Search
554 CVEs · Medium severity
CVEs (554, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 1–25 of 554 (capped at 500)
| CVE ID ↑ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2019-25717 | MEDIUM | 4.3 | 2026-06-02 | Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log file… | |
| CVE-2019-25720 | MEDIUM | 6.5 | 2026-06-03 | Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain a denial-of-service vulnerability in all software versions that allows unauthentic… | |
| CVE-2019-25721 | MEDIUM | 6.5 | 2026-06-02 | Dräger Infinity M300 patient worn monitors with software version VG2.3.1 and earlier contain a network-based denial of service vulnerability that allows network-adjacent at… | |
| CVE-2019-25723 | MEDIUM | 4.0 | 2026-06-02 | Dräger Perseus A500 software versions 2.00 through 2.02 contains an improper input handling vulnerability that allows external attackers to cause a denial of service by sen… | |
| CVE-2019-25724 | MEDIUM | 6.5 | 2026-06-02 | Dräger Infinity M300 patient worn monitors with software version VG2.x and earlier contain a network-based denial of service vulnerability that allows attackers with access… | |
| CVE-2019-25734 | MEDIUM | 4.0 | 2026-06-04 | Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary … | |
| CVE-2019-25739 | MEDIUM | 6.4 | 2026-06-04 | GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal d… | |
| CVE-2019-25740 | MEDIUM | 6.5 | 2026-06-04 | Joomla com_jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. A… | |
| CVE-2019-25742 | MEDIUM | 6.4 | 2026-06-04 | WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Ad… | |
| CVE-2019-25743 | MEDIUM | 6.4 | 2026-06-04 | WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script … | |
| CVE-2019-25744 | MEDIUM | 6.4 | 2026-06-04 | WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of opt… | |
| CVE-2020-25900 | MEDIUM | 5.3 | 2026-06-05 | HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city. Furthermore, these coordinates are placed int… | |
| CVE-2020-37248 | MEDIUM | Patched | 6.5 | 2026-06-08 | OfflineIMAP before 8.0.3 trusts the server with their STARTTLS capability prior to authentication, which allows STRIPTLS/man-in-the-middle attacks, taking over the connecti… |
| CVE-2021-4479 | MEDIUM | 4.0 | 2026-06-02 | Dräger Atlan A350 software versions 1.00 through 1.01 contains an improper input handling vulnerability that allows attackers to cause a denial of service by sending specif… | |
| CVE-2021-47982 | MEDIUM | 6.4 | 2026-06-08 | WordPress Plugin WP-Paginate 2.1.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the … | |
| CVE-2021-47983 | MEDIUM | 6.4 | 2026-06-08 | WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Acc… | |
| CVE-2021-47984 | MEDIUM | 6.4 | 2026-06-08 | WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting … | |
| CVE-2022-50953 | MEDIUM | 6.2 | 2026-06-08 | WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte … | |
| CVE-2023-52951 | MEDIUM | Patched | 5.9 | 2026-06-03 | A cleartext transmission of sensitive information vulnerability in Synology Note Station Client before 2.2.4-703 allows man-in-the-middle attackers to obtain user credential. |
| CVE-2023-5502 | MEDIUM | 5.9 | 2026-06-04 | On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, and routing enabled on the access VLAN of the ports, a malicious s… | |
| CVE-2024-27891 | MEDIUM | 5.3 | 2026-06-04 | On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those … | |
| CVE-2024-47263 | MEDIUM | Patched | 4.1 | 2026-06-03 | An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-… |
| CVE-2024-47273 | MEDIUM | Patched | 4.3 | 2026-06-03 | An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup Task functionality in Synology Hyper Backup before 4.1.2-4036 allo… |
| CVE-2024-6858 | MEDIUM | 6.5 | 2026-06-04 | In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN. | |
| CVE-2025-15653 | MEDIUM | 6.8 | 2026-06-02 | Dräger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical … |