Search
810 CVEs · Low severity
CVEs (810, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 1–25 of 810 (capped at 500)
| CVE ID ↑ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2023-7340 | LOW | Patched | 3.5 | 2026-03-27 | Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attac… |
| CVE-2024-42206 | LOW | 3.1 | 2026-06-02 | HCL iReflection Third party vulnerable and outdated components issue was detected in the web application | |
| CVE-2024-47267 | LOW | Patched | 2.7 | 2026-05-27 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-1… |
| CVE-2024-47270 | LOW | Patched | 2.7 | 2026-05-27 | Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenti… |
| CVE-2024-47272 | LOW | Patched | 2.7 | 2026-05-27 | Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with a… |
| CVE-2024-7083 | LOW | Patched | 3.5 | 2026-04-20 | The Email Encoder WordPress plugin before 2.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored C… |
| CVE-2024-8010 | LOW | 3.5 | 2026-04-16 | The component accepts XML input through the publisher without disabling external entity resolution. This allows malicious actors to submit a crafted XML payload that exploi… | |
| CVE-2025-12656 | LOW | 3.8 | 2026-06-06 | The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in t… | |
| CVE-2025-12697 | LOW | Patched | 2.2 | 2026-03-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authent… |
| CVE-2025-12704 | LOW | Patched | 3.5 | 2026-03-11 | GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authentica… |
| CVE-2025-13459 | LOW | Patched | 2.7 | 2026-03-16 | IBM Aspera Console 3.3.0 through 3.4.8 could allow a privileged user to cause a denial of service due to improper enforcement of behavioral workflow. |
| CVE-2025-13718 | LOW | Patched | 3.7 | 2026-03-13 | IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information in cleartext in a … |
| CVE-2025-14808 | LOW | Patched | 3.1 | 2026-03-25 | IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a… |
| CVE-2025-14811 | LOW | Patched | 3.1 | 2026-03-13 | IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive information from the query string of… |
| CVE-2025-15632 | LOW | 3.5 | 2026-04-13 | A vulnerability has been found in 1Panel-dev MaxKB up to 2.4.2. Impacted is an unknown function of the file ui/src/chat.ts of the component MdPreview. Such manipulation lea… | |
| CVE-2025-26474 | LOW | 3.3 | 2026-03-16 | in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information improper input. This vulnerability can be exploited only in restricted scenarios. | |
| CVE-2025-31957 | LOW | 2.6 | 2026-05-06 | HHCL BigFix Service Management (SM) is affected by a Cross‑Site Request Forgery (CSRF) vulnerability. This could lead to unauthorized changes or exposure of sensitive data. | |
| CVE-2025-31958 | LOW | 3.7 | 2026-04-21 | HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers … | |
| CVE-2025-31959 | LOW | 3.5 | 2026-05-06 | HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sensitive locatio… | |
| CVE-2025-31966 | LOW | Patched | 2.7 | 2026-03-17 | HCL Sametime is vulnerable to broken server-side validation. While the application performs client-side input checks, these are not enforced by the web server. An attacker … |
| CVE-2025-31974 | LOW | 3.9 | 2026-05-06 | HCL BigFix Service Management (SM) is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow unintended modificati… | |
| CVE-2025-31975 | LOW | 2.6 | 2026-05-06 | HCL BigFix Service Management (SM) is affected by an Information Disclosure – Server Banner issue was identified. Exposed server banners may reveal software versions and sy… | |
| CVE-2025-31982 | LOW | 3.7 | 2026-05-06 | HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of informatio… | |
| CVE-2025-31983 | LOW | 3.7 | 2026-05-06 | HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header. This could allow attackers to inject malicious scripts incre… | |
| CVE-2025-31984 | LOW | 3.7 | 2026-05-06 | HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to pe… |