Search
14,631 CVEs · Low severity
CVEs (14,631, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 426–450 of 14,631 (capped at 500)
| CVE ID | Severity ↑ | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-22746 | LOW | Patched | 3.7 | 2026-04-22 | Vulnerability in Spring Spring Security. If an application is using the UserDetails#isEnabled, #isAccountNonExpired, or #isAccountNonLocked user attributes, to enable, expi… |
| CVE-2026-6392 | LOW | Patched | 2.7 | 2026-04-22 | Tanium addressed an information disclosure vulnerability in Threat Response. |
| CVE-2026-6408 | LOW | Patched | 2.7 | 2026-04-22 | Tanium addressed an information disclosure vulnerability in Tanium Server. |
| CVE-2026-6416 | LOW | Patched | 2.7 | 2026-04-22 | Tanium addressed an uncontrolled resource consumption vulnerability in Interact. |
| CVE-2026-3307 | LOW | Patched | 2.7 | 2026-04-21 | An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning … |
| CVE-2026-6830 | LOW | 3.3 | 2026-04-21 | nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously active profile… | |
| CVE-2026-35249 | LOW | 3.2 | 2026-04-21 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerab… | |
| CVE-2026-35250 | LOW | 2.3 | 2026-04-21 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerab… | |
| CVE-2026-34312 | LOW | Patched | 2.4 | 2026-04-21 | Vulnerability in the RDBMS component of Oracle Database Server. Supported versions that are affected are 19.3-19.30. Easily exploitable vulnerability allows high privilege… |
| CVE-2026-34268 | LOW | 2.9 | 2026-04-21 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are… | |
| CVE-2026-22014 | LOW | 3.8 | 2026-04-21 | Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Workflow and Business Events). Supported versions that are affected are 12.2.7-1… | |
| CVE-2026-22018 | LOW | 3.7 | 2026-04-21 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that ar… | |
| CVE-2026-22007 | LOW | 2.9 | 2026-04-21 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are… | |
| CVE-2026-22008 | LOW | 3.7 | 2026-04-21 | Vulnerability in Oracle Java SE (component: Libraries). The supported version that is affected is Oracle Java SE: 25.0.1. Difficult to exploit vulnerability allows unauth… | |
| CVE-2026-22001 | LOW | 2.7 | 2026-04-21 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and … | |
| CVE-2026-6745 | LOW | 3.5 | 2026-04-21 | A vulnerability was determined in Bagisto up to 2.3.15. Affected by this vulnerability is an unknown functionality of the component Custom Scripts Handler. This manipulatio… | |
| CVE-2026-6743 | LOW | 3.5 | 2026-04-21 | A vulnerability has been found in WebSystems WebTOTUM 2026. This impacts an unknown function of the component Calendar. The manipulation leads to cross site scripting. The … | |
| CVE-2026-40279 | LOW | Patched | 3.7 | 2026-04-21 | BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, decode_signed32() in src/bacnet/bacint.c reconstructs a 32-bit signed in… |
| CVE-2026-29179 | LOW | Patched | 3.3 | 2026-04-21 | October is a Content Management System (CMS) and web platform. Prior to 3.7.16 and 4.1.16, fine-grained sub-permission checks for asset and blueprint file operations were n… |
| CVE-2026-27937 | LOW | Patched | 3.1 | 2026-04-21 | October is a Content Management System (CMS) and web platform. Prior to 3.7.16 and 4.1.16, a reflected Cross-Site Scripting (XSS) vulnerability was identified in the backen… |
| CVE-2025-31958 | LOW | 3.7 | 2026-04-21 | HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers … | |
| CVE-2026-31369 | LOW | 3.2 | 2026-04-21 | PcManager is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability | |
| CVE-2026-39388 | LOW | Patched | 3.1 | 2026-04-21 | OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a token renewal is requested a… |
| CVE-2026-39396 | LOW | Patched | 3.1 | 2026-04-21 | OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, `ExtractPluginFromImage()` in OpenBao's OCI plugin downloader extracts a plugin … |
| CVE-2026-40264 | LOW | Patched | 2.7 | 2026-04-21 | OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token a… |