Search
14,631 CVEs · Low severity
CVEs (14,631, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 276–300 of 14,631 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2025-20091 | LOW | Patched | 3.8 | 2025-03-04 | in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited o… |
| CVE-2025-20626 | LOW | Patched | 3.8 | 2025-03-04 | in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited o… |
| CVE-2025-21084 | LOW | Patched | 3.8 | 2025-03-04 | in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through through NULL pointer dereference.. This vulnerability… |
| CVE-2025-20024 | LOW | Patched | 3.8 | 2025-03-04 | in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. This vulnerability can be exploited… |
| CVE-2025-0587 | LOW | Patched | 3.8 | 2025-03-04 | in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. This vulnerability can be exploited… |
| CVE-2025-0914 | LOW | Patched | 3.8 | 2025-02-27 | An improper access control issue in the VQL shell feature in Velociraptor Versions < 0.73.4 allowed authenticated users to execute the execve() plugin in deployments where … |
| CVE-2025-25877 | LOW | 3.8 | 2025-02-21 | A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /admin.php. The attack can use SQL injection to obta… | |
| CVE-2025-25878 | LOW | 3.8 | 2025-02-21 | A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /del.php. The attack can use SQL injection to obtain… | |
| CVE-2024-4028 | LOW | 3.8 | 2025-02-18 | A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items (Resource and Permission… | |
| CVE-2024-31144 | LOW | Patched | 3.8 | 2025-02-14 | For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.html#object-model-overview Xapi contains functionality to backup and res… |
| CVE-2024-37020 | LOW | 3.8 | 2025-02-12 | Sequence of processor instructions leads to unexpected behavior in the Intel(R) DSA V1.0 for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially… | |
| CVE-2024-51324 | LOW | 3.8 | 2025-02-11 | An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via executing a BYOVD (Bring Your Own Vulnerable Driver) attack. | |
| CVE-2024-13116 | LOW | Patched | 3.8 | 2025-01-27 | The Crelly Slider WordPress plugin before 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cr… |
| CVE-2024-13450 | LOW | Patched | 3.8 | 2025-01-25 | The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Server-Sid… |
| CVE-2025-21546 | LOW | Patched | 3.8 | 2025-01-21 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and p… |
| CVE-2023-42238 | LOW | Patched | 3.8 | 2025-01-13 | An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_eps.php. |
| CVE-2023-42239 | LOW | Patched | 3.8 | 2025-01-13 | An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_ep.php. |
| CVE-2023-42240 | LOW | Patched | 3.8 | 2025-01-13 | An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /monitor/… |
| CVE-2023-42241 | LOW | Patched | 3.8 | 2025-01-13 | An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_… |
| CVE-2023-42242 | LOW | Patched | 3.8 | 2025-01-13 | An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /monitor/s_terminal.php. |
| CVE-2023-42235 | LOW | Patched | 3.8 | 2025-01-13 | An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple parameters of /monitor/s_nor… |
| CVE-2023-42236 | LOW | Patched | 3.8 | 2025-01-13 | An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /common/ajaxfunction.php. |
| CVE-2023-42237 | LOW | Patched | 3.8 | 2025-01-13 | An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple GET parameters of /vam/vam_i… |
| CVE-2024-13308 | LOW | Patched | 3.8 | 2025-01-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Browser Back Button allows Cross-Site Scripting (XSS).This issu… |
| CVE-2025-22449 | LOW | Patched | 3.8 | 2025-01-09 | Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by upda… |