Search
14,625 CVEs · Low severity
EOL hidden · Show all products
CVEs (14,625, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 376–400 of 14,625 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↓ | Description |
|---|---|---|---|---|---|
| CVE-2026-7013 | LOW | Patched | 2.4 | 2026-04-26 | A security vulnerability has been detected in MaxSite CMS up to 109.3. Affected by this issue is some unknown functionality of the component mail_send Plugin. The manipulat… |
| CVE-2026-7012 | LOW | Patched | 2.4 | 2026-04-26 | A vulnerability was detected in MaxSite CMS up to 109.3. This affects an unknown part of the component Redirect Plugin. The manipulation of the argument f_all/f_all404 resu… |
| CVE-2026-7011 | LOW | Patched | 2.4 | 2026-04-26 | A weakness has been identified in MaxSite CMS up to 109.3. Affected by this vulnerability is an unknown functionality of the file /admin/plugin_antispam of the component An… |
| CVE-2026-7001 | LOW | 2.4 | 2026-04-25 | A vulnerability was found in Datacom DM4100 1.3.6.1.4.1.3709. This affects an unknown part of the component Ethernet Configuration Page. Performing a manipulation of the ar… | |
| CVE-2026-7000 | LOW | 2.4 | 2026-04-25 | A vulnerability has been found in Datacom DM4100 1.3.6.1.4.1.3709. Affected by this issue is some unknown functionality of the component VLAN Page. Such manipulation of the… | |
| CVE-2026-6999 | LOW | 2.4 | 2026-04-25 | A flaw has been found in BIVOCOM TR321 21.1.1.50. Affected by this vulnerability is an unknown functionality of the component Wireless Setting. This manipulation of the arg… | |
| CVE-2026-6998 | LOW | 2.4 | 2026-04-25 | A vulnerability was detected in BDCOM P3310D 0.4.2 10.1.0F Build 86345. Affected is an unknown function of the component New RMON Statistics Page. The manipulation of the a… | |
| CVE-2026-6997 | LOW | 2.4 | 2026-04-25 | A security vulnerability has been detected in BDCOM P3310D 0.4.2 10.1.0F Build 86345. This impacts an unknown function of the component New RMON History Page. The manipulat… | |
| CVE-2026-6996 | LOW | 2.4 | 2026-04-25 | A weakness has been identified in BDCOM P3310D 0.4.2 10.1.0F Build 86345. This affects an unknown function of the component rmon event Tab. Executing a manipulation of the … | |
| CVE-2026-6995 | LOW | 2.4 | 2026-04-25 | A security flaw has been discovered in BDCOM P3310D 0.4.2 10.1.0F Build 86345. The impacted element is an unknown function of the file /index.asp of the component New User … | |
| CVE-2026-6990 | LOW | 3.5 | 2026-04-25 | A vulnerability was found in projeto-siga siga 11.0.3.18. The affected element is an unknown function of the file /sigawf/app/responsavel/novo. Performing a manipulation of… | |
| CVE-2026-6986 | LOW | Patched | 3.7 | 2026-04-25 | A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mg_aes_gcm_decrypt of the file /src/tls_aes128.c of the component… |
| CVE-2026-41488 | LOW | Patched | 3.1 | 2026-04-24 | LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's _url_to_size() helper (used by get_num_tokens_from_messages f… |
| CVE-2026-42040 | LOW | Patched | 3.7 | 2026-04-24 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode() function in lib/helpers/AxiosURLSearchParams.js contains a charac… |
| CVE-2026-41321 | LOW | Patched | 2.2 | 2026-04-24 | @astrojs/cloudflare is an SSR adapter for use with Cloudflare Workers targets. Prior to 13.1.10, the fetch() call for remote images in packages/integrations/cloudflare/src/… |
| CVE-2026-31051 | LOW | 3.8 | 2026-04-24 | An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of service via the Client Balance component | |
| CVE-2026-41357 | LOW | Patched | 3.3 | 2026-04-23 | OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized process.env to child processes. Attacke… |
| CVE-2026-41354 | LOW | Patched | 3.7 | 2026-04-23 | OpenClaw before 2026.4.2 contains an insufficient scope vulnerability in Zalo webhook replay dedupe keys that allows legitimate events from different conversations or sende… |
| CVE-2026-41333 | LOW | Patched | 3.7 | 2026-04-23 | OpenClaw before 2026.3.31 contains an authentication rate limiting bypass vulnerability that allows attackers to circumvent shared authentication protections using fake dev… |
| CVE-2026-2708 | LOW | 3.7 | 2026-04-23 | A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in libsoup/soup-message-headers.c uncon… | |
| CVE-2026-4512 | LOW | Patched | 3.5 | 2026-04-23 | The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key setting before outputting it in a JavaScript string context via the grecap… |
| CVE-2026-41988 | LOW | Patched | 3.2 | 2026-04-23 | uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID version 4, which is very common… |
| CVE-2026-1272 | LOW | 2.7 | 2026-04-23 | IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnerability in the user access control panel. | |
| CVE-2026-34067 | LOW | Patched | 3.1 | 2026-04-22 | nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, `HistoryTreeProof::verify` panics on a malformed pro… |
| CVE-2026-3254 | LOW | Patched | 3.5 | 2026-04-22 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to lo… |