Search
14,625 CVEs · Low severity
EOL hidden · Show all products
CVEs (14,625, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 101–125 of 14,625 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↓ | Description |
|---|---|---|---|---|---|
| CVE-2026-49370 | LOW | Patched | 3.4 | 2026-05-29 | In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests |
| CVE-2026-49318 | LOW | 2.4 | 2026-05-29 | Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to byp… | |
| CVE-2026-49317 | LOW | 2.4 | 2026-05-29 | Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to byp… | |
| CVE-2026-40528 | LOW | Patched | 3.8 | 2026-05-29 | OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the do_key_value() function in src/pkcs15init/profile.c that allows… |
| CVE-2026-40510 | LOW | Patched | 3.8 | 2026-05-29 | OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in piv_process_history() in src/libopensc/card-piv.c that allows physicall… |
| CVE-2026-10078 | LOW | 2.7 | 2026-05-29 | A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically client_id and client_secret, to be transmit… | |
| CVE-2026-9991 | LOW | Patched | 3.1 | 2026-05-28 | Inappropriate implementation in Media in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-o… |
| CVE-2026-9959 | LOW | Patched | 3.1 | 2026-05-28 | Race in WebRTC in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) |
| CVE-2026-9950 | LOW | Patched | 3.1 | 2026-05-28 | Insufficient validation of untrusted input in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypa… |
| CVE-2026-9944 | LOW | Patched | 3.1 | 2026-05-28 | Uninitialized Use in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a craft… |
| CVE-2026-9920 | LOW | Patched | 3.1 | 2026-05-28 | Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data vi… |
| CVE-2026-6816 | LOW | Patched | 3.8 | 2026-05-28 | An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issu… |
| CVE-2026-10011 | LOW | Patched | 3.1 | 2026-05-28 | Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data v… |
| CVE-2026-47713 | LOW | Patched | 2.0 | 2026-05-28 | AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, an approved mobile device token… |
| CVE-2026-45403 | LOW | Patched | 2.0 | 2026-05-28 | AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesyste… |
| CVE-2026-47337 | LOW | 3.3 | 2026-05-28 | Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AF_INET/AF_INET6 socket mediation. The bug can be triggered… | |
| CVE-2026-47336 | LOW | 3.3 | 2026-05-28 | Ubuntu Linux 6.8 contains SAUCE patches with a possible use of an uninitialized variable in AppArmor AF_INET/AF_INET6 socket mediation code. The bug can be triggered by an … | |
| CVE-2026-47330 | LOW | 3.3 | 2026-05-28 | Ubuntu Linux 6.8, 7.17 and 7.0 contain AppArmor SAUCE patches which can, under certain circumstances, use an uninitialized variable in notification handling code. The bug c… | |
| CVE-2026-47329 | LOW | 3.3 | 2026-05-28 | Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor notification responses. The bug can be triggered by a… | |
| CVE-2026-47327 | LOW | 3.3 | 2026-05-28 | Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unpr… | |
| CVE-2026-45076 | LOW | Patched | 2.7 | 2026-05-28 | Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Sy… |
| CVE-2026-48524 | LOW | Patched | 3.7 | 2026-05-28 | PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.get_signing_key() forces a fresh HTTP request to the JWKS endpoint for every JWT with an un… |
| CVE-2026-48156 | LOW | Patched | 3.3 | 2026-05-28 | pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This require… |
| CVE-2026-49009 | LOW | Patched | 3.1 | 2026-05-27 | Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal. |
| CVE-2026-33552 | LOW | Patched | 3.7 | 2026-05-27 | Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control. |