Search
273 CVEs · Low severity
CVEs (273)
Showing 1–25 of 273
| CVE ID ↑ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2024-42206 | LOW | 3.1 | 2026-06-02 | HCL iReflection Third party vulnerable and outdated components issue was detected in the web application | |
| CVE-2024-47267 | LOW | Patched | 2.7 | 2026-05-27 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-1… |
| CVE-2024-47270 | LOW | Patched | 2.7 | 2026-05-27 | Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenti… |
| CVE-2024-47272 | LOW | Patched | 2.7 | 2026-05-27 | Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with a… |
| CVE-2025-12656 | LOW | 3.8 | 2026-06-06 | The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in t… | |
| CVE-2025-31985 | LOW | 3.7 | 2026-05-20 | HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to pe… | |
| CVE-2025-48616 | LOW | 3.3 | 2026-06-01 | In multiple functions of KeyguardViewMediator.java , there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead t… | |
| CVE-2025-52608 | LOW | 3.1 | 2026-06-04 | HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure … | |
| CVE-2025-52609 | LOW | 3.7 | 2026-06-04 | HCL iControl was affected by Missing Security Headers vulnerability. which lead to cross-site scripting (XSS) attacks by enabling the built-in XSS filtering mechanisms of m… | |
| CVE-2025-52611 | LOW | 3.1 | 2026-06-04 | HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability. The error occurs due to an undefined property being accessed in the applicat… | |
| CVE-2025-62309 | LOW | 2.6 | 2026-05-14 | HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may allow sensitive information to be stored in the brow… | |
| CVE-2025-62312 | LOW | 3.0 | 2026-05-14 | HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication. Use of basic authorization mechanisms may expose credentials to potent… | |
| CVE-2025-62316 | LOW | 2.3 | 2026-05-14 | HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiven… | |
| CVE-2025-62317 | LOW | 2.6 | 2026-05-14 | HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history,… | |
| CVE-2025-62338 | LOW | 3.3 | 2026-06-04 | HCL BigFix Cloud Lifecycle Management is affected by lack of input validation. This low-level flaw allows unauthorized access and may lead to information exposure. | |
| CVE-2025-68708 | LOW | 2.4 | 2026-05-26 | SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rath… | |
| CVE-2025-68710 | LOW | 2.4 | 2026-05-26 | Easyelife App lock (aka Fingerprint,Applock or locker.app.safe.applocker) 1.9.2 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is… | |
| CVE-2025-68711 | LOW | 2.4 | 2026-05-26 | AppLockZ App Lock and Fingerprint Lock (applock.passwordfingerprint.applockz) 4.2.11 for Android allows a local attacker with physical access to bypass the PIN lock. The lo… | |
| CVE-2026-0016 | LOW | 3.3 | 2026-06-01 | In updateProvidersWhenServiceRemoved of CredentialManagerService.java, there is a possible way to override settings across users due to a permissions bypass. This could lea… | |
| CVE-2026-0050 | LOW | 3.3 | 2026-06-01 | In handleBondStateChanged of AdapterService.java, there is a possible sensitive information disclosure due to a permissions bypass. This could lead to local information dis… | |
| CVE-2026-0056 | LOW | 3.3 | 2026-06-01 | In setTo of ResourceTypes.cpp, there is a possible read out of bounds due to an incorrect bounds check. This could lead to local information disclosure with no additional e… | |
| CVE-2026-10011 | LOW | Patched | 3.1 | 2026-05-28 | Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data v… |
| CVE-2026-10078 | LOW | 2.7 | 2026-05-29 | A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically client_id and client_secret, to be transmit… | |
| CVE-2026-10112 | LOW | 2.4 | 2026-05-30 | A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. Affected is an unknown function of the component Dashboard Page. The manipulation of the argument… | |
| CVE-2026-10169 | LOW | 3.7 | 2026-05-31 | A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is … |