Search
14,631 CVEs · Low severity
CVEs (14,631, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 401–425 of 14,631 (capped at 500)
| CVE ID | Severity ↑ | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-4512 | LOW | Patched | 3.5 | 2026-04-23 | The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key setting before outputting it in a JavaScript string context via the grecap… |
| CVE-2026-41988 | LOW | Patched | 3.2 | 2026-04-23 | uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID version 4, which is very common… |
| CVE-2026-1272 | LOW | 2.7 | 2026-04-23 | IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnerability in the user access control panel. | |
| CVE-2026-34067 | LOW | Patched | 3.1 | 2026-04-22 | nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, `HistoryTreeProof::verify` panics on a malformed pro… |
| CVE-2026-35381 | LOW | Patched | 3.3 | 2026-04-22 | A logic error in the cut utility of uutils coreutils causes the utility to ignore the -s (only-delimited) flag when using the -z (null-terminated) and -d '' (empty delimite… |
| CVE-2026-3254 | LOW | Patched | 3.5 | 2026-04-22 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to lo… |
| CVE-2026-35375 | LOW | Patched | 3.3 | 2026-04-22 | A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation ut… |
| CVE-2026-35377 | LOW | 3.3 | 2026-04-22 | A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S (split-string) option. In GNU env, bac… | |
| CVE-2026-35378 | LOW | Patched | 3.3 | 2026-04-22 | A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phas… |
| CVE-2026-35379 | LOW | Patched | 3.3 | 2026-04-22 | A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the [:graph:] and [:print:] character classes. The implementation mistakenly in… |
| CVE-2026-35373 | LOW | 3.3 | 2026-04-22 | A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms (e.g., l… | |
| CVE-2026-35367 | LOW | 3.3 | 2026-04-22 | The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-… | |
| CVE-2026-35371 | LOW | 3.3 | 2026-04-22 | The id utility in uutils coreutils exhibits incorrect behavior in its "pretty print" output when the real UID and effective UID differ. The implementation incorrectly uses … | |
| CVE-2026-35361 | LOW | Patched | 3.4 | 2026-04-22 | The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility… |
| CVE-2026-35362 | LOW | Patched | 3.6 | 2026-04-22 | The safe_traversal module in uutils coreutils, which provides protection against Time-of-Check to Time-of-Use (TOCTOU) symlink races using file-descriptor-relative syscalls… |
| CVE-2026-35353 | LOW | Patched | 3.3 | 2026-04-22 | The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions (typically 0755) before … |
| CVE-2026-35342 | LOW | Patched | 3.3 | 2026-04-22 | The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty st… |
| CVE-2026-35343 | LOW | Patched | 3.3 | 2026-04-22 | The cut utility in uutils coreutils incorrectly handles the -s (only-delimited) option when a newline character is specified as the delimiter. The implementation fails to v… |
| CVE-2026-35344 | LOW | 3.3 | 2026-04-22 | The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok() on truncation attempts. While intended to mim… | |
| CVE-2026-35346 | LOW | Patched | 3.3 | 2026-04-22 | The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::from_utf8_lossy(), whi… |
| CVE-2025-9957 | LOW | Patched | 2.7 | 2026-04-22 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions … |
| CVE-2026-33596 | LOW | Patched | 3.1 | 2026-04-22 | A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of perfectly timed queries that are… |
| CVE-2026-33597 | LOW | Patched | 3.7 | 2026-04-22 | PRSD detection denial of service |
| CVE-2026-33599 | LOW | Patched | 3.1 | 2026-04-22 | A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade (Lua) option to newServer or auto… |
| CVE-2026-6842 | LOW | 2.5 | 2026-04-22 | A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions (0777 instead of 0700) for the `~/.lo… |