Search
14,631 CVEs · Low severity
CVEs (14,631, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 176–200 of 14,631 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2017-5685 | LOW | 3.9 | 2017-04-03 | The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version KY0045 may allow may allow an attacker with physical access to the system to gain acce… | |
| CVE-2017-5686 | LOW | Patched | 3.9 | 2017-04-03 | The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version SY0059 may allow may allow an attacker with physical access to the system to gain acce… |
| CVE-2025-12656 | LOW | 3.8 | 2026-06-06 | The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in t… | |
| CVE-2026-45683 | LOW | Patched | 3.8 | 2026-06-02 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Java TLS ioctl probe reads user-controlled… |
| CVE-2026-10299 | LOW | 3.8 | 2026-06-01 | A weakness has been identified in code-projects Online Hospital Management System 1.0. This issue affects some unknown processing of the file viewdoctortimings.php. This ma… | |
| CVE-2026-40510 | LOW | Patched | 3.8 | 2026-05-29 | OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in piv_process_history() in src/libopensc/card-piv.c that allows physicall… |
| CVE-2026-40528 | LOW | Patched | 3.8 | 2026-05-29 | OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the do_key_value() function in src/pkcs15init/profile.c that allows… |
| CVE-2026-6816 | LOW | Patched | 3.8 | 2026-05-28 | An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issu… |
| CVE-2026-44410 | LOW | 3.8 | 2026-05-26 | This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's ex… | |
| CVE-2026-3495 | LOW | Patched | 3.8 | 2026-05-18 | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an a… |
| CVE-2026-6923 | LOW | 3.8 | 2026-05-14 | A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman (ECDH) key. | |
| CVE-2026-33585 | LOW | Patched | 3.8 | 2026-05-13 | Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an… |
| CVE-2026-44459 | LOW | Patched | 3.8 | 2026-05-13 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, improper validation of the JWT NumericDate claims exp, nbf, and iat … |
| CVE-2026-34094 | LOW | Patched | 3.8 | 2026-05-11 | Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from * be… |
| CVE-2026-44987 | LOW | Patched | 3.8 | 2026-05-08 | SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Su… |
| CVE-2026-31051 | LOW | 3.8 | 2026-04-24 | An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of service via the Client Balance component | |
| CVE-2026-22014 | LOW | 3.8 | 2026-04-21 | Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Workflow and Business Events). Supported versions that are affected are 12.2.7-1… | |
| CVE-2026-3470 | LOW | Patched | 3.8 | 2026-03-31 | A vulnerability exists in the SonicWall Email Security appliance due to improper input sanitization that may lead to data corruption, allowing a remote authenticated attack… |
| CVE-2025-66215 | LOW | Patched | 3.8 | 2026-03-30 | OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a… |
| CVE-2025-49010 | LOW | Patched | 3.8 | 2026-03-30 | OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a… |
| CVE-2026-2290 | LOW | 3.8 | 2026-03-21 | The Post Affiliate Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.28.0. This makes it possible for authentica… | |
| CVE-2026-26230 | LOW | Patched | 3.8 | 2026-03-16 | Mattermost versions 10.11.x <= 10.11.10 fail to properly validate permission requirements in the team member roles API endpoint which allows team administrators to demote m… |
| CVE-2026-4222 | LOW | 3.8 | 2026-03-16 | A vulnerability was determined in SSCMS up to 7.4.0. This vulnerability affects the function PathUtils.RemoveParentPath of the file /api/admin/plugins/install/actions/downl… | |
| CVE-2026-32715 | LOW | Patched | 3.8 | 2026-03-16 | AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-pr… |
| CVE-2026-0849 | LOW | 3.8 | 2026-03-16 | Malformed ATAES132A responses with an oversized length field overflow a 52-byte stack buffer in the Zephyr crypto driver, allowing a compromised device or bus attacker to c… |