Search
2,392 CVEs · Low severity
CVEs (2,392, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 226–250 of 2,392 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↓ | Description |
|---|---|---|---|---|---|
| CVE-2025-62312 | LOW | 3.0 | 2026-05-14 | HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication. Use of basic authorization mechanisms may expose credentials to potent… | |
| CVE-2025-62309 | LOW | 2.6 | 2026-05-14 | HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may allow sensitive information to be stored in the brow… | |
| CVE-2026-6638 | LOW | Patched | 3.7 | 2026-05-14 | SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription'… |
| CVE-2026-7471 | LOW | Patched | 3.5 | 2026-05-14 | GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authen… |
| CVE-2026-6883 | LOW | Patched | 2.6 | 2026-05-14 | GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authen… |
| CVE-2026-2900 | LOW | Patched | 2.7 | 2026-05-14 | GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that when instance-level approva… |
| CVE-2026-33585 | LOW | Patched | 3.8 | 2026-05-13 | Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an… |
| CVE-2026-30904 | LOW | Patched | 1.8 | 2026-05-13 | Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access. |
| CVE-2026-44582 | LOW | Patched | 3.7 | 2026-05-13 | Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be vulnerable to cache… |
| CVE-2026-44572 | LOW | Patched | 3.7 | 2026-05-13 | Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, an external client could send a x-nextjs-data header on a n… |
| CVE-2026-44459 | LOW | Patched | 3.8 | 2026-05-13 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, improper validation of the JWT NumericDate claims exp, nbf, and iat … |
| CVE-2026-8200 | LOW | Patched | 2.7 | 2026-05-13 | When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not have all use… |
| CVE-2026-44242 | LOW | Patched | 3.7 | 2026-05-12 | Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Prior to 4.10.22, the bundleCache is keyed by … |
| CVE-2026-44220 | LOW | Patched | 3.2 | 2026-05-12 | ciguard is a static security auditor for CI/CD pipelines. From 0.8.0 to 0.8.1 , the discover_pipeline_files() function in src/ciguard/discovery.py walks a directory tree fo… |
| CVE-2026-44219 | LOW | Patched | 3.7 | 2026-05-12 | ciguard is a static security auditor for CI/CD pipelines. From 0.6.0 to 0.8.1, both SCA HTTP clients (src/ciguard/analyzer/sca/osv.py and src/ciguard/analyzer/sca/endoflife… |
| CVE-2026-44218 | LOW | Patched | 3.0 | 2026-05-12 | ciguard is a static security auditor for CI/CD pipelines. From 0.1.0 to 0.8.1, the published ghcr.io/jo-jo98/ciguard container image inherits the default root user because … |
| CVE-2026-42445 | LOW | Patched | 3.3 | 2026-05-12 | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in Nana… |
| CVE-2026-42444 | LOW | Patched | 3.3 | 2026-05-12 | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. T… |
| CVE-2026-42443 | LOW | Patched | 3.3 | 2026-05-12 | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulne… |
| CVE-2026-42442 | LOW | Patched | 3.3 | 2026-05-12 | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vuln… |
| CVE-2026-42355 | LOW | Patched | 3.3 | 2026-05-12 | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the Electron Archive (ASAR) parser in NanaZi… |
| CVE-2026-34685 | LOW | Patched | 3.4 | 2026-05-12 | Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier [NEEDS REVIEW: impact mismatch — ticket says 'Arbitrary file system wri… |
| CVE-2026-44278 | LOW | Patched | 2.3 | 2026-05-12 | A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions may allow attacker to informatio… |
| CVE-2026-20793 | LOW | Patched | 3.3 | 2026-05-12 | Unchecked return value for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged s… |
| CVE-2026-43514 | LOW | Patched | 3.7 | 2026-05-12 | Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 th… |