Search
554 CVEs · Medium severity
CVEs (554, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 1–25 of 554 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2026-10301 | MEDIUM | 4.3 | 2026-06-02 | A vulnerability was detected in itsourcecode Fees Management System 1.0. The affected element is an unknown function of the file index.php. Performing a manipulation of the… | |
| CVE-2026-10302 | MEDIUM | 6.3 | 2026-06-02 | A flaw has been found in itsourcecode Fees Management System 1.0. The impacted element is an unknown function of the file /manage_fee.php. Executing a manipulation of the a… | |
| CVE-2026-9048 | MEDIUM | 4.3 | 2026-06-02 | The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it … | |
| CVE-2026-9050 | MEDIUM | 4.3 | 2026-06-02 | The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 and 7.0.0-7.0.14 is vulnerable to unauthorized modification of data. This is due to the plugin not prope… | |
| CVE-2026-10548 | MEDIUM | 5.3 | 2026-06-02 | A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.23. This affects the function _sync_anthropic_entry_from_credentials_file of the file agent/cr… | |
| CVE-2026-10550 | MEDIUM | 6.3 | 2026-06-02 | A weakness has been identified in elunez eladmin up to 2.7. This vulnerability affects unknown code of the file App.java of the component Application Deployment Module. Thi… | |
| CVE-2026-10558 | MEDIUM | 6.3 | 2026-06-02 | A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is an unknown function of the file /admin/index.php. Performing a manipulation of the … | |
| CVE-2026-10559 | MEDIUM | 6.3 | 2026-06-02 | A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is an unknown function of the file /index.php. Executing a manipulation of the ar… | |
| CVE-2026-10100 | MEDIUM | 4.4 | 2026-06-02 | The Simple Custom Login Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the color settings fields (Page Background, Form Background, Text Color, … | |
| CVE-2026-10510 | MEDIUM | 6.1 | 2026-06-02 | Cross-Site Scripting (XSS) in GeniexWebView component in Transsion AI Assistant Lifestyle application (com.transsion.aiassistantlifestyle) all versions on Android allows re… | |
| CVE-2026-10566 | MEDIUM | 5.3 | 2026-06-02 | A weakness has been identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function Message.check_instruct_content of the file metagpt/schema.py. Executing a … | |
| CVE-2026-10568 | MEDIUM | 6.3 | 2026-06-02 | A vulnerability was detected in itsourcecode Fees Management System 1.0. Affected is an unknown function of the file /manage_payment.php. The manipulation of the argument I… | |
| CVE-2026-3722 | MEDIUM | 6.4 | 2026-06-02 | The Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th… | |
| CVE-2026-3870 | MEDIUM | 6.5 | 2026-06-02 | A buffer overflow vulnerability in the UPnP AddPortMapping() command in Zyxel VMG4005-B50B firmware versions through 5.13(ABRL.5.4)C0 could allow an adjacent attacker to tr… | |
| CVE-2026-3871 | MEDIUM | 6.5 | 2026-06-02 | A buffer overflow vulnerability in the UPnP DeletePortMapping() command in Zyxel VMG4005-B50B firmware versions through 5.13(ABRL.5.4)C0 could allow an adjacent attacker to… | |
| CVE-2026-10581 | MEDIUM | 6.3 | 2026-06-02 | A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64_decode of the file /plus/download.php?open=1. This manipulation of the argume… | |
| CVE-2026-10583 | MEDIUM | 4.7 | 2026-06-02 | A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/tts_config.go of… | |
| CVE-2026-3198 | MEDIUM | 6.5 | 2026-06-02 | MLflow 3.9.0 with basic-auth (`--app-name basic-auth`) fails to enforce authorization checks for multiple Gateway API 'list' endpoints. Specifically, the `BEFORE_REQUEST_HA… | |
| CVE-2025-5085 | MEDIUM | 5.5 | 2026-06-02 | The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrole_link’ parameter in all versions up to, and including, 1.31 due to insuffi… | |
| CVE-2026-1450 | MEDIUM | 6.1 | 2026-06-02 | The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mode' parameter in versions up to, and including, 0.6.2 due to insufficient input … | |
| CVE-2026-1451 | MEDIUM | 6.1 | 2026-06-02 | The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'a' parameter in versions up to, and including, 0.6.2 due to insufficient input san… | |
| CVE-2026-2382 | MEDIUM | 6.4 | 2026-06-02 | The FPW Category Thumbnails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'fpw_fs_get_file' AJAX action in all versions up… | |
| CVE-2026-2425 | MEDIUM | 6.1 | 2026-06-02 | The hiWeb Migration Simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'new_domain' parameter in all versions up to, and including, 2.0.0.1… | |
| CVE-2026-3620 | MEDIUM | 4.4 | 2026-06-02 | The Word Replacer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'replacement' parameter in all versions up to, and including, 0.4. This is due t… | |
| CVE-2026-4071 | MEDIUM | 4.3 | 2026-06-02 | The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing nonce validation in the bi… |