Search
14,631 CVEs · Low severity
CVEs (14,631, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 126–150 of 14,631 (capped at 500)
| CVE ID | Severity ↑ | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-45076 | LOW | Patched | 2.7 | 2026-05-28 | Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Sy… |
| CVE-2026-48156 | LOW | Patched | 3.3 | 2026-05-28 | pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This require… |
| CVE-2026-48524 | LOW | Patched | 3.7 | 2026-05-28 | PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.get_signing_key() forces a fresh HTTP request to the JWKS endpoint for every JWT with an un… |
| CVE-2026-49009 | LOW | Patched | 3.1 | 2026-05-27 | Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal. |
| CVE-2026-33552 | LOW | Patched | 3.7 | 2026-05-27 | Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control. |
| CVE-2026-44474 | LOW | Patched | 3.7 | 2026-05-27 | Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core didn't enforce security rules on concurrent running of security procedures defined in TS 33… |
| CVE-2026-42082 | LOW | Patched | 3.7 | 2026-05-27 | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not enforce the concurrent security procedure rules defined in 3GPP… |
| CVE-2026-42791 | LOW | Patched | 3.7 | 2026-05-27 | Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an expired responder certificate to be … |
| CVE-2024-47272 | LOW | Patched | 2.7 | 2026-05-27 | Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with a… |
| CVE-2024-47267 | LOW | Patched | 2.7 | 2026-05-27 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-1… |
| CVE-2024-47270 | LOW | Patched | 2.7 | 2026-05-27 | Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenti… |
| CVE-2026-9608 | LOW | 2.4 | 2026-05-27 | A vulnerability was determined in QianFox FoxCMS up to 1.2.6. The impacted element is an unknown function of the file /Tag/edit of the component Administrator Backend. Exec… | |
| CVE-2025-68711 | LOW | 2.4 | 2026-05-26 | AppLockZ App Lock and Fingerprint Lock (applock.passwordfingerprint.applockz) 4.2.11 for Android allows a local attacker with physical access to bypass the PIN lock. The lo… | |
| CVE-2025-68708 | LOW | 2.4 | 2026-05-26 | SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rath… | |
| CVE-2025-68710 | LOW | 2.4 | 2026-05-26 | Easyelife App lock (aka Fingerprint,Applock or locker.app.safe.applocker) 1.9.2 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is… | |
| CVE-2026-9572 | LOW | Patched | 3.3 | 2026-05-26 | A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function Media_GetSample of the file src/isomedia/media.c of the component MP4… |
| CVE-2026-9567 | LOW | 3.3 | 2026-05-26 | A security flaw has been discovered in GPAC up to 2.4.0. Affected is the function MergeFragment of the file src/isomedia/isom_intern.c of the component MP4Box. The manipula… | |
| CVE-2026-42448 | LOW | Patched | 3.5 | 2026-05-26 | Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. Prior to 0.24.0, there is a path traversal when a receiver who s… |
| CVE-2026-9564 | LOW | 2.4 | 2026-05-26 | A vulnerability was found in SourceCodester/oretnom23 Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /admin/?page=… | |
| CVE-2026-47715 | LOW | Patched | 3.1 | 2026-05-26 | Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink issue event pages accept a direct event identifier from the URL and, in affected versions, look up tha… |
| CVE-2026-47716 | LOW | Patched | 3.1 | 2026-05-26 | Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, In affected versions, the issue list view authorizes access through the project in the URL, but applies the re… |
| CVE-2026-44410 | LOW | 3.8 | 2026-05-26 | This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's ex… | |
| CVE-2026-9529 | LOW | 3.3 | 2026-05-26 | A security flaw has been discovered in GNU LibreDWG up to 0.14. The affected element is the function match_BLOCK_HEADER of the file dwggrep.c of the component Dwggrep Utili… | |
| CVE-2026-9530 | LOW | 3.3 | 2026-05-26 | A weakness has been identified in GNU LibreDWG up to 0.14. The impacted element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgbm… | |
| CVE-2026-9504 | LOW | 3.3 | 2026-05-25 | A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bit_convert_TU of the file programs/dwggrep.c of the component Dwggrep Utility. This man… |