Search
810 CVEs · Low severity
CVEs (810, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 451–475 of 810 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↓ | Description |
|---|---|---|---|---|---|
| CVE-2026-6622 | LOW | 2.4 | 2026-04-20 | A vulnerability was identified in BichitroGan ISP Billing Software 2025.3.20. This affects an unknown function of the file /?\_route=customers/edit/ of the component Custom… | |
| CVE-2026-6619 | LOW | 3.5 | 2026-04-20 | A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx o… | |
| CVE-2026-6611 | LOW | 3.1 | 2026-04-20 | A vulnerability was found in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component File Upload Endpoin… | |
| CVE-2024-7083 | LOW | Patched | 3.5 | 2026-04-20 | The Email Encoder WordPress plugin before 2.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored C… |
| CVE-2026-6610 | LOW | 3.7 | 2026-04-20 | A vulnerability has been found in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file djangoblog/settings.py of the component Set… | |
| CVE-2026-6600 | LOW | 3.5 | 2026-04-20 | A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the file src/frontend/src/modals/IOModal/components/chatView/chatMessage/comp… | |
| CVE-2026-6597 | LOW | 2.7 | 2026-04-20 | A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_api_keys/has_api_terms of the file src/backend/base/langflow/api/utils/c… | |
| CVE-2026-6593 | LOW | 3.5 | 2026-04-20 | A vulnerability was found in ComfyUI up to 0.13.0. Affected by this issue is some unknown functionality of the file server.py of the component View Endpoint. Performing a m… | |
| CVE-2026-6592 | LOW | 3.5 | 2026-04-20 | A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/user_manager.py of the component userdata… | |
| CVE-2026-6570 | LOW | 2.7 | 2026-04-19 | A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing … | |
| CVE-2026-32690 | LOW | Patched | 3.7 | 2026-04-18 | Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by the user the secrets stored as nested fields were not … |
| CVE-2026-40341 | LOW | 3.5 | 2026-04-18 | libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptp_unpack_EOS_FocusInfoEx could be used to crash libgpho… | |
| CVE-2026-40336 | LOW | 2.4 | 2026-04-18 | libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory leak in `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack.c` (lines 884… | |
| CVE-2026-40334 | LOW | 3.5 | 2026-04-18 | libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptp_unpack_Canon_FE() in camlibs/ptp2/ptp-pac… | |
| CVE-2026-33436 | LOW | Patched | 3.1 | 2026-04-17 | Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. In versions prior to 2.0.0, file upload endpoints render user-supplied fi… |
| CVE-2026-6493 | LOW | 3.5 | 2026-04-17 | A flaw has been found in lukevella rallly up to 4.7.4. This affects an unknown function of the file apps/web/src/app/[locale]/(auth)/reset-password/components/reset-passwor… | |
| CVE-2026-6486 | LOW | 3.5 | 2026-04-17 | A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of the file crbs-core/application/views/layout.php of the component User Disp… | |
| CVE-2026-35496 | LOW | Patched | 2.7 | 2026-04-17 | A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to access higher-level directories that should not… |
| CVE-2026-40263 | LOW | Patched | 3.7 | 2026-04-17 | Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the login endpoint performs bcrypt password verification only when the supplied username … |
| CVE-2026-41080 | LOW | Patched | 2.9 | 2026-04-16 | libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. |
| CVE-2026-3155 | LOW | 3.1 | 2026-04-16 | The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.8.0. This is due to the plugin not pro… | |
| CVE-2024-8010 | LOW | 3.5 | 2026-04-16 | The component accepts XML input through the publisher without disabling external entity resolution. This allows malicious actors to submit a crafted XML payload that exploi… | |
| CVE-2026-40505 | LOW | Patched | 3.3 | 2026-04-16 | MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. At… |
| CVE-2026-40947 | LOW | Patched | 2.9 | 2026-04-16 | Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path. |
| CVE-2026-6313 | LOW | Patched | 3.1 | 2026-04-15 | Insufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin dat… |