Search
14,631 CVEs · Low severity
CVEs (14,631, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 226–250 of 14,631 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2025-30509 | LOW | Patched | 3.8 | 2025-11-11 | Improper input validation for some Intel QuickAssist Technology software before version 2.6.0 within Ring 3: User Applications may allow an escalation of privilege. System … |
| CVE-2025-20622 | LOW | 3.8 | 2025-11-11 | Sensitive information uncleared in resource before release for reuse for some Intel(R) NPU Drivers for Windows before version 32.0.100.4023 within Ring 3: User Applications… | |
| CVE-2025-64350 | LOW | 3.8 | 2025-10-31 | Missing Authorization vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affec… | |
| CVE-2025-10931 | LOW | Patched | 3.8 | 2025-10-30 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Umami Analytics allows Cross-Site Scripting (XSS).This issue af… |
| CVE-2025-62794 | LOW | Patched | 3.8 | 2025-10-28 | GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token wou… |
| CVE-2025-61924 | LOW | Patched | 3.8 | 2025-10-16 | PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the Target PayPal merchant account hijacking… |
| CVE-2025-62412 | LOW | Patched | 3.8 | 2025-10-16 | LibreNMS is a community-based GPL-licensed network monitoring system. The alert rule name in the Alerts > Alert Rules page is not properly sanitized, and can be used to in… |
| CVE-2025-8594 | LOW | Patched | 3.8 | 2025-10-14 | The Pz-LinkCard WordPress plugin before 2.5.7 does not validate a parameter before making a request to it, which could allow users with a role as low as Contributor to perf… |
| CVE-2025-58578 | LOW | 3.8 | 2025-10-06 | A user with the appropriate authorization can create any number of user accounts via an API endpoint using a POST request. There are no quotas, checking mechanis… | |
| CVE-2025-10306 | LOW | 3.8 | 2025-10-03 | The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup location writes in all versions up to, and including, 1.4.1 via the process_backup… | |
| CVE-2025-10871 | LOW | Patched | 3.8 | 2025-09-26 | An issue has been discovered in GitLab EE affecting all versions from 16.6 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1. Project Maintainers can exploit a vuln… |
| CVE-2025-58009 | LOW | 3.8 | 2025-09-22 | Missing Authorization vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Exploiting Incorrectly Configured Access Control Security Leve… | |
| CVE-2025-56556 | LOW | 3.8 | 2025-09-11 | An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin … | |
| CVE-2025-8889 | LOW | Patched | 3.8 | 2025-09-09 | The Compress & Upload WordPress plugin before 1.0.5 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the … |
| CVE-2025-57807 | LOW | Patched | 3.8 | 2025-09-05 | ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(… |
| CVE-2025-8298 | LOW | Patched | 3.8 | 2025-09-02 | Realtek RTL8811AU rtwlanu.sys N6CQueryInformationHandleCustomized11nOids Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows local attackers … |
| CVE-2025-3456 | LOW | 3.8 | 2025-08-25 | On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both … | |
| CVE-2025-53971 | LOW | Patched | 3.8 | 2025-08-21 | Mattermost versions 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate authorization for team scheme role modifications which allows Team Admins to demote Team M… |
| CVE-2025-8013 | LOW | 3.8 | 2025-08-15 | The Quttera Web Malware Scanner plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.5.1.41 via the 'RunExternalScan' f… | |
| CVE-2025-36581 | LOW | Patched | 3.8 | 2025-08-14 | Dell PowerEdge Platform version(s) 14G AMD BIOS v1.25.0 and prior, contain(s) an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with… |
| CVE-2025-26863 | LOW | 3.8 | 2025-08-12 | Uncontrolled resource consumption in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially… | |
| CVE-2025-48709 | LOW | Patched | 3.8 | 2025-08-07 | BMC Control-M/Server 9.0.21.300 displays cleartext database credentials in process lists and logs. An authenticated attacker with shell access could observe these credentia… |
| CVE-2025-46094 | LOW | Patched | 3.8 | 2025-08-04 | LiquidFiles before 4.1.2 allows directory traversal by configuring the pathname of a local executable file as an Actionscript. |
| CVE-2025-54085 | LOW | Patched | 3.8 | 2025-07-31 | CVE-2025-54085 is a vulnerability in the management console of Absolute Secure Access prior to version 13.56. Attackers with administrative access to the console and who ha… |
| CVE-2024-36348 | LOW | 3.8 | 2025-07-08 | A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, potentiall… |