Search
14,626 CVEs · Low severity
CVEs (14,626, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 401–425 of 14,626 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2023-21889 | LOW | Patched | 3.8 | 2023-01-18 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6.… |
| CVE-2023-0091 | LOW | 3.8 | 2023-01-13 | A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or… | |
| CVE-2022-37911 | LOW | Patched | 3.8 | 2022-12-12 | Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. A successful exploit could allow an authenticated atta… |
| CVE-2022-4031 | LOW | Patched | 3.8 | 2022-11-29 | The Simple:Press plugin for WordPress is vulnerable to arbitrary file modifications in versions up to, and including, 6.8 via the 'file' parameter which does not properly r… |
| CVE-2022-45194 | LOW | Patched | 3.8 | 2022-11-12 | CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash disclosure. |
| CVE-2022-30297 | LOW | Patched | 3.8 | 2022-11-11 | Cross-site scripting in the Intel(R) EMA software before version 1.8.0 may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2022-39394 | LOW | Patched | 3.8 | 2022-11-10 | Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's C API implementation where the definition of the `wasmtime_trap_code`… |
| CVE-2022-20962 | LOW | 3.8 | 2022-11-04 | A vulnerability in the Localdisk Management feature of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to make unauthorized changes to th… | |
| CVE-2022-33747 | LOW | 3.8 | 2022-10-11 | Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest's P2M (Physical-to-Machine) mapping. When large pages a… | |
| CVE-2021-36865 | LOW | Patched | 3.8 | 2022-09-30 | Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 at WordPress allows attackers to change the content of the quiz. |
| CVE-2022-2256 | LOW | 3.8 | 2022-09-01 | A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious … | |
| CVE-2022-2469 | LOW | Patched | 3.8 | 2022-07-19 | GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client |
| CVE-2022-22450 | LOW | 3.8 | 2022-07-14 | IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in an HTTP request. IBM X-Force ID: 224916. | |
| CVE-2022-2106 | LOW | 3.8 | 2022-06-27 | Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specif… | |
| CVE-2020-16235 | LOW | Patched | 3.8 | 2022-05-19 | Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through version 3.3.5, to access field devices and external systems to be obtained. |
| CVE-2022-29423 | LOW | Patched | 3.8 | 2022-05-06 | Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress. |
| CVE-2022-21487 | LOW | Patched | 3.8 | 2022-04-19 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.34. Easily exploitable … |
| CVE-2022-21488 | LOW | Patched | 3.8 | 2022-04-19 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.34. Easily exploitable … |
| CVE-2022-25619 | LOW | Patched | 3.8 | 2022-03-30 | Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in ping tool of Profelis IT Consultancy SambaBox allows AUTHENTICATED user… |
| CVE-2022-25620 | LOW | Patched | 3.8 | 2022-03-30 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Group Functionality of Profelis IT Consultancy SambaBox allows AUTHENTICATED … |
| CVE-2021-3155 | LOW | Patched | 3.8 | 2022-02-17 | snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read informatio… |
| CVE-2022-24001 | LOW | 3.8 | 2022-02-11 | Information disclosure vulnerability in Edge Panel prior to Android S(12) allows physical attackers to access screenshot in clipboard via Edge Panel. | |
| CVE-2022-0473 | LOW | Patched | 3.8 | 2022-02-07 | OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface,… |
| CVE-2021-22799 | LOW | Patched | 3.8 | 2022-01-28 | A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an internal network to an external network when an attacker manages to decr… |
| CVE-2022-0333 | LOW | Patched | 3.8 | 2022-01-25 | A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed manager… |