Search
19,363 CVEs
CVEs (19,363, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 1–25 of 19,363 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↓ | Description |
|---|---|---|---|---|---|
| CVE-2026-52778 | CRITICAL | 9.8 | 2026-06-08 | YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator (CalcField.php) of YesWiki. The… | |
| CVE-2026-46490 | NONE | Patched | — | 2026-06-08 | samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element… |
| CVE-2026-46486 | NONE | Patched | — | 2026-06-08 | MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise. Prior to version 2026.5.12, there is a… |
| CVE-2026-11559 | MEDIUM | 6.3 | 2026-06-08 | A vulnerability was detected in CodeAstro Payroll System 1.0. This affects an unknown function of the file /view_account.php. The manipulation of the argument ID results in… | |
| CVE-2026-11558 | MEDIUM | 6.3 | 2026-06-08 | A security vulnerability has been detected in CodeAstro Payroll System 1.0. The impacted element is an unknown function of the file /home_salary.php. The manipulation of th… | |
| CVE-2026-11557 | HIGH | 8.8 | 2026-06-08 | A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of the file /goform/Natlimit of the component Web Management… | |
| CVE-2026-11393 | CRITICAL | Patched | 9.0 | 2026-06-08 | Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might allow an authenticated remote threat actor to execute… |
| CVE-2026-10787 | NONE | — | 2026-06-08 | Missing authorization in the deleted user groups API in Devolutions Server allows an authenticated low-privileged user to enumerate metadata of deleted user groups via a cr… | |
| CVE-2026-10786 | NONE | — | 2026-06-08 | Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configur… | |
| CVE-2026-10544 | NONE | — | 2026-06-08 | Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to… | |
| CVE-2026-8913 | NONE | — | 2026-06-08 | A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web man… | |
| CVE-2026-11556 | HIGH | 8.8 | 2026-06-08 | A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management … | |
| CVE-2026-11555 | LOW | 3.7 | 2026-06-08 | A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file /etc/boa.conf of the component Web Interface. Such m… | |
| CVE-2026-11554 | MEDIUM | 4.3 | 2026-06-08 | A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/vsftpd.conf of the component vsftpd. This manipulatio… | |
| CVE-2026-11553 | HIGH | 8.8 | 2026-06-08 | A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formPPPEdit of the file /boaform/formPPPEdit. The manipulation of the argume… | |
| CVE-2026-11552 | MEDIUM | 5.3 | 2026-06-08 | A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affecte… | |
| CVE-2026-48507 | HIGH | 7.1 | 2026-06-08 | Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular `users.edit` permission to l… | |
| CVE-2026-46481 | HIGH | Patched | 8.3 | 2026-06-08 | OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TEST_CONNECTION workflow for a Database Service and receive, in the… |
| CVE-2026-46314 | NONE | — | 2026-06-08 | In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Reject empty multisync extension to prevent infinite loop v3d_get_extensions() walks a usersp… | |
| CVE-2026-46313 | NONE | — | 2026-06-08 | In the Linux kernel, the following vulnerability has been resolved: media: intel/ipu6: fix error pointer dereference In a error path isp->psys is confirmed to be an error… | |
| CVE-2026-46312 | NONE | — | 2026-06-08 | In the Linux kernel, the following vulnerability has been resolved: media: videobuf2: Set vma_flags in vb2_dma_sg_mmap vb2_dma_contig sets VMA flags VM_DONTEXPAND and VM_… | |
| CVE-2026-46311 | NONE | — | 2026-06-08 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping Use drm_exec to take both locks i.e vm root bo and … | |
| CVE-2026-46310 | NONE | — | 2026-06-08 | In the Linux kernel, the following vulnerability has been resolved: media: renesas: vsp1: Fix NULL pointer deref on module unload When unloading the module on gen 4, we h… | |
| CVE-2026-46309 | NONE | — | 2026-06-08 | In the Linux kernel, the following vulnerability has been resolved: drm/xe/uapi: Reject coh_none PAT index for CPU cached memory in madvise Add validation in xe_vm_madvis… | |
| CVE-2026-46308 | NONE | — | 2026-06-08 | In the Linux kernel, the following vulnerability has been resolved: pmdomain: mediatek: fix use-after-free in scpsys_get_bus_protection_legacy() In scpsys_get_bus_protect… |