Search
14,631 CVEs · Low severity
CVEs (14,631, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 251–275 of 14,631 (capped at 500)
| CVE ID | Severity ↓ | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-40020 | LOW | Patched | 3.1 | 2026-05-12 | Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imap_acl_allow_anyone=no. This causes folders to be spammed to a… |
| CVE-2026-32684 | LOW | 2.9 | 2026-05-12 | The application does not impose strict enough restrictions on directory access permissions, posing a risk that other malicious applications could obtain sensitive information. | |
| CVE-2026-41530 | LOW | 3.3 | 2026-05-12 | The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the a… | |
| CVE-2026-40131 | LOW | 3.4 | 2026-05-12 | SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared st… | |
| CVE-2026-45362 | LOW | Patched | 3.2 | 2026-05-12 | Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file. |
| CVE-2026-42188 | LOW | Patched | 2.4 | 2026-05-11 | Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Prior to 2.9.3, a server-side request forgery (SSRF) vulnerability exists in Geyser’s han… |
| CVE-2026-28957 | LOW | Patched | 3.3 | 2026-05-11 | An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5.… |
| CVE-2026-28910 | LOW | Patched | 3.3 | 2026-05-11 | This issue was addressed with improved permissions checking. This issue is fixed in macOS Tahoe 26.4. A malicious app may be able to access arbitrary files. |
| CVE-2026-42874 | LOW | Patched | 3.7 | 2026-05-11 | Microdot is a minimalistic Python web framework. Prior to 2.6.1, the Response.set_cookie() method does not sanitize its string arguments, and in particular will not detect … |
| CVE-2026-43969 | LOW | Patched | 3.2 | 2026-05-11 | Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie nam… |
| CVE-2026-44996 | LOW | Patched | 3.7 | 2026-05-11 | OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root containment checks.… |
| CVE-2026-44658 | LOW | Patched | 2.4 | 2026-05-11 | Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed ar… |
| CVE-2026-34094 | LOW | Patched | 3.8 | 2026-05-11 | Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from * be… |
| CVE-2026-8276 | LOW | 3.7 | 2026-05-11 | A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysql_server/mysql_server.go of the component MySQ… | |
| CVE-2026-8275 | LOW | 3.7 | 2026-05-11 | A vulnerability was detected in bettercap up to 2.41.5. Affected by this vulnerability is the function ippReadChunkedBody of the file modules/zerogod/zerogod_ipp_primitives… | |
| CVE-2026-8257 | LOW | Patched | 3.3 | 2026-05-11 | A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the componen… |
| CVE-2026-8262 | LOW | 2.4 | 2026-05-11 | A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /accounts/chart-save. Such manipulation leads to cross si… | |
| CVE-2026-8256 | LOW | 2.4 | 2026-05-11 | A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0. This vulnerability affects unknown code of the file /accounts/mr-save. Such manipulation l… | |
| CVE-2026-8253 | LOW | 2.4 | 2026-05-11 | A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. Affected by this vulnerability is an unknown functionality of the file /inventory/purchase_save. The m… | |
| CVE-2026-8254 | LOW | 2.4 | 2026-05-11 | A security flaw has been discovered in Devs Palace ERP Online up to 4.0.0. Affected by this issue is some unknown functionality of the file /inventory/sales_save. The manip… | |
| CVE-2026-8255 | LOW | 2.4 | 2026-05-11 | A weakness has been identified in Devs Palace ERP Online up to 4.0.0. This affects an unknown part of the file /inventory/add_new_customer. This manipulation causes cross s… | |
| CVE-2026-8242 | LOW | 3.7 | 2026-05-10 | A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Perfor… | |
| CVE-2026-45186 | LOW | Patched | 2.9 | 2026-05-10 | In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input. |
| CVE-2026-8232 | LOW | 3.5 | 2026-05-10 | A vulnerability was found in Dotouch XproUPF 2.0.0-release-088aa7c4. This impacts the function vlib_worker_loop in the library /usr/xpro/upf/tools/libs/libvlib.so of the co… | |
| CVE-2026-8221 | LOW | 2.4 | 2026-05-10 | A flaw has been found in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /inventory/item-save. This manipulation causes cross site scriptin… |