Search
14,631 CVEs · Low severity
CVEs (14,631, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 201–225 of 14,631 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-4044 | LOW | 3.8 | 2026-03-12 | A vulnerability was detected in projectsend up to r1945. This affects the function realpath of the file /import-orphans.php of the component Delete Handler. Performing a ma… | |
| CVE-2026-27150 | LOW | Patched | 3.8 | 2026-02-26 | Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, missing `validate_before_create` authorization in Data Explorer's `Que… |
| CVE-2026-27152 | LOW | Patched | 3.8 | 2026-02-26 | Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, DM communication-preference bypass when adding members via `Chat::AddU… |
| CVE-2025-67860 | LOW | 3.8 | 2026-02-25 | A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially ex… | |
| CVE-2025-15589 | LOW | 3.8 | 2026-02-24 | A vulnerability was determined in MuYuCMS 2.7. Affected is the function delete_dir_file of the file application/admin/controller/Template.php of the component Template Mana… | |
| CVE-2026-25423 | LOW | 3.8 | 2026-02-19 | Missing Authorization vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Exploiting Incorrectly Configured Access Control Security Level… | |
| CVE-2026-2733 | LOW | 3.8 | 2026-02-19 | A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively… | |
| CVE-2025-36183 | LOW | Patched | 3.8 | 2026-02-17 | IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data. |
| CVE-2025-14573 | LOW | Patched | 3.8 | 2026-02-16 | Mattermost versions 10.11.x <= 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass… |
| CVE-2025-22873 | LOW | Patched | 3.8 | 2026-02-04 | It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open("../") would open the parent directory… |
| CVE-2026-22411 | LOW | 3.8 | 2026-01-22 | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Dolcino dolcino allows Exploiting Incorrectly Configured Access Control Security Levels.This… | |
| CVE-2026-22404 | LOW | 3.8 | 2026-01-22 | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Innovio innovio allows Exploiting Incorrectly Configured Access Control Security Levels.This… | |
| CVE-2026-22406 | LOW | 3.8 | 2026-01-22 | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Overton overton allows Exploiting Incorrectly Configured Access Control Security Levels.This… | |
| CVE-2026-22407 | LOW | 3.8 | 2026-01-22 | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Roam roam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue… | |
| CVE-2026-22409 | LOW | 3.8 | 2026-01-22 | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Justicia justicia allows Exploiting Incorrectly Configured Access Control Security Levels.Th… | |
| CVE-2025-47555 | LOW | 3.8 | 2026-01-22 | Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue… | |
| CVE-2026-22919 | LOW | Patched | 3.8 | 2026-01-15 | An attacker with administrative access may inject malicious content into the login page, potentially enabling cross-site scripting (XSS) attacks, leading to the extraction … |
| CVE-2025-67685 | LOW | Patched | 3.8 | 2026-01-13 | A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox 4.4 all versions, FortiSandbox 4.2 all… |
| CVE-2026-0504 | LOW | 3.8 | 2026-01-13 | Due to insufficient input handling, the SAP Identity Management REST interface allows an authenticated administrator to submit specially crafted malicious REST requests tha… | |
| CVE-2025-69015 | LOW | 3.8 | 2025-12-30 | Missing Authorization vulnerability in Automattic Crowdsignal Forms crowdsignal-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue aff… | |
| CVE-2025-15187 | LOW | Patched | 3.8 | 2025-12-29 | A vulnerability was found in GreenCMS up to 2.3. This affects an unknown part of the file /DataController.class.php of the component File Handler. Performing a manipulation… |
| CVE-2025-36228 | LOW | Patched | 3.8 | 2025-12-26 | IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disa… |
| CVE-2025-67742 | LOW | Patched | 3.8 | 2025-12-11 | In JetBrains TeamCity before 2025.11 path traversal was possible via file upload |
| CVE-2025-54560 | LOW | Patched | 3.8 | 2025-11-14 | A Server-side Request Forgery vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Probing of internal infr… |
| CVE-2025-64170 | LOW | 3.8 | 2025-11-12 | sudo-rs is a memory safe implementation of sudo and su written in Rust. Starting in version 0.2.7 and prior to version 0.2.10, if a user begins entering a password but does… |