-8891 | MEDIUM | 6.4 | 2026-05-27 | The BitForm plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bitform' shortcode in versions up to, and including, 1.1.0. This is due to i… | |
| CVE-2026-8887 | MEDIUM | 6.4 | 2026-05-27 | The Listen Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'listen' shortcode in versions up to, and including, 1.0. This is due to insu… | |
| CVE-2026-8886 | MEDIUM | 6.4 | 2026-05-27 | The hk_shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title-plane' shortcode in versions up to, and including, 1.0. This is due to ins… | |
| CVE-2026-8885 | MEDIUM | 6.4 | 2026-06-02 | The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, … | |
| CVE-2026-8884 | MEDIUM | 6.4 | 2026-05-27 | The Instant-Quote.co Quotation Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.3.4 d… | |
| CVE-2026-8877 | MEDIUM | 6.4 | 2026-05-27 | The Responsive Video Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rem_video' shortcode in versions up to, and including, 0.1. This is… |