Search
14,626 CVEs · Low severity
CVEs (14,626, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 401–425 of 14,626 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-41403 | LOW | Patched | 2.9 | 2026-04-28 | OpenClaw before 2026.3.31 misclassifies proxied remote requests as loopback connections in the diffs viewer when allowRemoteViewer is disabled, allowing unauthorized access… |
| CVE-2026-41357 | LOW | Patched | 3.3 | 2026-04-23 | OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized process.env to child processes. Attacke… |
| CVE-2026-41354 | LOW | Patched | 3.7 | 2026-04-23 | OpenClaw before 2026.4.2 contains an insufficient scope vulnerability in Zalo webhook replay dedupe keys that allows legitimate events from different conversations or sende… |
| CVE-2026-41333 | LOW | Patched | 3.7 | 2026-04-23 | OpenClaw before 2026.3.31 contains an authentication rate limiting bypass vulnerability that allows attackers to circumvent shared authentication protections using fake dev… |
| CVE-2026-41321 | LOW | Patched | 2.2 | 2026-04-24 | @astrojs/cloudflare is an SSR adapter for use with Cloudflare Workers targets. Prior to 13.1.10, the fetch() call for remote images in packages/integrations/cloudflare/src/… |
| CVE-2026-41263 | LOW | Patched | 3.7 | 2026-04-30 | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a timing side-channel vulnerability in Traefik's BasicAuth m… |
| CVE-2026-4115 | LOW | 3.7 | 2026-03-22 | A vulnerability was detected in PuTTY 0.83. Affected is the function eddsa_verify of the file crypto/ecc-ssh.c of the component Ed25519 Signature Handler. The manipulation … | |
| CVE-2026-41080 | LOW | Patched | 2.9 | 2026-04-16 | libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. |
| CVE-2026-40969 | LOW | Patched | 3.7 | 2026-04-28 | The raw message of every server-side AuthenticationException is returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker to obt… |
| CVE-2026-40963 | LOW | Patched | 3.1 | 2026-06-01 | The structure_data endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those link… |
| CVE-2026-40947 | LOW | Patched | 2.9 | 2026-04-16 | Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path. |
| CVE-2026-40686 | LOW | Patched | 3.7 | 2026-04-30 | In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malformed UTF-8 header data). Informa… |
| CVE-2026-4053 | LOW | Patched | 3.1 | 2026-05-15 | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to enforce the PostEditTimeLimit on non-message post fields which allows an authenticated user to modify post… |
| CVE-2026-40528 | LOW | Patched | 3.8 | 2026-05-29 | OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the do_key_value() function in src/pkcs15init/profile.c that allows… |
| CVE-2026-40510 | LOW | Patched | 3.8 | 2026-05-29 | OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in piv_process_history() in src/libopensc/card-piv.c that allows physicall… |
| CVE-2026-40505 | LOW | Patched | 3.3 | 2026-04-16 | MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. At… |
| CVE-2026-4045 | LOW | 3.7 | 2026-03-12 | A flaw has been found in projectsend up to r1945. This impacts an unknown function of the file includes/Classes/Auth.php. Executing a manipulation of the argument ldap_emai… | |
| CVE-2026-4044 | LOW | 3.8 | 2026-03-12 | A vulnerability was detected in projectsend up to r1945. This affects the function realpath of the file /import-orphans.php of the component Delete Handler. Performing a ma… | |
| CVE-2026-4040 | LOW | Patched | 3.3 | 2026-03-12 | A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation le… |
| CVE-2026-40354 | LOW | Patched | 2.9 | 2026-04-11 | Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a symlink attack on g_file_trash. |
| CVE-2026-40341 | LOW | 3.5 | 2026-04-18 | libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptp_unpack_EOS_FocusInfoEx could be used to crash libgpho… | |
| CVE-2026-40336 | LOW | 2.4 | 2026-04-18 | libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory leak in `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack.c` (lines 884… | |
| CVE-2026-40334 | LOW | 3.5 | 2026-04-18 | libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptp_unpack_Canon_FE() in camlibs/ptp2/ptp-pac… | |
| CVE-2026-40279 | LOW | Patched | 3.7 | 2026-04-21 | BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, decode_signed32() in src/bacnet/bacint.c reconstructs a 32-bit signed in… |
| CVE-2026-40264 | LOW | Patched | 2.7 | 2026-04-21 | OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token a… |