Search
810 CVEs · Low severity
CVEs (810, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 1–25 of 810 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↑ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-30904 | LOW | Patched | 1.8 | 2026-05-13 | Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access. |
| CVE-2025-52649 | LOW | Patched | 1.8 | 2026-03-16 | HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature. Predictable identifiers may allow an attacker to infer or guess system-gener… |
| CVE-2025-52636 | LOW | Patched | 1.8 | 2026-03-16 | HCL AION is affected by a vulnerability related to the handling of upload size limits. Improper control or validation of upload sizes may allow excessive resource consumpti… |
| CVE-2026-34850 | LOW | 1.9 | 2026-04-13 | Race condition vulnerability in the notification service. Impact: Successful exploitation of this vulnerability may affect availability. | |
| CVE-2025-52645 | LOW | Patched | 1.9 | 2026-03-16 | HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibili… |
| CVE-2026-47713 | LOW | Patched | 2.0 | 2026-05-28 | AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, an approved mobile device token… |
| CVE-2026-45403 | LOW | Patched | 2.0 | 2026-05-28 | AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesyste… |
| CVE-2026-27675 | LOW | 2.0 | 2026-04-14 | SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and opera… | |
| CVE-2026-27949 | LOW | Patched | 2.0 | 2026-04-07 | Plane is an an open-source project management tool. Prior to 1.3.0, a vulnerability was identified in Plane's authentication flow where a user's email address is included a… |
| CVE-2026-33674 | LOW | Patched | 2.0 | 2026-03-26 | PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. … |
| CVE-2026-33550 | LOW | Patched | 2.0 | 2026-03-22 | SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length (only 12 digits instead of the 20 recommended). |
| CVE-2026-4359 | LOW | Patched | 2.0 | 2026-03-17 | A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver. |
| CVE-2026-50266 | LOW | Patched | 2.2 | 2026-06-04 | In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set device_owner to a value that has "net… |
| CVE-2026-45182 | LOW | Patched | 2.2 | 2026-05-09 | GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because a… |
| CVE-2026-41321 | LOW | Patched | 2.2 | 2026-04-24 | @astrojs/cloudflare is an SSR adapter for use with Cloudflare Workers targets. Prior to 13.1.10, the fetch() call for remote images in packages/integrations/cloudflare/src/… |
| CVE-2026-34851 | LOW | 2.2 | 2026-04-13 | Race condition vulnerability in the event notification module. Impact: Successful exploitation of this vulnerability may affect availability. | |
| CVE-2026-5381 | LOW | Patched | 2.2 | 2026-04-07 | An issue that could expose task information outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has… |
| CVE-2026-3109 | LOW | Patched | 2.2 | 2026-03-26 | Mattermost Plugins versions <=11.4 10.11.11.0 fail to validate webhook request timestamps which allows an attacker to corrupt Zoom meeting state in Mattermost via replayed … |
| CVE-2026-30888 | LOW | Patched | 2.2 | 2026-03-20 | Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allow a moderator to edit site policy documents (ToS, guideline… |
| CVE-2026-33408 | LOW | Patched | 2.2 | 2026-03-19 | Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, moderators were able to see the first 40 characters of post ed… |
| CVE-2025-52646 | LOW | Patched | 2.2 | 2026-03-16 | HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions o… |
| CVE-2025-12697 | LOW | Patched | 2.2 | 2026-03-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authent… |
| CVE-2025-62316 | LOW | 2.3 | 2026-05-14 | HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiven… | |
| CVE-2026-44278 | LOW | Patched | 2.3 | 2026-05-12 | A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions may allow attacker to informatio… |
| CVE-2026-35250 | LOW | 2.3 | 2026-04-21 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerab… |