Search
2,481 CVEs · Medium severity
CVEs (2,481, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 1–25 of 2,481 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-46361 | MEDIUM | Patched | 6.9 | 2026-05-15 | phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in search.twig where result.question and result.answerPreview are rendered with the raw filter, d… |
| CVE-2026-11218 | MEDIUM | Patched | 6.8 | 2026-06-04 | Inappropriate implementation in PlatformIntegration in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific … |
| CVE-2026-11166 | MEDIUM | Patched | 6.8 | 2026-06-04 | Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (C… |
| CVE-2026-36175 | MEDIUM | 6.8 | 2026-06-04 | An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access via interrupting the boot sequence … | |
| CVE-2026-50206 | MEDIUM | Patched | 6.8 | 2026-06-04 | Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files. |
| CVE-2026-7764 | MEDIUM | 6.8 | 2026-06-04 | An out-of-bounds read vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.12 allows an unauthenticated attack… | |
| CVE-2025-15653 | MEDIUM | 6.8 | 2026-06-02 | Dräger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical … | |
| CVE-2026-0086 | MEDIUM | 6.8 | 2026-06-01 | In onCreate of DisableSupervisionActivity.kt, there is a possible way to delete supervision data due to a missing null check. This could lead to local escalation of privile… | |
| CVE-2026-0048 | MEDIUM | 6.8 | 2026-06-01 | In hide of WindowState.java, there is a possible way to trick the user into approving permissions due to a tapjacking/overlay attack. This could lead to local escalation of… | |
| CVE-2026-45810 | MEDIUM | Patched | 6.8 | 2026-06-01 | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check of a re… |
| CVE-2026-9673 | MEDIUM | Patched | 6.8 | 2026-05-28 | Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can i… |
| CVE-2026-9802 | MEDIUM | 6.8 | 2026-05-28 | A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mechanisms. This … | |
| CVE-2026-44247 | MEDIUM | Patched | 6.8 | 2026-05-27 | Volcano is a Kubernetes-native batch scheduling system. Prior to v1.14.2, v1.13.3, and v1.12.4, the Volcano webhook server does not enforce a size limit on incoming HTTP re… |
| CVE-2026-48545 | MEDIUM | Patched | 6.8 | 2026-05-27 | Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation by exploiting a shared module-le… |
| CVE-2026-9617 | MEDIUM | Patched | 6.8 | 2026-05-27 | PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If… |
| CVE-2026-9704 | MEDIUM | 6.8 | 2026-05-27 | A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subject_token JSON Web Token (JWT) to the Tok… | |
| CVE-2024-11399 | MEDIUM | Patched | 6.8 | 2026-05-27 | Files or directories accessible to external parties vulnerability in redis-server component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to conduc… |
| CVE-2026-44707 | MEDIUM | Patched | 6.8 | 2026-05-26 | Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover (Pre-ATO) vulnerability existed in Chatwoot's authentication flow. Because ema… |
| CVE-2018-25361 | MEDIUM | 6.8 | 2026-05-25 | Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local attackers to remove passcodes by injecting pre-encrypted database entries us… | |
| CVE-2026-42000 | MEDIUM | Patched | 6.8 | 2026-05-21 | Insufficient Validation of Names During AXFR |
| CVE-2026-39311 | MEDIUM | Patched | 6.8 | 2026-05-20 | Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Versions 0.102.1 and prior contain a critical se… |
| CVE-2026-20171 | MEDIUM | 6.8 | 2026-05-20 | A vulnerability in the Border Gateway Protocol (BGP) enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalo… | |
| CVE-2026-45585 | MEDIUM | 6.8 | 2026-05-20 | Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been… | |
| CVE-2026-35593 | MEDIUM | Patched | 6.8 | 2026-05-20 | Trilium Notes is an open-source, cross-platform hierarchical note taking application for building large personal knowledge bases. Versions 0.102.1 and prior are vulnerable … |
| CVE-2026-33741 | MEDIUM | Patched | 6.8 | 2026-05-19 | EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below allow authenticated users to upload SVG attachments through normal attachme… |