Search
1,557 CVEs
CVEs (1,557, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 201–225 of 1,557 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-49144 | MEDIUM | 6.5 | 2026-06-02 | BrowserStack Runner through 0.9.5 contains a path traversal vulnerability in the _default HTTP handler in lib/server.js that allows unauthenticated network-adjacent attacke… | |
| CVE-2026-49143 | HIGH | 8.8 | 2026-06-02 | BrowserStack Runner through 0.9.5 contains a remote code execution vulnerability in the /_log HTTP handler that allows unauthenticated network-adjacent attackers to execute… | |
| CVE-2026-49141 | HIGH | 7.1 | 2026-06-08 | WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine that allows authenticated attackers to access and modify contacts belon… | |
| CVE-2026-49120 | HIGH | Patched | 8.5 | 2026-06-02 | Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform unauthorized internal netwo… |
| CVE-2026-49077 | MEDIUM | 5.3 | 2026-06-04 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded Sensitive Data. This iss… | |
| CVE-2026-48913 | HIGH | 7.3 | 2026-06-08 | Use After Free vulnerability in Apache HTTP Server module mod_http2 when file handles are already exhausted. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.67. | |
| CVE-2026-48907 | NONE | — | 2026-06-05 | A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution. | |
| CVE-2026-48862 | NONE | Patched | — | 2026-06-02 | Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client via PUSH… |
| CVE-2026-48861 | NONE | Patched | — | 2026-06-02 | Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/… |
| CVE-2026-4881 | NONE | — | 2026-06-04 | In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain A… | |
| CVE-2026-48682 | MEDIUM | 5.9 | 2026-06-02 | FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the IPv4 packet parser. In src/simple_packet_parser_ng.cpp, after validating that the packet co… | |
| CVE-2026-48681 | MEDIUM | Patched | 5.9 | 2026-06-04 | OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image. |
| CVE-2026-48598 | NONE | Patched | — | 2026-06-02 | Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. Tesl… |
| CVE-2026-48597 | NONE | Patched | — | 2026-06-02 | Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Ad… |
| CVE-2026-48596 | NONE | Patched | — | 2026-06-02 | Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in elixir-tesla tesla allows HTTP header injection via Tesla.Mul… |
| CVE-2026-48595 | NONE | Patched | — | 2026-06-02 | Improper Handling of Case Sensitivity vulnerability in elixir-tesla tesla allows credential leakage to a third-party origin on cross-origin redirects. Tesla.Middleware.Fol… |
| CVE-2026-48594 | NONE | Patched | — | 2026-06-02 | Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodi… |
| CVE-2026-48587 | LOW | Patched | 3.1 | 2026-06-03 | An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.utils.cache.has_vary_header()` in Django does not strip leading or trailing whitespace fro… |
| CVE-2026-48579 | CRITICAL | 9.1 | 2026-06-04 | Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network. | |
| CVE-2026-48567 | CRITICAL | 10.0 | 2026-06-04 | Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network. | |
| CVE-2026-48507 | HIGH | 7.1 | 2026-06-08 | Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular `users.edit` permission to l… | |
| CVE-2026-48488 | NONE | — | 2026-06-08 | phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm. SHA-1 has been vu… | |
| CVE-2026-48480 | NONE | — | 2026-06-04 | The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does n… | |
| CVE-2026-48112 | MEDIUM | Patched | 6.5 | 2026-06-05 | 7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of-bounds read in 7-Zip Ar handler BSD SYMDEF parser. A 4-byte heap o… |
| CVE-2026-48111 | MEDIUM | Patched | 4.3 | 2026-06-05 | 7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an off-by-one out-of-bounds read vulnerability in the ParseDepedencyExpression f… |