Search
23,984 CVEs · Medium severity
CVEs (23,984, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 1–25 of 23,984 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↑ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-10998 | MEDIUM | Patched | 4.0 | 2026-06-04 | Out of bounds read in Media in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to perform an out of bounds memory read via malicious n… |
| CVE-2019-25734 | MEDIUM | 4.0 | 2026-06-04 | Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary … | |
| CVE-2021-4479 | MEDIUM | 4.0 | 2026-06-02 | Dräger Atlan A350 software versions 1.00 through 1.01 contains an improper input handling vulnerability that allows attackers to cause a denial of service by sending specif… | |
| CVE-2019-25723 | MEDIUM | 4.0 | 2026-06-02 | Dräger Perseus A500 software versions 2.00 through 2.02 contains an improper input handling vulnerability that allows external attackers to cause a denial of service by sen… | |
| CVE-2026-28581 | MEDIUM | 4.0 | 2026-06-01 | In fixInitiatingUserIfNecessary of CallIntentProcessor.java, there is a possible way to make an emergency call due to a logic error in the code. This could lead to local w… | |
| CVE-2026-10099 | MEDIUM | 4.0 | 2026-05-29 | XX-Net V5.16.6 contains a WebSocket frame parsing vulnerability in the WebSocket_receive_worker routine of simple_http_server.py that allows attackers to cause corrupted ap… | |
| CVE-2026-21785 | MEDIUM | 4.0 | 2026-05-27 | A misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0442 and earlier) fails to define directives without fallbacks, all… | |
| CVE-2026-47104 | MEDIUM | Patched | 4.0 | 2026-05-27 | libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parse_iad_array() in descriptor.c that allows attackers to trigger a denial of service … |
| CVE-2023-7346 | MEDIUM | 4.0 | 2026-05-20 | Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploi… | |
| CVE-2026-45498 | MEDIUM | Patched | 4.0 | 2026-05-20 | Microsoft Defender Denial of Service Vulnerability |
| CVE-2025-31973 | MEDIUM | 4.0 | 2026-05-20 | HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'. Using outdated or insecure base images may introduce known vul… | |
| CVE-2026-44430 | MEDIUM | Patched | 4.0 | 2026-05-14 | The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the Registry's HTTP-based namespace verification (POST … |
| CVE-2026-46469 | MEDIUM | Patched | 4.0 | 2026-05-14 | An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_parse_trak function does not sufficiently va… |
| CVE-2026-46470 | MEDIUM | Patched | 4.0 | 2026-05-14 | An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_audio_caps function does not sufficiently va… |
| CVE-2026-43968 | MEDIUM | Patched | 4.0 | 2026-05-11 | Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cow_s… |
| CVE-2026-42798 | MEDIUM | Patched | 4.0 | 2026-04-30 | Little CMS (lcms2) 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c. |
| CVE-2026-42254 | MEDIUM | 4.0 | 2026-04-26 | Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response. | |
| CVE-2026-42095 | MEDIUM | Patched | 4.0 | 2026-04-24 | bookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection by guessing a URL. |
| CVE-2026-41990 | MEDIUM | Patched | 4.0 | 2026-04-23 | Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data. |
| CVE-2026-41282 | MEDIUM | Patched | 4.0 | 2026-04-20 | ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets (not the default co… |
| CVE-2026-41254 | MEDIUM | Patched | 4.0 | 2026-04-18 | Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication. |
| CVE-2026-33555 | MEDIUM | Patched | 4.0 | 2026-04-13 | An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the strea… |
| CVE-2026-40396 | MEDIUM | Patched | 4.0 | 2026-04-12 | Varnish Cache 9 before 9.0.1 allows a "workspace overflow" denial of service (daemon panic) after timeout_linger. A malicious client could send an HTTP/1 request, wait long… |
| CVE-2026-40395 | MEDIUM | Patched | 4.0 | 2026-04-12 | Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service (daemon panic) for shared VCL. The headerplus.write_req0() function from vmod_headerplus… |
| CVE-2026-40394 | MEDIUM | Patched | 4.0 | 2026-04-12 | Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service (daemon panic) for certain amounts of prefetched data. … |