Search
273 CVEs · Low severity
CVEs (273)
Showing 226–250 of 273
| CVE ID | Severity | Patch | CVSS | Published ↓ | Description |
|---|---|---|---|---|---|
| CVE-2026-2900 | LOW | Patched | 2.7 | 2026-05-14 | GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that when instance-level approva… |
| CVE-2026-33585 | LOW | Patched | 3.8 | 2026-05-13 | Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an… |
| CVE-2026-30904 | LOW | Patched | 1.8 | 2026-05-13 | Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access. |
| CVE-2026-44582 | LOW | Patched | 3.7 | 2026-05-13 | Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be vulnerable to cache… |
| CVE-2026-44572 | LOW | Patched | 3.7 | 2026-05-13 | Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, an external client could send a x-nextjs-data header on a n… |
| CVE-2026-44459 | LOW | Patched | 3.8 | 2026-05-13 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, improper validation of the JWT NumericDate claims exp, nbf, and iat … |
| CVE-2026-8200 | LOW | Patched | 2.7 | 2026-05-13 | When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not have all use… |
| CVE-2026-44242 | LOW | Patched | 3.7 | 2026-05-12 | Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Prior to 4.10.22, the bundleCache is keyed by … |
| CVE-2026-44220 | LOW | Patched | 3.2 | 2026-05-12 | ciguard is a static security auditor for CI/CD pipelines. From 0.8.0 to 0.8.1 , the discover_pipeline_files() function in src/ciguard/discovery.py walks a directory tree fo… |
| CVE-2026-44219 | LOW | Patched | 3.7 | 2026-05-12 | ciguard is a static security auditor for CI/CD pipelines. From 0.6.0 to 0.8.1, both SCA HTTP clients (src/ciguard/analyzer/sca/osv.py and src/ciguard/analyzer/sca/endoflife… |
| CVE-2026-44218 | LOW | Patched | 3.0 | 2026-05-12 | ciguard is a static security auditor for CI/CD pipelines. From 0.1.0 to 0.8.1, the published ghcr.io/jo-jo98/ciguard container image inherits the default root user because … |
| CVE-2026-42445 | LOW | Patched | 3.3 | 2026-05-12 | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in Nana… |
| CVE-2026-42444 | LOW | Patched | 3.3 | 2026-05-12 | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. T… |
| CVE-2026-42443 | LOW | Patched | 3.3 | 2026-05-12 | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulne… |
| CVE-2026-42442 | LOW | Patched | 3.3 | 2026-05-12 | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vuln… |
| CVE-2026-42355 | LOW | Patched | 3.3 | 2026-05-12 | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the Electron Archive (ASAR) parser in NanaZi… |
| CVE-2026-34685 | LOW | Patched | 3.4 | 2026-05-12 | Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier [NEEDS REVIEW: impact mismatch — ticket says 'Arbitrary file system wri… |
| CVE-2026-44278 | LOW | Patched | 2.3 | 2026-05-12 | A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions may allow attacker to informatio… |
| CVE-2026-20793 | LOW | Patched | 3.3 | 2026-05-12 | Unchecked return value for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged s… |
| CVE-2026-43514 | LOW | Patched | 3.7 | 2026-05-12 | Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 th… |
| CVE-2026-40020 | LOW | Patched | 3.1 | 2026-05-12 | Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imap_acl_allow_anyone=no. This causes folders to be spammed to a… |
| CVE-2026-32684 | LOW | 2.9 | 2026-05-12 | The application does not impose strict enough restrictions on directory access permissions, posing a risk that other malicious applications could obtain sensitive information. | |
| CVE-2026-41530 | LOW | 3.3 | 2026-05-12 | The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the a… | |
| CVE-2026-40131 | LOW | 3.4 | 2026-05-12 | SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared st… | |
| CVE-2026-45362 | LOW | Patched | 3.2 | 2026-05-12 | Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file. |