Search
14,631 CVEs · Low severity
CVEs (14,631, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 101–125 of 14,631 (capped at 500)
| CVE ID | Severity ↑ | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-45613 | LOW | 3.3 | 2026-05-29 | Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by c… | |
| CVE-2026-45324 | LOW | 3.3 | 2026-05-29 | Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a double free in librz/core/cmd/cmd_search.c:byte_pattern_search() due wrong pointer o… | |
| CVE-2026-49381 | LOW | Patched | 3.4 | 2026-05-29 | In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible |
| CVE-2026-49383 | LOW | Patched | 3.3 | 2026-05-29 | In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible |
| CVE-2026-49380 | LOW | Patched | 3.1 | 2026-05-29 | In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible |
| CVE-2026-49370 | LOW | Patched | 3.4 | 2026-05-29 | In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests |
| CVE-2026-49317 | LOW | 2.4 | 2026-05-29 | Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to byp… | |
| CVE-2026-49318 | LOW | 2.4 | 2026-05-29 | Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to byp… | |
| CVE-2026-40510 | LOW | Patched | 3.8 | 2026-05-29 | OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in piv_process_history() in src/libopensc/card-piv.c that allows physicall… |
| CVE-2026-40528 | LOW | Patched | 3.8 | 2026-05-29 | OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the do_key_value() function in src/pkcs15init/profile.c that allows… |
| CVE-2026-10078 | LOW | 2.7 | 2026-05-29 | A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically client_id and client_secret, to be transmit… | |
| CVE-2026-9991 | LOW | Patched | 3.1 | 2026-05-28 | Inappropriate implementation in Media in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-o… |
| CVE-2026-9959 | LOW | Patched | 3.1 | 2026-05-28 | Race in WebRTC in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) |
| CVE-2026-9950 | LOW | Patched | 3.1 | 2026-05-28 | Insufficient validation of untrusted input in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypa… |
| CVE-2026-9944 | LOW | Patched | 3.1 | 2026-05-28 | Uninitialized Use in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a craft… |
| CVE-2026-9920 | LOW | Patched | 3.1 | 2026-05-28 | Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data vi… |
| CVE-2026-6816 | LOW | Patched | 3.8 | 2026-05-28 | An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issu… |
| CVE-2026-10011 | LOW | Patched | 3.1 | 2026-05-28 | Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data v… |
| CVE-2026-47713 | LOW | Patched | 2.0 | 2026-05-28 | AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, an approved mobile device token… |
| CVE-2026-45403 | LOW | Patched | 2.0 | 2026-05-28 | AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesyste… |
| CVE-2026-47336 | LOW | 3.3 | 2026-05-28 | Ubuntu Linux 6.8 contains SAUCE patches with a possible use of an uninitialized variable in AppArmor AF_INET/AF_INET6 socket mediation code. The bug can be triggered by an … | |
| CVE-2026-47337 | LOW | 3.3 | 2026-05-28 | Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AF_INET/AF_INET6 socket mediation. The bug can be triggered… | |
| CVE-2026-47329 | LOW | 3.3 | 2026-05-28 | Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor notification responses. The bug can be triggered by a… | |
| CVE-2026-47330 | LOW | 3.3 | 2026-05-28 | Ubuntu Linux 6.8, 7.17 and 7.0 contain AppArmor SAUCE patches which can, under certain circumstances, use an uninitialized variable in notification handling code. The bug c… | |
| CVE-2026-47327 | LOW | 3.3 | 2026-05-28 | Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unpr… |