Search
14,626 CVEs · Low severity
CVEs (14,626, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 376–400 of 14,626 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-42195 | LOW | Patched | 3.4 | 2026-05-08 | draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab … |
| CVE-2026-4219 | LOW | 3.3 | 2026-03-16 | A flaw has been found in INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App up to 1.0.2 on Android. Affected by this vulnerability is an unknown functionality … | |
| CVE-2026-42188 | LOW | Patched | 2.4 | 2026-05-11 | Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Prior to 2.9.3, a server-side request forgery (SSRF) vulnerability exists in Geyser’s han… |
| CVE-2026-4218 | LOW | 2.5 | 2026-03-16 | A vulnerability was detected in myAEDES App up to 1.18.4 on Android. Affected is an unknown function of the file aedes/me/beta/utils/EngageBayUtils.java of the component ae… | |
| CVE-2026-4217 | LOW | 2.5 | 2026-03-16 | A security vulnerability has been detected in XREAL Nebula App up to 3.2.1 on Android. This impacts an unknown function of the file in ai/nreal/nebula/flutterPlugin/CloudSt… | |
| CVE-2026-42082 | LOW | Patched | 3.7 | 2026-05-27 | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not enforce the concurrent security procedure rules defined in 3GPP… |
| CVE-2026-42040 | LOW | Patched | 3.7 | 2026-04-24 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode() function in lib/helpers/AxiosURLSearchParams.js contains a charac… |
| CVE-2026-41988 | LOW | Patched | 3.2 | 2026-04-23 | uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID version 4, which is very common… |
| CVE-2026-41963 | LOW | 2.8 | 2026-05-15 | Stack overflow vulnerability in the media platform. Impact: Successful exploitation of this vulnerability may affect availability. | |
| CVE-2026-41962 | LOW | 3.6 | 2026-05-15 | Permission control vulnerability in the app management and control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |
| CVE-2026-41913 | LOW | Patched | 3.7 | 2026-04-28 | OpenClaw before 2026.4.4 contains a race condition vulnerability in shared-secret authentication that allows concurrent asynchronous requests to bypass the per-key rate-lim… |
| CVE-2026-4186 | LOW | 3.5 | 2026-03-16 | A vulnerability was determined in UEditor up to 1.4.3.2. This issue affects some unknown processing of the file php/controller.php?action=uploadimage of the component JSONP… | |
| CVE-2026-4175 | LOW | 3.5 | 2026-03-16 | A vulnerability was determined in Aureus ERP up to 1.3.0-BETA2. The affected element is an unknown function of the file plugins/webkul/chatter/resources/views/filament/info… | |
| CVE-2026-4174 | LOW | 3.3 | 2026-03-16 | A vulnerability has been found in Radare2 5.9.9. This issue affects the function walk_exports_trie of the file libr/bin/format/mach0/mach0.c of the component Mach-O File Pa… | |
| CVE-2026-4169 | LOW | 2.4 | 2026-03-16 | A security flaw has been discovered in Tecnick TCExam up to 16.6.0. Affected is the function F_xml_export_users of the file admin/code/tce_xml_users.php of the component XM… | |
| CVE-2026-4168 | LOW | Patched | 2.4 | 2026-03-16 | A vulnerability was identified in Tecnick TCExam 16.5.0. This impacts an unknown function of the file /admin/code/tce_edit_group.php of the component Group Handler. Such ma… |
| CVE-2026-41663 | LOW | Patched | 3.5 | 2026-05-07 | Admidio is an open-source user management solution. Prior to version 5.0.9, several administrative operations in Admidio's preferences module (database backup, test email, … |
| CVE-2026-4166 | LOW | 3.5 | 2026-03-16 | A vulnerability was found in Wavlink WL-NU516U1 240425. The impacted element is the function sub_404F68 of the file /cgi-bin/login.cgi. The manipulation of the argument hom… | |
| CVE-2026-41659 | LOW | Patched | 2.7 | 2026-05-07 | Admidio is an open-source user management solution. Prior to version 5.0.9, the member assignment DataTables endpoint (members_assignment_data.php) includes hidden profile … |
| CVE-2026-4165 | LOW | 2.4 | 2026-03-16 | A vulnerability has been found in Worksuite HR, CRM and Project Management up to 5.5.25. The affected element is an unknown function of the file /account/orders/create. The… | |
| CVE-2026-4159 | LOW | Patched | 3.3 | 2026-03-19 | 1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds h… |
| CVE-2026-41530 | LOW | 3.3 | 2026-05-12 | The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the a… | |
| CVE-2026-41498 | LOW | Patched | 3.3 | 2026-05-08 | Kimai is an open-source time tracking application. Prior to version 2.54.0, the Team API endpoints use #[IsGranted('edit_team')] instead of #[IsGranted('edit', 'team')], ca… |
| CVE-2026-41488 | LOW | Patched | 3.1 | 2026-04-24 | LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's _url_to_size() helper (used by get_num_tokens_from_messages f… |
| CVE-2026-41407 | LOW | Patched | 3.7 | 2026-04-28 | OpenClaw before 2026.4.2 contains a timing side channel vulnerability in shared-secret comparison call sites that use early length-mismatch checks instead of fixed-length c… |