Search
14,625 CVEs · Low severity
EOL hidden · Show all products
CVEs (14,625, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 151–175 of 14,625 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↓ | Description |
|---|---|---|---|---|---|
| CVE-2026-9485 | LOW | 3.5 | 2026-05-25 | A vulnerability was identified in SourceCodester Student Grades Management System 1.0. Affected by this issue is some unknown functionality of the file students.php. The ma… | |
| CVE-2026-48847 | LOW | Patched | 3.7 | 2026-05-25 | Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass. |
| CVE-2026-9471 | LOW | 3.5 | 2026-05-25 | A vulnerability was detected in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file /student.php… | |
| CVE-2026-9414 | LOW | 3.5 | 2026-05-25 | A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/add_order.ph… | |
| CVE-2026-48832 | LOW | Patched | 3.5 | 2026-05-24 | action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability. |
| CVE-2026-9398 | LOW | 3.1 | 2026-05-24 | A security vulnerability has been detected in Besen BS20 EV Charging Station up to 20260426. This affects an unknown part of the component BLE/WiFi. Such manipulation leads… | |
| CVE-2026-9396 | LOW | 3.7 | 2026-05-24 | A security flaw has been discovered in Besen BS20 EV Charging Station up to 20260426. Affected by this vulnerability is an unknown functionality of the component Firmware V… | |
| CVE-2026-9395 | LOW | 3.5 | 2026-05-24 | A vulnerability was identified in Besen BS20 EV Charging Station up to 20260426. Affected is an unknown function of the component BLE/UDP. The manipulation leads to insuffi… | |
| CVE-2026-9394 | LOW | 3.1 | 2026-05-24 | A vulnerability was determined in Besen BS20 EV Charging Station up to 20260426. This impacts an unknown function of the component Bluetooth Low Energy Handler. Executing a… | |
| CVE-2026-9377 | LOW | 2.4 | 2026-05-24 | A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file /admin/productedit.php. The manipulation o… | |
| CVE-2026-9373 | LOW | 3.7 | 2026-05-24 | A vulnerability has been found in JeecgBoot 3.9.1. This issue affects some unknown processing of the file /openapi/call/ of the component OpenAPI Endpoint. Such manipulatio… | |
| CVE-2026-9370 | LOW | 3.7 | 2026-05-24 | A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file j… | |
| CVE-2026-9357 | LOW | 3.5 | 2026-05-24 | A vulnerability was found in vBulletin 6.x. This impacts an unknown function of the component Login. Performing a manipulation results in cross site scripting. It is possib… | |
| CVE-2026-9306 | LOW | 3.7 | 2026-05-23 | A security vulnerability has been detected in QuantumNous new-api up to 0.12.1. This affects the function RelayMidjourneyImage/GetByOnlyMJId of the file router/relay-router… | |
| CVE-2026-39824 | LOW | 3.3 | 2026-05-22 | NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString (a 16-bit number of bytes), i… | |
| CVE-2026-39967 | LOW | Patched | 3.1 | 2026-05-22 | TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the bot engine's the findResult query does not filter results by typebotId, allowing an authenticated user … |
| CVE-2026-7837 | LOW | 3.7 | 2026-05-21 | A time-of-check time-of-use (TOCTOU) condition in the ad_flush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file operations, which may allow a remote a… | |
| CVE-2026-44075 | LOW | 3.7 | 2026-05-21 | A missing break statement in DSI OpenSession processing in Netatalk 1.5.0 through 4.4.2 causes a DSIOPT_ATTNQUANT switch case to fall through into DSIOPT_SERVQUANT, resulti… | |
| CVE-2026-44074 | LOW | 3.7 | 2026-05-21 | Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which … | |
| CVE-2026-44071 | LOW | 3.7 | 2026-05-21 | Netatalk 3.1.2 through 4.4.2 is compiled without FORTIFY_SOURCE, which disables built-in buffer overflow detection at runtime, potentially allowing a remote attacker to cau… | |
| CVE-2026-44057 | LOW | 3.1 | 2026-05-21 | A dead bounds check in the Spotlight RPC unmarshaller in Netatalk 3.0.0 through 4.4.2 results in an unreachable code path that provides no effective bounds protection, whic… | |
| CVE-2026-7836 | LOW | 3.1 | 2026-05-21 | An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause … | |
| CVE-2026-7835 | LOW | 3.1 | 2026-05-21 | A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers … | |
| CVE-2026-44072 | LOW | 3.0 | 2026-05-21 | Netatalk 2.2.1 through 4.4.2 calls system() after a failed chdir() without properly handling the error condition, which allows a local privileged user to execute unintended… | |
| CVE-2026-44070 | LOW | 3.1 | 2026-05-21 | An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service vi… |