Search
14,631 CVEs · Low severity
CVEs (14,631, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 301–325 of 14,631 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-4512 | LOW | Patched | 3.5 | 2026-04-23 | The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key setting before outputting it in a JavaScript string context via the grecap… |
| CVE-2026-45076 | LOW | Patched | 2.7 | 2026-05-28 | Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Sy… |
| CVE-2026-44996 | LOW | Patched | 3.7 | 2026-05-11 | OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root containment checks.… |
| CVE-2026-44987 | LOW | Patched | 3.8 | 2026-05-08 | SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Su… |
| CVE-2026-4495 | LOW | 3.5 | 2026-03-20 | A security flaw has been discovered in atjiu pybbs 6.0.0. This impacts the function create of the file src/main/java/co/yiiu/pybbs/controller/api/CommentApiController.java.… | |
| CVE-2026-4494 | LOW | 3.5 | 2026-03-20 | A vulnerability was identified in atjiu pybbs 6.0.0. This affects the function create of the file src/main/java/co/yiiu/pybbs/controller/api/TopicApiController.java. The ma… | |
| CVE-2026-44928 | LOW | Patched | 2.9 | 2026-05-08 | In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal. |
| CVE-2026-44927 | LOW | Patched | 2.9 | 2026-05-08 | In uriparser before 1.0.2, there is pointer difference truncation to int in various places. |
| CVE-2026-44916 | LOW | Patched | 3.0 | 2026-05-08 | In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing. |
| CVE-2026-4477 | LOW | 3.1 | 2026-03-20 | A vulnerability was determined in Yi Technology YI Home Camera 2 2.1.1_20171024151200. This affects an unknown function of the component WPA/WPS. Executing a manipulation c… | |
| CVE-2026-44743 | LOW | 3.7 | 2026-06-09 | Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on… | |
| CVE-2026-4474 | LOW | 2.4 | 2026-03-20 | A flaw has been found in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /admin_single_student_update.php. This manipulation of t… | |
| CVE-2026-44658 | LOW | Patched | 2.4 | 2026-05-11 | Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed ar… |
| CVE-2026-44638 | LOW | Patched | 2.5 | 2026-05-14 | libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixel_decode_raw and sixel_… |
| CVE-2026-44603 | LOW | Patched | 3.7 | 2026-05-07 | Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007. |
| CVE-2026-44602 | LOW | Patched | 3.7 | 2026-05-07 | Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006. |
| CVE-2026-44601 | LOW | Patched | 3.7 | 2026-05-07 | Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009. |
| CVE-2026-44600 | LOW | Patched | 3.7 | 2026-05-07 | Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order queue during the clearing of a queue, aka TROVE-2026-010. |
| CVE-2026-44599 | LOW | Patched | 3.7 | 2026-05-07 | Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, aka TROVE-2026-008. |
| CVE-2026-44597 | LOW | Patched | 3.7 | 2026-05-07 | Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011. |
| CVE-2026-44589 | LOW | Patched | 3.7 | 2026-05-14 | Nuxt OG Image generates OG Images with Vue templates in Nuxt. The isBlockedUrl() denylist introduced in nuxt-og-image@6.2.5 to remediate GHSA-pqhr-mp3f-hrpp (Dmitry Prokhor… |
| CVE-2026-44582 | LOW | Patched | 3.7 | 2026-05-13 | Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be vulnerable to cache… |
| CVE-2026-44572 | LOW | Patched | 3.7 | 2026-05-13 | Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, an external client could send a x-nextjs-data header on a n… |
| CVE-2026-44546 | LOW | Patched | 3.7 | 2026-06-03 | daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, … |
| CVE-2026-44474 | LOW | Patched | 3.7 | 2026-05-27 | Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core didn't enforce security rules on concurrent running of security procedures defined in TS 33… |