Search
6,905 CVEs
CVEs (6,905, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 201–225 of 6,905 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2026-8291 | MEDIUM | Patched | 4.3 | 2026-05-11 | A weakness has been identified in Open5GS up to 2.7.7. Impacted is the function ogs_nnrf_nfm_handle_nf_profile of the file lib/sbi/nnrf-handler.c of the component NRF. This… |
| CVE-2026-8292 | MEDIUM | Patched | 4.3 | 2026-05-11 | A security vulnerability has been detected in Open5GS up to 2.7.7. The affected element is the function yuarel_parse in the library /lib/sbi/conv.c of the component NRF. Su… |
| CVE-2026-31248 | HIGH | 7.5 | 2026-05-11 | Docling's METS GBS backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend extracts and validates XML files from .tar.gz archives using etree.f… | |
| CVE-2026-31249 | HIGH | 7.3 | 2026-05-11 | CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its make_parquet_list.py data pr… | |
| CVE-2026-31250 | HIGH | 7.3 | 2026-05-11 | CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its average_model.py model avera… | |
| CVE-2026-31251 | HIGH | 7.3 | 2026-05-11 | CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its gRPC server component. When … | |
| CVE-2026-31252 | MEDIUM | 5.7 | 2026-05-11 | CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its model loading component. The… | |
| CVE-2026-31253 | HIGH | 7.3 | 2026-05-11 | The flash-attention training framework thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 (2025-13-04) contains an insecure deserialization vulnerability (CWE-502) in its… | |
| CVE-2026-31254 | HIGH | 7.3 | 2026-05-11 | The flash-attention project thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 (2025-13-04) contains a code injection vulnerability (CWE-94) in its training script. The s… | |
| CVE-2026-33356 | HIGH | 7.7 | 2026-05-11 | In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devi… | |
| CVE-2026-33357 | HIGH | 7.5 | 2026-05-11 | In Meari client applications embedding "com.meari.sdk" (including CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label <= 1.8.x), the integrated call … | |
| CVE-2026-33359 | HIGH | 7.5 | 2026-05-11 | In Meari IoT Cloud alert image storage on Alibaba OSS (latest observed; storage service version not disclosed), motion snapshots are retrievable without authentication, sig… | |
| CVE-2026-33361 | HIGH | 7.5 | 2026-05-11 | In Meari IoT SDK image handling (libmrplayer.so) as observed in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and related white-label apps (<= 1.8.x), baby monitor… | |
| CVE-2026-33362 | HIGH | 8.6 | 2026-05-11 | In Meari IoT SDK builds embedded in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and white-label Android apps <= 1.8.x (latest observed), multiple security-critic… | |
| CVE-2026-36906 | MEDIUM | 6.1 | 2026-05-11 | Cross Site Scripting vulnerability in iotgateway v.3.0.1 allows a remote attacker to execute arbitrary code via the Log Record Function | |
| CVE-2026-42349 | HIGH | Patched | 8.1 | 2026-05-11 | Clerk JavaScript is the official JavaScript repository for Clerk authentication. has(), auth.protect(), and related authorization predicates in @clerk/shared, @clerk/nextjs… |
| CVE-2026-42603 | HIGH | Patched | 8.8 | 2026-05-11 | OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Prior to 2.1.2, .github/workflows/pre-commit-fi… |
| CVE-2026-42842 | MEDIUM | Patched | 5.4 | 2026-05-11 | The form plugin for Grav adds the ability to create and use forms. Prior to 9.1.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Grav CMS Form plugin's se… |
| CVE-2026-42843 | HIGH | Patched | 8.8 | 2026-05-11 | Grav API Plugin is a RESTful API for Grav CMS that provides full headless access to your site's content, media, configuration, users, and system management. Prior to 1.0.0-… |
| CVE-2026-42845 | NONE | Patched | — | 2026-05-11 | The form plugin for Grav adds the ability to create and use forms. Prior to 9.1.0 , there is an unauthenticated page-content overwrite via file upload (GHSA-w4rc-p66m-x6qq)… |
| CVE-2026-44737 | NONE | Patched | — | 2026-05-11 | grav-plugin-admin is the admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.10.… |
| CVE-2026-44738 | HIGH | Patched | 7.7 | 2026-05-11 | Grav is a file-based Web platform. Prior to 2.0.0-rc.2, the Twig sandbox allow-list permits any user with the admin.pages role to call config.toArray() from within a page b… |
| CVE-2026-2291 | HIGH | 7.3 | 2026-05-11 | dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to… | |
| CVE-2026-2393 | HIGH | Patched | 7.1 | 2026-05-11 | A Server-Side Request Forgery (SSRF) vulnerability exists in MLflow versions prior to 3.9.0. The `_create_webhook()` function in `mlflow/server/handlers.py` accepts a user-… |
| CVE-2026-30635 | HIGH | 8.1 | 2026-05-11 | Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the view_task (aka view) in the readTranscriptFromCo… |