Search
1,557 CVEs
CVEs (1,557, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 201–225 of 1,557 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↑ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-11477 | MEDIUM | 4.3 | 2026-06-08 | A vulnerability was detected in hs-web hsweb-framework up to 5.0.1. This affects the function OAuth2Client of the file hsweb-authorization/hsweb-authorization-oauth2/src/ma… | |
| CVE-2026-11436 | MEDIUM | 4.3 | 2026-06-06 | A vulnerability was detected in Mage AI up to 0.9.79. This impacts the function useMutation of the file mage_ai/frontend/components/Sessions/SignForm/index.tsx of the compo… | |
| CVE-2026-7624 | MEDIUM | 4.3 | 2026-06-06 | The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not prope… | |
| CVE-2026-8611 | MEDIUM | 4.3 | 2026-06-06 | The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoice_id' par… | |
| CVE-2026-9008 | MEDIUM | 4.3 | 2026-06-06 | The Page-list plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.2. This is due to the pagelist_unqprfx_ext_shortcode() fun… | |
| CVE-2026-8976 | MEDIUM | 4.3 | 2026-06-06 | The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorization bypass in all versions … | |
| CVE-2026-9719 | MEDIUM | 4.3 | 2026-06-06 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5… | |
| CVE-2026-7047 | MEDIUM | 4.3 | 2026-06-06 | The Frontend User Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect no… | |
| CVE-2026-10038 | MEDIUM | 4.3 | 2026-06-06 | The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insecure Direct Object Reference / Author… | |
| CVE-2026-7523 | MEDIUM | 4.3 | 2026-06-05 | The Alba Board plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.3. This is due to the plugin not properly verifying that… | |
| CVE-2026-48103 | MEDIUM | Patched | 4.3 | 2026-06-05 | 7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain an off-by-one heap out-of-bounds read in the WIM (Windows Imaging) archive handl… |
| CVE-2026-48111 | MEDIUM | Patched | 4.3 | 2026-06-05 | 7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an off-by-one out-of-bounds read vulnerability in the ParseDepedencyExpression f… |
| CVE-2026-11337 | MEDIUM | 4.3 | 2026-06-05 | A vulnerability was found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected by this vulne… | |
| CVE-2026-48092 | MEDIUM | Patched | 4.3 | 2026-06-05 | 7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain a heap memory disclosure via SquashFS fragment offset integer overflow on 32-bit… |
| CVE-2026-11309 | MEDIUM | Patched | 4.3 | 2026-06-05 | Insufficient policy enforcement in History in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium secur… |
| CVE-2026-11302 | MEDIUM | Patched | 4.3 | 2026-06-05 | Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a craf… |
| CVE-2026-11294 | MEDIUM | 4.3 | 2026-06-05 | Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium securi… | |
| CVE-2026-11298 | MEDIUM | 4.3 | 2026-06-05 | Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page… | |
| CVE-2026-11300 | MEDIUM | Patched | 4.3 | 2026-06-05 | Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium secu… |
| CVE-2026-11286 | MEDIUM | 4.3 | 2026-06-05 | Insufficient validation of untrusted input in Wallet in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform U… | |
| CVE-2026-11291 | MEDIUM | Patched | 4.3 | 2026-06-05 | Inappropriate implementation in Android Autofill in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTM… |
| CVE-2026-11292 | MEDIUM | 4.3 | 2026-06-05 | Insufficient policy enforcement in Blink in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chrom… | |
| CVE-2026-11280 | MEDIUM | 4.3 | 2026-06-05 | Inappropriate implementation in Signin in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium se… | |
| CVE-2026-11285 | MEDIUM | 4.3 | 2026-06-05 | Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chr… | |
| CVE-2026-11274 | MEDIUM | 4.3 | 2026-06-05 | Inappropriate implementation in DOM Distiller in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML … |