Search
14,626 CVEs · Low severity
CVEs (14,626, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 76–100 of 14,626 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2023-36555 | LOW | Patched | 3.9 | 2023-10-10 | An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or comman… |
| CVE-2023-4753 | LOW | Patched | 3.9 | 2023-09-21 | OpenHarmony v3.2.1 and prior version has a system call function usage error. Local attackers can crash kernel by the error input. |
| CVE-2023-5084 | LOW | Patched | 3.9 | 2023-09-20 | Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.8.8. |
| CVE-2023-40732 | LOW | Patched | 3.9 | 2023-09-12 | A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application does not invalidate the session token on lo… |
| CVE-2023-41329 | LOW | Patched | 3.9 | 2023-09-06 | WireMock is a tool for mocking HTTP services. The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying t… |
| CVE-2023-0654 | LOW | Patched | 3.9 | 2023-08-29 | Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application a… |
| CVE-2023-0238 | LOW | Patched | 3.9 | 2023-08-29 | Due to lack of a security policy, the WARP Mobile Client (<=6.29) for Android was susceptible to this vulnerability which allowed a malicious app installed on a victim's de… |
| CVE-2023-3800 | LOW | 3.9 | 2023-07-20 | A vulnerability was found in EasyAdmin8 2.0.2.2. It has been classified as problematic. Affected is an unknown function of the file /admin/index/index.html#/admin/mall.good… | |
| CVE-2023-3363 | LOW | Patched | 3.9 | 2023-07-13 | An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to … |
| CVE-2023-20867 | LOW | Patched | 3.9 | 2023-06-13 | A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. |
| CVE-2023-28829 | LOW | Patched | 3.9 | 2023-06-13 | A vulnerability has been identified in SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PC… |
| CVE-2023-30571 | LOW | Patched | 3.9 | 2023-05-29 | Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process… |
| CVE-2023-23910 | LOW | Patched | 3.9 | 2023-05-10 | Out-of-bounds write for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially escala… |
| CVE-2021-46762 | LOW | 3.9 | 2023-05-09 | Insufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially leading to a loss of integrity or denial of service. | |
| CVE-2023-30624 | LOW | Patched | 3.9 | 2023-04-27 | Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing per-instance state, such as tables and me… |
| CVE-2023-30544 | LOW | Patched | 3.9 | 2023-04-24 | Kiwi TCMS is an open source test management system. In versions of Kiwi TCMS prior to 12.2, users were able to update their email addresses via the `My profile` admin page.… |
| CVE-2022-1230 | LOW | Patched | 3.9 | 2023-03-28 | This vulnerability allows local attackers to execute arbitrary code on affected installations of Samsung Galaxy S21 prior to 4.5.40.5 phones. An attacker must first obtain … |
| CVE-2023-22591 | LOW | Patched | 3.9 | 2023-03-15 | IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being inv… |
| CVE-2023-23939 | LOW | Patched | 3.9 | 2023-03-06 | Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vulnerability only impacts versions before version 3. An insecure temporary creation of a file allows ot… |
| CVE-2023-0808 | LOW | 3.9 | 2023-02-13 | A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471. It has been rated as problematic. This issue affects some unknown processin… | |
| CVE-2022-34376 | LOW | Patched | 3.9 | 2023-02-10 | Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnera… |
| CVE-2022-3083 | LOW | 3.9 | 2023-02-01 | All versions of Landis+Gyr E850 (ZMQ200) are vulnerable to CWE-784: Reliance on Cookies Without Validation and Integrity. The device's web application navigation depends on… | |
| CVE-2022-22732 | LOW | Patched | 3.9 | 2023-01-30 | A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) supplied by the server when an attac… |
| CVE-2022-46827 | LOW | Patched | 3.9 | 2022-12-08 | In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible. |
| CVE-2022-39910 | LOW | Patched | 3.9 | 2022-12-08 | Improper access control vulnerability in Samsung Pass prior to version 4.0.06.7 allow physical attackers to access data of Samsung Pass on a certain state of an unlocked de… |