Search
14,626 CVEs · Low severity
CVEs (14,626, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 426–450 of 14,626 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-40263 | LOW | Patched | 3.7 | 2026-04-17 | Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the login endpoint performs bcrypt password verification only when the supplied username … |
| CVE-2026-40228 | LOW | 2.9 | 2026-04-10 | In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set. | |
| CVE-2026-40194 | LOW | Patched | 3.7 | 2026-04-10 | phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::get_binary_packet() uses PHP's != operator … |
| CVE-2026-40184 | LOW | Patched | 3.7 | 2026-04-10 | TREK is a collaborative travel planner. Prior to 2.7.2, TREK served uploaded photos without requiring authentication. This vulnerability is fixed in 2.7.2. |
| CVE-2026-40131 | LOW | 3.4 | 2026-05-12 | SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared st… | |
| CVE-2026-4012 | LOW | 3.3 | 2026-03-12 | A vulnerability was determined in rxi fe up to ed4cda96bd582cbb08520964ba627efb40f3dd91. The impacted element is the function read_ of the file src/fe.c. This manipulation … | |
| CVE-2026-40109 | LOW | Patched | 3.1 | 2026-04-09 | Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notificati… |
| CVE-2026-4010 | LOW | 3.3 | 2026-03-12 | A vulnerability was found in ThakeeNathees pocketlang up to cc73ca61b113d48ee130d837a7a8b145e41de5ce. The affected element is the function pkByteBufferAddString. The manipu… | |
| CVE-2026-40097 | LOW | Patched | 3.7 | 2026-04-10 | Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to before 0.30.0-rc3, an attacker can trigger an index out-o… |
| CVE-2026-4009 | LOW | 3.3 | 2026-03-12 | A vulnerability has been found in jarikomppa soloud up to 20200207. Impacted is the function drwav_read_pcm_frames_s16__msadpcm in the library src/audiosource/wav/dr_wav.h … | |
| CVE-2026-40077 | LOW | Patched | 3.5 | 2026-04-09 | Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the u… |
| CVE-2026-40020 | LOW | Patched | 3.1 | 2026-05-12 | Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imap_acl_allow_anyone=no. This causes folders to be spammed to a… |
| CVE-2026-39967 | LOW | Patched | 3.1 | 2026-05-22 | TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the bot engine's the findResult query does not filter results by typebotId, allowing an authenticated user … |
| CVE-2026-3984 | LOW | 3.5 | 2026-03-12 | A weakness has been identified in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This vulnerability affects unknown code of the file save_up_athle… | |
| CVE-2026-3983 | LOW | 3.5 | 2026-03-12 | A security flaw has been discovered in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This affects an unknown part of the file save-games.php. The… | |
| CVE-2026-39824 | LOW | 3.3 | 2026-05-22 | NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString (a 16-bit number of bytes), i… | |
| CVE-2026-3963 | LOW | 3.7 | 2026-03-11 | A security flaw has been discovered in perfree go-fastdfs-web up to 1.3.7. This affects the function rememberMeManager of the file src/main/java/com/perfree/config/ShiroCon… | |
| CVE-2026-39510 | LOW | 2.7 | 2026-04-08 | Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly … | |
| CVE-2026-3950 | LOW | 3.3 | 2026-03-11 | A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. … | |
| CVE-2026-3949 | LOW | 3.3 | 2026-03-11 | A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdec_push_data2 of the file libheif/plugins/decoder_vvdec.cc of the component … | |
| CVE-2026-3946 | LOW | 3.5 | 2026-03-11 | A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file /index.php?ask=app-ask. Performing a manipulation of the argument askco… | |
| CVE-2026-39419 | LOW | Patched | 3.1 | 2026-04-14 | MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an authenticated user can bypass sandbox result validation and spoof tool execution result… |
| CVE-2026-39396 | LOW | Patched | 3.1 | 2026-04-21 | OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, `ExtractPluginFromImage()` in OpenBao's OCI plugin downloader extracts a plugin … |
| CVE-2026-39388 | LOW | Patched | 3.1 | 2026-04-21 | OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a token renewal is requested a… |
| CVE-2026-39349 | LOW | Patched | 2.7 | 2026-04-07 | OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source encrypts certain sensitive fields with AES in ECB mode, which pr… |