Search
14,631 CVEs · Low severity
CVEs (14,631, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 276–300 of 14,631 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-4577 | LOW | 2.4 | 2026-03-23 | A vulnerability was found in code-projects Exam Form Submission 1.0. The affected element is an unknown function of the file /admin/update_s4.php. Performing a manipulation… | |
| CVE-2026-4576 | LOW | 2.4 | 2026-03-23 | A vulnerability has been found in code-projects Exam Form Submission 1.0. Impacted is an unknown function of the file /admin/update_s5.php. Such manipulation of the argumen… | |
| CVE-2026-4575 | LOW | 2.4 | 2026-03-23 | A flaw has been found in code-projects Exam Form Submission 1.0. This issue affects some unknown processing of the file /admin/update_s2.php. This manipulation of the argum… | |
| CVE-2026-45739 | LOW | Patched | 3.1 | 2026-06-04 | Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL header… |
| CVE-2026-45683 | LOW | Patched | 3.8 | 2026-06-02 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Java TLS ioctl probe reads user-controlled… |
| CVE-2026-45613 | LOW | 3.3 | 2026-05-29 | Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by c… | |
| CVE-2026-4549 | LOW | 3.1 | 2026-03-22 | A flaw has been found in mickasmt next-saas-stripe-starter 1.0.0. Affected by this issue is the function openCustomerPortal of the file actions/open-customer-portal.ts of t… | |
| CVE-2026-4544 | LOW | 2.4 | 2026-03-22 | A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects an unknown function of the file /cgi-bin/login.cgi of the component POST Request Handler. Executin… | |
| CVE-2026-45426 | LOW | Patched | 3.1 | 2026-06-01 | Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid Log-server JWT issued for at least one Dag. Apache Airflow's Log server aut… |
| CVE-2026-4541 | LOW | 2.5 | 2026-03-22 | A flaw has been found in janmojzis tinyssh up to 20250501. Impacted is an unknown function of the file tinyssh/crypto_sign_ed25519_tinyssh.c of the component Ed25519 Signat… | |
| CVE-2026-45403 | LOW | Patched | 2.0 | 2026-05-28 | AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesyste… |
| CVE-2026-4539 | LOW | 3.3 | 2026-03-22 | A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation resul… | |
| CVE-2026-45362 | LOW | Patched | 3.2 | 2026-05-12 | Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file. |
| CVE-2026-45324 | LOW | 3.3 | 2026-05-29 | Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a double free in librz/core/cmd/cmd_search.c:byte_pattern_search() due wrong pointer o… | |
| CVE-2026-45316 | LOW | Patched | 3.5 | 2026-05-15 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the POST /api/v1/notes/{id}/pin endpoint performs a write… |
| CVE-2026-45278 | LOW | Patched | 3.3 | 2026-06-01 | Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another web… |
| CVE-2026-45277 | LOW | Patched | 3.3 | 2026-06-01 | Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, authenticated users can check if arbitrary files are associated with specific approval w… |
| CVE-2026-45266 | LOW | Patched | 3.5 | 2026-06-01 | Nextcloud is an open source content collaboration platform. Prior to versions 21.1.10, 22.0.11, and 23.0.3, a low-privileged user can force other user's microphones to be m… |
| CVE-2026-45232 | LOW | Patched | 3.1 | 2026-05-20 | Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in socket.c that allows network attac… |
| CVE-2026-4519 | LOW | Patched | 3.3 | 2026-03-20 | The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading das… |
| CVE-2026-45186 | LOW | Patched | 2.9 | 2026-05-10 | In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input. |
| CVE-2026-45182 | LOW | Patched | 2.2 | 2026-05-09 | GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because a… |
| CVE-2026-45159 | LOW | Patched | 3.5 | 2026-06-01 | Nextcloud is an open source content collaboration platform. From versions 1.15.0 to before 1.15.4, 1.16.0 to before 1.16.3, 1.17.0 to before 1.17.1, and 1.18.0 to before 1.… |
| CVE-2026-45155 | LOW | Patched | 2.6 | 2026-06-01 | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.7 and 33.0.0 to before 33.0.1, a missing access check on… |
| CVE-2026-45154 | LOW | Patched | 2.6 | 2026-06-01 | Nextcloud is an open source content collaboration platform. From version 2.6.0 to before version 4.3.0, when a previous collective pages was deleted and the collective was … |