Export limit exceeded: 352824 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (352824 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-48901 | 2026-05-26 | N/A | ||
| The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key. | ||||
| CVE-2026-42000 | 1 Powerdns | 1 Authoritative | 2026-05-26 | 6.8 Medium |
| Insufficient Validation of Names During AXFR | ||||
| CVE-2026-9564 | 2 Oretnom23, Sourcecodester | 2 Hospitals Patient Records Management System, Hospitals Patient Records Management System | 2026-05-26 | 2.4 Low |
| A vulnerability was found in SourceCodester/oretnom23 Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /admin/?page=patients/view_patient. Performing a manipulation of the argument Remarks results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | ||||
| CVE-2026-44214 | 2026-05-26 | 5.8 Medium | ||
| eventsource-encoder encodes events as well-formed EventSource/Server Sent Event (SSE) messages. Prior to 1.0.2, eventsource-encoder does not sanitize the event or id fields of an EventSourceMessage before serializing them. An attacker who controls either field can inject arbitrary Server-Sent Events line terminators (\n, \r, or \r\n) and thereby forge additional SSE fields or entire messages on the stream. This vulnerability is fixed in 1.0.2. | ||||
| CVE-2026-25426 | 2026-05-26 | 5.3 Medium | ||
| Missing Authorization vulnerability in Magepeople inc. Taxi Booking Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Taxi Booking Manager for WooCommerce: from n/a through 2.0.1. | ||||
| CVE-2026-24520 | 2026-05-26 | 4.3 Medium | ||
| Missing Authorization vulnerability in bPlugins Tiktok Feed allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Tiktok Feed: from n/a through 1.0.24. | ||||
| CVE-2026-25444 | 2026-05-26 | 4.3 Medium | ||
| Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9. | ||||
| CVE-2026-24195 | 2026-05-26 | 7.1 High | ||
| NVIDIA Display Driver for Linux contains a vulnerability in UVM, where a user could cause improper input validation. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2026-24182 | 2026-05-26 | 6.5 Medium | ||
| NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could leak held driver locks. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2026-24199 | 2026-05-26 | 4.7 Medium | ||
| NVIDIA Display Driver for Linux contains a vulnerability in a kernel module, where a user could cause a race condition by reordering compiler or processor memory instructions. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2026-24196 | 2026-05-26 | 7.1 High | ||
| NVIDIA Display Driver for Linux contains a vulnerability where a user could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to denial of service and information disclosure. | ||||
| CVE-2026-24194 | 2026-05-26 | 7.8 High | ||
| NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission handling. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution. | ||||
| CVE-2026-24162 | 1 Nvidia | 1 Merlin Transformers4rec | 2026-05-26 | 7.8 High |
| NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure. | ||||
| CVE-2026-9575 | 1 Itsourcecode | 1 Student Transcript Processing System | 2026-05-26 | 7.3 High |
| A vulnerability has been found in itsourcecode Student Transcript Processing System 1.0. This issue affects some unknown processing of the file /admin/modules/class/index.php?view=view. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-46431 | 2026-05-26 | 4.3 Medium | ||
| Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, the SSE event server's Access-Control-Allow-Origin response header was hardcoded to the wildcard * regardless of the caller's Origin. Because EventSource does not preflight and does not send cookies, the wildcard is sufficient to let any third-party page the developer visits open a cross-origin EventSource to the SSE port and read the live filename stream from JavaScript. This vulnerability is fixed in 1.17.7. | ||||
| CVE-2026-46430 | 2026-05-26 | 4.3 Medium | ||
| Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, the SSE event server bound to 0.0.0.0:5553 on Linux/macOS by default because the platform-dependent host default in engine/flags.go:39-46 set host = "" for non-Windows, and utils.JoinHostPort("", ":5553") resolves to ":5553". This vulnerability is fixed in 1.17.7. | ||||
| CVE-2026-42001 | 1 Powerdns | 1 Authoritative | 2026-05-26 | 7.5 High |
| Insufficient Validation of Autoprimary SOA Queries | ||||
| CVE-2026-42002 | 1 Powerdns | 1 Authoritative | 2026-05-26 | 5.9 Medium |
| Concurrency and locking defects in GSS-TSIG | ||||
| CVE-2026-24212 | 1 Nvidia | 1 Isaac Launchable | 2026-05-26 | 7.5 High |
| NVIDIA Isaac Launchable for Linux contains a vulnerability where sensitive information is transmitted in clear text. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2026-2264 | 1 Google | 1 Cloud Apigee-x | 2026-05-26 | N/A |
| A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery (SSRF) and exfiltrate service account access tokens. For successful exploitation, an administrator must initially establish an insecure configuration of the API proxy. | ||||