Search
14,626 CVEs · Low severity
CVEs (14,626, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 176–200 of 14,626 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↓ | Description |
|---|---|---|---|---|---|
| CVE-2026-44069 | LOW | 3.9 | 2026-05-21 | An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or cause a … | |
| CVE-2026-47782 | LOW | 3.3 | 2026-05-20 | Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a … | |
| CVE-2025-31985 | LOW | 3.7 | 2026-05-20 | HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to pe… | |
| CVE-2026-45232 | LOW | Patched | 3.1 | 2026-05-20 | Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in socket.c that allows network attac… |
| CVE-2026-8492 | LOW | Patched | 2.7 | 2026-05-19 | Modification of Assumed-Immutable Data (MAID) vulnerability in Drupal Translate Drupal with GTranslate allows Resource Location Spoofing. This issue affects Translate Drup… |
| CVE-2026-8491 | LOW | Patched | 3.7 | 2026-05-19 | Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Node View Permissions allows Forceful Browsing. This issue affects Node View Permissions: from… |
| CVE-2026-5511 | LOW | Patched | 2.7 | 2026-05-19 | In the web management interface of Archer AX72 (SG) v1, the network diagnostic feature improperly handles invalid user input, resulting in limited exposure of diagnostic co… |
| CVE-2026-33565 | LOW | 3.3 | 2026-05-19 | in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS. | |
| CVE-2026-28751 | LOW | 3.3 | 2026-05-19 | in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS. | |
| CVE-2026-27781 | LOW | 3.3 | 2026-05-19 | in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS. | |
| CVE-2026-25110 | LOW | 3.3 | 2026-05-19 | in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS. | |
| CVE-2026-27964 | LOW | Patched | 3.9 | 2026-05-18 | FacturaScripts is an open source accounting and invoicing software. Versions 2025.7 and prior contain a Reflected Cross-Site Scripting (XSS) vulnerability through the fsNic… |
| CVE-2026-47091 | LOW | Patched | 3.3 | 2026-05-18 | Claude HUD through 0.0.12, patched in commit 234d9aa, contains a path traversal vulnerability that allows attackers to read arbitrary files by supplying an unvalidated tran… |
| CVE-2026-8803 | LOW | 3.7 | 2026-05-18 | A flaw has been found in opensourcepos Open Source Point of Sale up to 3.4.2. Impacted is the function Login of the file app/Models/Employee.php of the component Employee L… | |
| CVE-2026-6333 | LOW | Patched | 3.5 | 2026-05-18 | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to validate the Host header when constructing response URLs for custom slash commands which allows an authent… |
| CVE-2026-4643 | LOW | Patched | 3.5 | 2026-05-18 | Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which… |
| CVE-2026-4286 | LOW | Patched | 3.1 | 2026-05-18 | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to check if {{team_id}} was being changed when updating playbooks, allowing users with only {{Manage Playbook… |
| CVE-2026-6334 | LOW | Patched | 3.1 | 2026-05-18 | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to enforce client identity binding during the OAuth authorization code redemption flow which allows an authen… |
| CVE-2026-4273 | LOW | Patched | 3.7 | 2026-05-18 | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to validate that the RefreshedToken differs from the original invite token during remote cluster invite confi… |
| CVE-2026-3495 | LOW | Patched | 3.8 | 2026-05-18 | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an a… |
| CVE-2026-8770 | LOW | Patched | 3.3 | 2026-05-18 | A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON… |
| CVE-2026-8741 | LOW | Patched | 3.1 | 2026-05-17 | A vulnerability has been found in EMQX up to 6.2.0. This affects an unknown function of the file apps/emqx/src/emqx_persistent_session_ds.erl of the component QoS 2 PUBLISH… |
| CVE-2026-45316 | LOW | Patched | 3.5 | 2026-05-15 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the POST /api/v1/notes/{id}/pin endpoint performs a write… |
| CVE-2026-4053 | LOW | Patched | 3.1 | 2026-05-15 | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to enforce the PostEditTimeLimit on non-message post fields which allows an authenticated user to modify post… |
| CVE-2026-45803 | LOW | Patched | 3.5 | 2026-05-15 | `gh` is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequen… |