Search
273 CVEs · Low severity
CVEs (273)
Showing 1–25 of 273
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-30963 | LOW | Patched | 3.9 | 2026-06-01 | Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule … |
| CVE-2026-44069 | LOW | 3.9 | 2026-05-21 | An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or cause a … | |
| CVE-2026-27964 | LOW | Patched | 3.9 | 2026-05-18 | FacturaScripts is an open source accounting and invoicing software. Versions 2025.7 and prior contain a Reflected Cross-Site Scripting (XSS) vulnerability through the fsNic… |
| CVE-2025-12656 | LOW | 3.8 | 2026-06-06 | The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in t… | |
| CVE-2026-45683 | LOW | Patched | 3.8 | 2026-06-02 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Java TLS ioctl probe reads user-controlled… |
| CVE-2026-10299 | LOW | 3.8 | 2026-06-01 | A weakness has been identified in code-projects Online Hospital Management System 1.0. This issue affects some unknown processing of the file viewdoctortimings.php. This ma… | |
| CVE-2026-40510 | LOW | Patched | 3.8 | 2026-05-29 | OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in piv_process_history() in src/libopensc/card-piv.c that allows physicall… |
| CVE-2026-40528 | LOW | Patched | 3.8 | 2026-05-29 | OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the do_key_value() function in src/pkcs15init/profile.c that allows… |
| CVE-2026-6816 | LOW | Patched | 3.8 | 2026-05-28 | An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issu… |
| CVE-2026-44410 | LOW | 3.8 | 2026-05-26 | This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's ex… | |
| CVE-2026-3495 | LOW | Patched | 3.8 | 2026-05-18 | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an a… |
| CVE-2026-6923 | LOW | 3.8 | 2026-05-14 | A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman (ECDH) key. | |
| CVE-2026-33585 | LOW | Patched | 3.8 | 2026-05-13 | Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an… |
| CVE-2026-44459 | LOW | Patched | 3.8 | 2026-05-13 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, improper validation of the JWT NumericDate claims exp, nbf, and iat … |
| CVE-2026-34094 | LOW | Patched | 3.8 | 2026-05-11 | Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from * be… |
| CVE-2026-11555 | LOW | 3.7 | 2026-06-08 | A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file /etc/boa.conf of the component Web Interface. Such m… | |
| CVE-2025-52609 | LOW | 3.7 | 2026-06-04 | HCL iControl was affected by Missing Security Headers vulnerability. which lead to cross-site scripting (XSS) attacks by enabling the built-in XSS filtering mechanisms of m… | |
| CVE-2026-44546 | LOW | Patched | 3.7 | 2026-06-03 | daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, … |
| CVE-2026-24761 | LOW | Patched | 3.7 | 2026-06-01 | Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authent… |
| CVE-2026-10300 | LOW | 3.7 | 2026-06-01 | A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/lora_manager.py of the component Infer… | |
| CVE-2026-5419 | LOW | 3.7 | 2026-06-01 | A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentia… | |
| CVE-2026-10216 | LOW | 3.7 | 2026-06-01 | A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The affected element is an unknown function of the file server/src/routes/pairing.ts of the component clai… | |
| CVE-2026-10169 | LOW | 3.7 | 2026-05-31 | A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is … | |
| CVE-2026-48524 | LOW | Patched | 3.7 | 2026-05-28 | PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.get_signing_key() forces a fresh HTTP request to the JWKS endpoint for every JWT with an un… |
| CVE-2026-33552 | LOW | Patched | 3.7 | 2026-05-27 | Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control. |