Search
273 CVEs · Low severity
CVEs (273)
Showing 201–225 of 273
| CVE ID | Severity | Patch | CVSS | Published ↓ | Description |
|---|---|---|---|---|---|
| CVE-2026-46483 | LOW | Patched | 3.6 | 2026-05-15 | Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in runtime/autoload/tar.vim when decompressin… |
| CVE-2026-41963 | LOW | 2.8 | 2026-05-15 | Stack overflow vulnerability in the media platform. Impact: Successful exploitation of this vulnerability may affect availability. | |
| CVE-2026-41962 | LOW | 3.6 | 2026-05-15 | Permission control vulnerability in the app management and control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |
| CVE-2026-45781 | LOW | Patched | 3.5 | 2026-05-14 | The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.9, OCI ownership validation skips label-match check when u… |
| CVE-2026-8579 | LOW | Patched | 3.1 | 2026-05-14 | Insufficient validation of untrusted input in Skia in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an… |
| CVE-2026-8578 | LOW | Patched | 3.1 | 2026-05-14 | Out of bounds read in GPU in Google Chrome on Linux prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via… |
| CVE-2026-8572 | LOW | Patched | 3.1 | 2026-05-14 | Insufficient policy enforcement in Network in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cr… |
| CVE-2026-8568 | LOW | Patched | 3.1 | 2026-05-14 | Insufficient policy enforcement in AI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass Site Isolation v… |
| CVE-2026-8556 | LOW | Patched | 3.1 | 2026-05-14 | Inappropriate implementation in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-o… |
| CVE-2026-8554 | LOW | Patched | 3.1 | 2026-05-14 | Type Confusion in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds m… |
| CVE-2026-8553 | LOW | Patched | 3.1 | 2026-05-14 | Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write v… |
| CVE-2026-8545 | LOW | Patched | 3.1 | 2026-05-14 | Object corruption in Compositing in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a… |
| CVE-2026-8536 | LOW | Patched | 3.1 | 2026-05-14 | Insufficient validation of untrusted input in ReadingMode in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process… |
| CVE-2026-44638 | LOW | Patched | 2.5 | 2026-05-14 | libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixel_decode_raw and sixel_… |
| CVE-2026-44589 | LOW | Patched | 3.7 | 2026-05-14 | Nuxt OG Image generates OG Images with Vue templates in Nuxt. The isBlockedUrl() denylist introduced in nuxt-og-image@6.2.5 to remediate GHSA-pqhr-mp3f-hrpp (Dmitry Prokhor… |
| CVE-2026-27680 | LOW | 3.1 | 2026-05-14 | Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets (CSS) data into a … | |
| CVE-2026-6923 | LOW | 3.8 | 2026-05-14 | A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman (ECDH) key. | |
| CVE-2026-44348 | LOW | Patched | 2.5 | 2026-05-14 | PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in compute_hash_to_sign() in src/podofo/private/OpenSSLInternal_R… |
| CVE-2025-62317 | LOW | 2.6 | 2026-05-14 | HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history,… | |
| CVE-2025-62316 | LOW | 2.3 | 2026-05-14 | HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiven… | |
| CVE-2025-62312 | LOW | 3.0 | 2026-05-14 | HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication. Use of basic authorization mechanisms may expose credentials to potent… | |
| CVE-2025-62309 | LOW | 2.6 | 2026-05-14 | HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may allow sensitive information to be stored in the brow… | |
| CVE-2026-6638 | LOW | Patched | 3.7 | 2026-05-14 | SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription'… |
| CVE-2026-7471 | LOW | Patched | 3.5 | 2026-05-14 | GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authen… |
| CVE-2026-6883 | LOW | Patched | 2.6 | 2026-05-14 | GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authen… |