Search
554 CVEs · Medium severity
CVEs (554, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 1–25 of 554 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↑ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-10998 | MEDIUM | Patched | 4.0 | 2026-06-04 | Out of bounds read in Media in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to perform an out of bounds memory read via malicious n… |
| CVE-2019-25734 | MEDIUM | 4.0 | 2026-06-04 | Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary … | |
| CVE-2021-4479 | MEDIUM | 4.0 | 2026-06-02 | Dräger Atlan A350 software versions 1.00 through 1.01 contains an improper input handling vulnerability that allows attackers to cause a denial of service by sending specif… | |
| CVE-2019-25723 | MEDIUM | 4.0 | 2026-06-02 | Dräger Perseus A500 software versions 2.00 through 2.02 contains an improper input handling vulnerability that allows external attackers to cause a denial of service by sen… | |
| CVE-2026-37700 | MEDIUM | 4.1 | 2026-06-03 | Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by admin_page | |
| CVE-2024-47263 | MEDIUM | Patched | 4.1 | 2026-06-03 | An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-… |
| CVE-2026-11479 | MEDIUM | 4.2 | 2026-06-08 | A vulnerability has been found in yoanbernabeu grepai 0.35.0. This issue affects some unknown processing of the file indexer/chunker.go of the component Qdrant Backend. Suc… | |
| CVE-2026-48104 | MEDIUM | Patched | 4.2 | 2026-06-05 | 7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain an uninitialized heap read in the SquashFS archive handler caused by a sparsely … |
| CVE-2026-11554 | MEDIUM | 4.3 | 2026-06-08 | A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/vsftpd.conf of the component vsftpd. This manipulatio… | |
| CVE-2026-11518 | MEDIUM | 4.3 | 2026-06-08 | A vulnerability was identified in SourceCodester Inventory System 1.0. Affected is an unknown function of the file /users.php of the component User Management Page. The man… | |
| CVE-2026-11512 | MEDIUM | 4.3 | 2026-06-08 | A security vulnerability has been detected in itsourcecode Hospital Management System 1.0. This issue affects some unknown processing of the file /billing.php. The manipula… | |
| CVE-2026-11494 | MEDIUM | 4.3 | 2026-06-08 | A security vulnerability has been detected in TOTOLINK AC1200 T8 4.1.5cu.8611. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The ma… | |
| CVE-2026-11492 | MEDIUM | 4.3 | 2026-06-08 | A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. Performin… | |
| CVE-2026-11477 | MEDIUM | 4.3 | 2026-06-08 | A vulnerability was detected in hs-web hsweb-framework up to 5.0.1. This affects the function OAuth2Client of the file hsweb-authorization/hsweb-authorization-oauth2/src/ma… | |
| CVE-2026-11436 | MEDIUM | 4.3 | 2026-06-06 | A vulnerability was detected in Mage AI up to 0.9.79. This impacts the function useMutation of the file mage_ai/frontend/components/Sessions/SignForm/index.tsx of the compo… | |
| CVE-2026-7624 | MEDIUM | 4.3 | 2026-06-06 | The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not prope… | |
| CVE-2026-8611 | MEDIUM | 4.3 | 2026-06-06 | The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoice_id' par… | |
| CVE-2026-9008 | MEDIUM | 4.3 | 2026-06-06 | The Page-list plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.2. This is due to the pagelist_unqprfx_ext_shortcode() fun… | |
| CVE-2026-8976 | MEDIUM | 4.3 | 2026-06-06 | The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorization bypass in all versions … | |
| CVE-2026-9719 | MEDIUM | 4.3 | 2026-06-06 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5… | |
| CVE-2026-7047 | MEDIUM | 4.3 | 2026-06-06 | The Frontend User Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect no… | |
| CVE-2026-10038 | MEDIUM | 4.3 | 2026-06-06 | The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insecure Direct Object Reference / Author… | |
| CVE-2026-7523 | MEDIUM | 4.3 | 2026-06-05 | The Alba Board plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.3. This is due to the plugin not properly verifying that… | |
| CVE-2026-48103 | MEDIUM | Patched | 4.3 | 2026-06-05 | 7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain an off-by-one heap out-of-bounds read in the WIM (Windows Imaging) archive handl… |
| CVE-2026-48111 | MEDIUM | Patched | 4.3 | 2026-06-05 | 7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an off-by-one out-of-bounds read vulnerability in the ParseDepedencyExpression f… |