Search
2,481 CVEs · Medium severity
CVEs (2,481, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 1–25 of 2,481 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↑ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-10998 | MEDIUM | Patched | 4.0 | 2026-06-04 | Out of bounds read in Media in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to perform an out of bounds memory read via malicious n… |
| CVE-2019-25734 | MEDIUM | 4.0 | 2026-06-04 | Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary … | |
| CVE-2021-4479 | MEDIUM | 4.0 | 2026-06-02 | Dräger Atlan A350 software versions 1.00 through 1.01 contains an improper input handling vulnerability that allows attackers to cause a denial of service by sending specif… | |
| CVE-2019-25723 | MEDIUM | 4.0 | 2026-06-02 | Dräger Perseus A500 software versions 2.00 through 2.02 contains an improper input handling vulnerability that allows external attackers to cause a denial of service by sen… | |
| CVE-2026-28581 | MEDIUM | 4.0 | 2026-06-01 | In fixInitiatingUserIfNecessary of CallIntentProcessor.java, there is a possible way to make an emergency call due to a logic error in the code. This could lead to local w… | |
| CVE-2026-10099 | MEDIUM | 4.0 | 2026-05-29 | XX-Net V5.16.6 contains a WebSocket frame parsing vulnerability in the WebSocket_receive_worker routine of simple_http_server.py that allows attackers to cause corrupted ap… | |
| CVE-2026-21785 | MEDIUM | 4.0 | 2026-05-27 | A misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0442 and earlier) fails to define directives without fallbacks, all… | |
| CVE-2026-47104 | MEDIUM | Patched | 4.0 | 2026-05-27 | libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parse_iad_array() in descriptor.c that allows attackers to trigger a denial of service … |
| CVE-2023-7346 | MEDIUM | 4.0 | 2026-05-20 | Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploi… | |
| CVE-2026-45498 | MEDIUM | Patched | 4.0 | 2026-05-20 | Microsoft Defender Denial of Service Vulnerability |
| CVE-2025-31973 | MEDIUM | 4.0 | 2026-05-20 | HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'. Using outdated or insecure base images may introduce known vul… | |
| CVE-2026-44430 | MEDIUM | Patched | 4.0 | 2026-05-14 | The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the Registry's HTTP-based namespace verification (POST … |
| CVE-2026-46469 | MEDIUM | Patched | 4.0 | 2026-05-14 | An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_parse_trak function does not sufficiently va… |
| CVE-2026-46470 | MEDIUM | Patched | 4.0 | 2026-05-14 | An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_audio_caps function does not sufficiently va… |
| CVE-2026-43968 | MEDIUM | Patched | 4.0 | 2026-05-11 | Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cow_s… |
| CVE-2026-37700 | MEDIUM | 4.1 | 2026-06-03 | Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by admin_page | |
| CVE-2024-47263 | MEDIUM | Patched | 4.1 | 2026-06-03 | An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-… |
| CVE-2026-10052 | MEDIUM | 4.1 | 2026-05-29 | A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connec… | |
| CVE-2026-42401 | MEDIUM | Patched | 4.1 | 2026-05-28 | Improper Neutralization of Input During Web Page Generation (CWE-79) in Kibana can lead to stored HTML injection. A user with write access to an Elasticsearch index could p… |
| CVE-2026-48136 | MEDIUM | 4.1 | 2026-05-26 | When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain (CMA) can modify stored me… | |
| CVE-2026-8736 | MEDIUM | 4.1 | 2026-05-17 | A security flaw has been discovered in Oinone Pamirs up to 7.2.0. This vulnerability affects the function request.getParameter of the file LocalFileClient.java of the compo… | |
| CVE-2026-11479 | MEDIUM | 4.2 | 2026-06-08 | A vulnerability has been found in yoanbernabeu grepai 0.35.0. This issue affects some unknown processing of the file indexer/chunker.go of the component Qdrant Backend. Suc… | |
| CVE-2026-48104 | MEDIUM | Patched | 4.2 | 2026-06-05 | 7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain an uninitialized heap read in the SquashFS archive handler caused by a sparsely … |
| CVE-2026-9986 | MEDIUM | Patched | 4.2 | 2026-05-28 | Insufficient validation of untrusted input in OptimizationGuide in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process … |
| CVE-2026-48522 | MEDIUM | Patched | 4.2 | 2026-05-28 | PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen() which uses Python stdlib's def… |