Search
554 CVEs · Medium severity
CVEs (554, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 1–25 of 554 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-11218 | MEDIUM | Patched | 6.8 | 2026-06-04 | Inappropriate implementation in PlatformIntegration in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific … |
| CVE-2026-11166 | MEDIUM | Patched | 6.8 | 2026-06-04 | Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (C… |
| CVE-2026-36175 | MEDIUM | 6.8 | 2026-06-04 | An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access via interrupting the boot sequence … | |
| CVE-2026-50206 | MEDIUM | Patched | 6.8 | 2026-06-04 | Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files. |
| CVE-2026-7764 | MEDIUM | 6.8 | 2026-06-04 | An out-of-bounds read vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.12 allows an unauthenticated attack… | |
| CVE-2025-15653 | MEDIUM | 6.8 | 2026-06-02 | Dräger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical … | |
| CVE-2026-10805 | MEDIUM | 6.7 | 2026-06-04 | A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage D… | |
| CVE-2026-7566 | MEDIUM | 6.6 | 2026-06-06 | The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untru… | |
| CVE-2026-10544 | MEDIUM | 6.5 | 2026-06-08 | Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to… | |
| CVE-2026-10786 | MEDIUM | 6.5 | 2026-06-08 | Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configur… | |
| CVE-2026-39908 | MEDIUM | 6.5 | 2026-06-08 | OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by c… | |
| CVE-2026-11611 | MEDIUM | 6.5 | 2026-06-08 | A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading syn… | |
| CVE-2026-43951 | MEDIUM | 6.5 | 2026-06-08 | Out-of-bounds Read vulnerability in Apache HTTP Server with mod_headers and mod_mime and multiple response languages. This issue affects Apache HTTP Server: from 2.4.0 thr… | |
| CVE-2020-37248 | MEDIUM | Patched | 6.5 | 2026-06-08 | OfflineIMAP before 8.0.3 trusts the server with their STARTTLS capability prior to authentication, which allows STRIPTLS/man-in-the-middle attacks, taking over the connecti… |
| CVE-2026-9829 | MEDIUM | 6.5 | 2026-06-06 | The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compact_album_order_by' Shortcode Parameter i… | |
| CVE-2026-46357 | MEDIUM | 6.5 | 2026-06-05 | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the HAX CMS NodeJS application crashes when an authenticated attacker sends a … | |
| CVE-2026-46397 | MEDIUM | 6.5 | 2026-06-05 | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an Authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS saveOu… | |
| CVE-2026-48112 | MEDIUM | Patched | 6.5 | 2026-06-05 | 7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of-bounds read in 7-Zip Ar handler BSD SYMDEF parser. A 4-byte heap o… |
| CVE-2025-5089 | MEDIUM | 6.5 | 2026-06-05 | In a CVX cluster, an EOS switch connected to a CVX server is not resilient to certain malformed messages received from the connected CVX server. Similarly, the CVX server i… | |
| CVE-2025-5090 | MEDIUM | 6.5 | 2026-06-05 | CVX is not resilient to unexpected messages from a connected switch. This leads to agent crashes on CVX causing instability in the CVX cluster. An attacker could use this b… | |
| CVE-2026-48101 | MEDIUM | Patched | 6.5 | 2026-06-05 | 7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an An uninitialized memory disclosure vulnerability in the UEFI capsule (.scap) … |
| CVE-2026-37737 | MEDIUM | 6.5 | 2026-06-05 | sanic-cors version 2.2.0 and prior contains an improper regular expression in the try_match() function in sanic_cors/core.py that uses re.match without end-anchoring. This … | |
| CVE-2025-59174 | MEDIUM | Patched | 6.5 | 2026-06-05 | Ericsson Packet Core Controller (PCC) versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause servic… |
| CVE-2026-25659 | MEDIUM | Patched | 6.5 | 2026-06-05 | Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an attacker continuously sending a sp… |
| CVE-2026-25657 | MEDIUM | Patched | 6.5 | 2026-06-05 | Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure (CWE-228) vulnerability where an attacker continuo… |