Search
14,631 CVEs · Low severity
CVEs (14,631, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 276–300 of 14,631 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↓ | Description |
|---|---|---|---|---|---|
| CVE-2026-8220 | LOW | 2.4 | 2026-05-10 | A vulnerability was detected in Devs Palace ERP Online up to 4.0.0. This affects an unknown function of the file /inventory/customer-save. The manipulation results in cross… | |
| CVE-2026-8219 | LOW | 2.4 | 2026-05-10 | A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0. The impacted element is an unknown function of the file /inventory/supplier-save. The mani… | |
| CVE-2026-8218 | LOW | 2.4 | 2026-05-10 | A weakness has been identified in Devs Palace ERP Online up to 4.0.0. The affected element is an unknown function of the file /inventory/purchase_return_save. Executing a m… | |
| CVE-2026-45182 | LOW | Patched | 2.2 | 2026-05-09 | GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because a… |
| CVE-2026-8196 | LOW | 3.7 | 2026-05-09 | A flaw has been found in JeecgBoot 3.9.1. The impacted element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/syste… | |
| CVE-2026-44987 | LOW | Patched | 3.8 | 2026-05-08 | SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Su… |
| CVE-2026-42195 | LOW | Patched | 3.4 | 2026-05-08 | draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab … |
| CVE-2026-32803 | LOW | Patched | 3.3 | 2026-05-08 | Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.6, 9.6.0.0 through 9.7.1.13, 9.8.0.0 through 9.10.1.5 and 9.11.0.0 through 9.12.0.1 contains an Insufficient Logging vu… |
| CVE-2026-44928 | LOW | Patched | 2.9 | 2026-05-08 | In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal. |
| CVE-2026-44927 | LOW | Patched | 2.9 | 2026-05-08 | In uriparser before 1.0.2, there is pointer difference truncation to int in various places. |
| CVE-2026-44916 | LOW | Patched | 3.0 | 2026-05-08 | In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing. |
| CVE-2026-8136 | LOW | 2.4 | 2026-05-08 | A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /index.php?page=users. Executing a manipulation of… | |
| CVE-2026-41498 | LOW | Patched | 3.3 | 2026-05-08 | Kimai is an open-source time tracking application. Prior to version 2.54.0, the Team API endpoints use #[IsGranted('edit_team')] instead of #[IsGranted('edit', 'team')], ca… |
| CVE-2026-8124 | LOW | Patched | 3.3 | 2026-05-08 | A security vulnerability has been detected in GPAC up to 26.02.0. This affects the function sidx_box_read of the file src/isomedia/box_code_base.c. The manipulation leads t… |
| CVE-2026-8119 | LOW | Patched | 3.3 | 2026-05-08 | A vulnerability was detected in Open5GS up to 2.7.7. Impacted is the function ogs_sbi_stream_find_by_id in the library /lib/sbi/nghttp2-server.c of the component NSSF. Perf… |
| CVE-2026-8088 | LOW | Patched | 3.3 | 2026-05-07 | A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipul… |
| CVE-2026-8084 | LOW | Patched | 3.3 | 2026-05-07 | A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-… |
| CVE-2026-44603 | LOW | Patched | 3.7 | 2026-05-07 | Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007. |
| CVE-2026-44602 | LOW | Patched | 3.7 | 2026-05-07 | Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006. |
| CVE-2026-44601 | LOW | Patched | 3.7 | 2026-05-07 | Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009. |
| CVE-2026-41663 | LOW | Patched | 3.5 | 2026-05-07 | Admidio is an open-source user management solution. Prior to version 5.0.9, several administrative operations in Admidio's preferences module (database backup, test email, … |
| CVE-2026-41659 | LOW | Patched | 2.7 | 2026-05-07 | Admidio is an open-source user management solution. Prior to version 5.0.9, the member assignment DataTables endpoint (members_assignment_data.php) includes hidden profile … |
| CVE-2026-44600 | LOW | Patched | 3.7 | 2026-05-07 | Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order queue during the clearing of a queue, aka TROVE-2026-010. |
| CVE-2026-44599 | LOW | Patched | 3.7 | 2026-05-07 | Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, aka TROVE-2026-008. |
| CVE-2026-44597 | LOW | Patched | 3.7 | 2026-05-07 | Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011. |