Search
14,630 CVEs · Low severity
EOL hidden · Show all products
CVEs (14,630, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 201–225 of 14,630 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↓ | Description |
|---|---|---|---|---|---|
| CVE-2026-8770 | LOW | Patched | 3.3 | 2026-05-18 | A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON… |
| CVE-2026-8741 | LOW | Patched | 3.1 | 2026-05-17 | A vulnerability has been found in EMQX up to 6.2.0. This affects an unknown function of the file apps/emqx/src/emqx_persistent_session_ds.erl of the component QoS 2 PUBLISH… |
| CVE-2026-45316 | LOW | Patched | 3.5 | 2026-05-15 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the POST /api/v1/notes/{id}/pin endpoint performs a write… |
| CVE-2026-4053 | LOW | Patched | 3.1 | 2026-05-15 | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to enforce the PostEditTimeLimit on non-message post fields which allows an authenticated user to modify post… |
| CVE-2026-45803 | LOW | Patched | 3.5 | 2026-05-15 | `gh` is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequen… |
| CVE-2026-46483 | LOW | Patched | 3.6 | 2026-05-15 | Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in runtime/autoload/tar.vim when decompressin… |
| CVE-2026-41963 | LOW | 2.8 | 2026-05-15 | Stack overflow vulnerability in the media platform. Impact: Successful exploitation of this vulnerability may affect availability. | |
| CVE-2026-41962 | LOW | 3.6 | 2026-05-15 | Permission control vulnerability in the app management and control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |
| CVE-2026-45781 | LOW | Patched | 3.5 | 2026-05-14 | The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.9, OCI ownership validation skips label-match check when u… |
| CVE-2026-8579 | LOW | Patched | 3.1 | 2026-05-14 | Insufficient validation of untrusted input in Skia in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an… |
| CVE-2026-8578 | LOW | Patched | 3.1 | 2026-05-14 | Out of bounds read in GPU in Google Chrome on Linux prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via… |
| CVE-2026-8572 | LOW | Patched | 3.1 | 2026-05-14 | Insufficient policy enforcement in Network in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cr… |
| CVE-2026-8568 | LOW | Patched | 3.1 | 2026-05-14 | Insufficient policy enforcement in AI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass Site Isolation v… |
| CVE-2026-8556 | LOW | Patched | 3.1 | 2026-05-14 | Inappropriate implementation in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-o… |
| CVE-2026-8554 | LOW | Patched | 3.1 | 2026-05-14 | Type Confusion in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds m… |
| CVE-2026-8553 | LOW | Patched | 3.1 | 2026-05-14 | Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write v… |
| CVE-2026-8545 | LOW | Patched | 3.1 | 2026-05-14 | Object corruption in Compositing in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a… |
| CVE-2026-8536 | LOW | Patched | 3.1 | 2026-05-14 | Insufficient validation of untrusted input in ReadingMode in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process… |
| CVE-2026-44638 | LOW | Patched | 2.5 | 2026-05-14 | libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixel_decode_raw and sixel_… |
| CVE-2026-44589 | LOW | Patched | 3.7 | 2026-05-14 | Nuxt OG Image generates OG Images with Vue templates in Nuxt. The isBlockedUrl() denylist introduced in nuxt-og-image@6.2.5 to remediate GHSA-pqhr-mp3f-hrpp (Dmitry Prokhor… |
| CVE-2026-27680 | LOW | 3.1 | 2026-05-14 | Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets (CSS) data into a … | |
| CVE-2026-6923 | LOW | 3.8 | 2026-05-14 | A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman (ECDH) key. | |
| CVE-2026-44348 | LOW | Patched | 2.5 | 2026-05-14 | PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in compute_hash_to_sign() in src/podofo/private/OpenSSLInternal_R… |
| CVE-2025-62317 | LOW | 2.6 | 2026-05-14 | HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history,… | |
| CVE-2025-62316 | LOW | 2.3 | 2026-05-14 | HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiven… |