Search
14,631 CVEs · Low severity
CVEs (14,631, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 301–325 of 14,631 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2024-56321 | LOW | Patched | 3.8 | 2025-01-03 | GoCD is a continuous deliver server. GoCD versions 18.9.0 through 24.4.0 (inclusive) can allow GoCD admins to abuse the backup configuration "post-backup script" feature to… |
| CVE-2023-23814 | LOW | 3.8 | 2024-12-09 | Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects C… | |
| CVE-2024-6156 | LOW | Patched | 3.8 | 2024-12-06 | Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store. |
| CVE-2024-6219 | LOW | Patched | 3.8 | 2024-12-06 | Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured. |
| CVE-2024-53502 | LOW | 3.8 | 2024-12-03 | Seecms v4.8 was discovered to contain a SQL injection vulnerability in the SEMCMS_SeoAndTag.php page. | |
| CVE-2024-8160 | LOW | Patched | 3.8 | 2024-11-26 | Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command … |
| CVE-2024-5030 | LOW | Patched | 3.8 | 2024-11-18 | The CM Table Of Contents WordPress plugin before 1.2.3 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin… |
| CVE-2024-38660 | LOW | 3.8 | 2024-11-13 | Protection mechanism failure in the SPP for some Intel(R) Xeon(R) processor family (E-Core) may allow an authenticated user to potentially enable escalation of privilege vi… | |
| CVE-2024-25565 | LOW | 3.8 | 2024-11-13 | Insufficient control flow management in UEFI firmware for some Intel(R) Xeon(R) Processors may allow an authenticated user to enable denial of service via local access. | |
| CVE-2024-30142 | LOW | 3.8 | 2024-11-07 | HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthori… | |
| CVE-2024-20528 | LOW | Patched | 3.8 | 2024-11-06 | A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to upload files to arbitrary locations on the underlying operating system of an affect… |
| CVE-2024-10228 | LOW | Patched | 3.8 | 2024-10-29 | The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for … |
| CVE-2024-46897 | LOW | Patched | 3.8 | 2024-10-18 | Incorrect permission assignment for critical resource issue exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. A logged-in user with the permission of tabl… |
| CVE-2024-21247 | LOW | Patched | 3.8 | 2024-10-15 | Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9… |
| CVE-2024-45599 | LOW | 3.8 | 2024-09-25 | Cursor is an artificial intelligence code editor. Prior to version 0.41.0, if a user on macOS has granted Cursor access to the camera or microphone, any program that is run… | |
| CVE-2024-8612 | LOW | 3.8 | 2024-09-20 | A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complet… | |
| CVE-2024-8694 | LOW | Patched | 3.8 | 2024-09-11 | A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This affects the function update of the file /admin/template/update of the comp… |
| CVE-2024-42425 | LOW | Patched | 3.8 | 2024-09-10 | Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local … |
| CVE-2024-38304 | LOW | Patched | 3.8 | 2024-08-29 | Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with … |
| CVE-2024-5445 | LOW | 3.8 | 2024-08-12 | Ecosystem Agent version 4 < 4.1.5.2597 and Ecosystem Agent version 5 < 5.1.4.2473 did not properly validate SSL/TLS certificates, which could allow a malicious actor to per… | |
| CVE-2024-41960 | LOW | Patched | 3.8 | 2024-08-05 | mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript payload into the Relay Hosts configuration.… |
| CVE-2024-39837 | LOW | Patched | 3.8 | 2024-08-01 | Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared chan… |
| CVE-2024-5470 | LOW | Patched | 3.8 | 2024-07-11 | An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with `admin_push_rules` p… |
| CVE-2024-37442 | LOW | Patched | 3.8 | 2024-07-09 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Photo Gallery Team Photo Gallery by Ays allows Code Inje… |
| CVE-2024-39324 | LOW | Patched | 3.8 | 2024-07-02 | aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.1 and prior to versions 2022.10.10, 2023.10.6, and 2024.4.2, improper access … |