Search
14,631 CVEs · Low severity
CVEs (14,631, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 326–350 of 14,631 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-44459 | LOW | Patched | 3.8 | 2026-05-13 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, improper validation of the JWT NumericDate claims exp, nbf, and iat … |
| CVE-2026-44410 | LOW | 3.8 | 2026-05-26 | This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's ex… | |
| CVE-2026-44405 | LOW | 3.4 | 2026-05-06 | In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm. | |
| CVE-2026-44367 | LOW | Patched | 2.7 | 2026-06-02 | Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms d… |
| CVE-2026-44348 | LOW | Patched | 2.5 | 2026-05-14 | PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in compute_hash_to_sign() in src/podofo/private/OpenSSLInternal_R… |
| CVE-2026-44278 | LOW | Patched | 2.3 | 2026-05-12 | A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions may allow attacker to informatio… |
| CVE-2026-44242 | LOW | Patched | 3.7 | 2026-05-12 | Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Prior to 4.10.22, the bundleCache is keyed by … |
| CVE-2026-44220 | LOW | Patched | 3.2 | 2026-05-12 | ciguard is a static security auditor for CI/CD pipelines. From 0.8.0 to 0.8.1 , the discover_pipeline_files() function in src/ciguard/discovery.py walks a directory tree fo… |
| CVE-2026-44219 | LOW | Patched | 3.7 | 2026-05-12 | ciguard is a static security auditor for CI/CD pipelines. From 0.6.0 to 0.8.1, both SCA HTTP clients (src/ciguard/analyzer/sca/osv.py and src/ciguard/analyzer/sca/endoflife… |
| CVE-2026-44218 | LOW | Patched | 3.0 | 2026-05-12 | ciguard is a static security auditor for CI/CD pipelines. From 0.1.0 to 0.8.1, the published ghcr.io/jo-jo98/ciguard container image inherits the default root user because … |
| CVE-2026-44075 | LOW | 3.7 | 2026-05-21 | A missing break statement in DSI OpenSession processing in Netatalk 1.5.0 through 4.4.2 causes a DSIOPT_ATTNQUANT switch case to fall through into DSIOPT_SERVQUANT, resulti… | |
| CVE-2026-44074 | LOW | 3.7 | 2026-05-21 | Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which … | |
| CVE-2026-44072 | LOW | 3.0 | 2026-05-21 | Netatalk 2.2.1 through 4.4.2 calls system() after a failed chdir() without properly handling the error condition, which allows a local privileged user to execute unintended… | |
| CVE-2026-44071 | LOW | 3.7 | 2026-05-21 | Netatalk 3.1.2 through 4.4.2 is compiled without FORTIFY_SOURCE, which disables built-in buffer overflow detection at runtime, potentially allowing a remote attacker to cau… | |
| CVE-2026-44070 | LOW | 3.1 | 2026-05-21 | An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service vi… | |
| CVE-2026-44069 | LOW | 3.9 | 2026-05-21 | An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or cause a … | |
| CVE-2026-44057 | LOW | 3.1 | 2026-05-21 | A dead bounds check in the Spotlight RPC unmarshaller in Netatalk 3.0.0 through 4.4.2 results in an unreachable code path that provides no effective bounds protection, whic… | |
| CVE-2026-43969 | LOW | Patched | 3.2 | 2026-05-11 | Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie nam… |
| CVE-2026-43964 | LOW | Patched | 3.7 | 2026-05-04 | Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the… |
| CVE-2026-43864 | LOW | Patched | 2.5 | 2026-05-04 | mutt before 2.3.2 has a show_sig_summary NULL pointer dereference. |
| CVE-2026-43863 | LOW | Patched | 3.7 | 2026-05-04 | mutt before 2.3.2 has an infinite loop in data_object_to_stream in crypt-gpgme.c. |
| CVE-2026-43862 | LOW | Patched | 3.7 | 2026-05-04 | In mutt before 2.3.2, the imap_auth_gss security level is mishandled. |
| CVE-2026-43861 | LOW | Patched | 3.7 | 2026-05-04 | mutt before 2.3.2 does not check for '\0' in url_pct_decode. |
| CVE-2026-43860 | LOW | Patched | 3.7 | 2026-05-04 | mutt before 2.3.2 sometimes truncates the hash_passwd by one byte for IMAP auth_cram MD5 digest. |
| CVE-2026-43859 | LOW | Patched | 3.7 | 2026-05-04 | mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP auth_cram MD5 digest. |