Search
14,631 CVEs · Low severity
CVEs (14,631, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 326–350 of 14,631 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2024-37137 | LOW | Patched | 3.8 | 2024-06-28 | Dell Key Trust Platform, v3.0.6 and prior, contains Use of a Cryptographic Primitive with a Risky Implementation vulnerability. A local privileged attacker could potentiall… |
| CVE-2024-39156 | LOW | 3.8 | 2024-06-27 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=add. | |
| CVE-2024-39157 | LOW | 3.8 | 2024-06-27 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=del&dataType=&dataID=1. | |
| CVE-2024-32855 | LOW | Patched | 3.8 | 2024-06-25 | Dell Client Platform BIOS contains an Out-of-bounds Write vulnerability in an externally developed component. A high privileged attacker with local access could potentially… |
| CVE-2024-37885 | LOW | Patched | 3.8 | 2024-06-14 | The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load… |
| CVE-2024-36287 | LOW | Patched | 3.8 | 2024-06-14 | Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS. |
| CVE-2023-38420 | LOW | 3.8 | 2024-05-16 | Improper conditions check in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable information disclosure via local access. | |
| CVE-2024-35039 | LOW | 3.8 | 2024-05-16 | idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area. | |
| CVE-2023-5937 | LOW | 3.8 | 2024-05-15 | On Windows systems, the Arc configuration files resulted to be world-readable. This can lead to information disclosure by local attackers, via exfiltration of sensitive … | |
| CVE-2024-34218 | LOW | 3.8 | 2024-05-14 | TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. | |
| CVE-2024-34203 | LOW | 3.8 | 2024-05-14 | TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setLanguageCfg function. | |
| CVE-2024-3628 | LOW | 3.8 | 2024-05-07 | The EasyEvent WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site S… | |
| CVE-2024-3076 | LOW | Patched | 3.8 | 2024-04-26 | The MM-email2image WordPress plugin through 0.2.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to m… |
| CVE-2024-2972 | LOW | Patched | 3.8 | 2024-04-24 | The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.1.9 does not sanitise and … |
| CVE-2024-32314 | LOW | 3.8 | 2024-04-17 | Tenda AC500 V2.0.1.9(1307) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. | |
| CVE-2024-21000 | LOW | Patched | 3.8 | 2024-04-16 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.36 and prior and 8.3.0 a… |
| CVE-2024-3270 | LOW | Patched | 3.8 | 2024-04-03 | A vulnerability classified as problematic was found in ThingsBoard up to 3.6.2. This vulnerability affects unknown code of the component AdvancedFeature. The manipulation l… |
| CVE-2024-29948 | LOW | 3.8 | 2024-04-02 | There is an out-of-bounds read vulnerability in some Hikvision NVRs. An authenticated attacker could exploit this vulnerability by sending specially crafted messages to a v… | |
| CVE-2024-29196 | LOW | Patched | 3.8 | 2024-03-26 | phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows at… |
| CVE-2024-1742 | LOW | Patched | 3.8 | 2024-03-22 | Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and… |
| CVE-2024-0173 | LOW | Patched | 3.8 | 2024-03-13 | Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploi… |
| CVE-2024-0154 | LOW | Patched | 3.8 | 2024-03-13 | Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploi… |
| CVE-2024-2317 | LOW | Patched | 3.8 | 2024-03-08 | A vulnerability was found in Bdtask Hospital AutoManager up to 20240227 and classified as problematic. This issue affects some unknown processing of the file /prescription/… |
| CVE-2023-52584 | LOW | Patched | 3.8 | 2024-03-06 | In the Linux kernel, the following vulnerability has been resolved: spmi: mediatek: Fix UAF on device remove The pmif driver data that contains the clocks is allocated al… |
| CVE-2023-42419 | LOW | Patched | 3.8 | 2024-03-05 | Maintenance Server, in Cybellum's QCOW air-gapped distribution (China Edition), versions 2.15.5 through 2.27, was compiled with a hard-coded private cryptographic key. An… |