Low-severity CVEs
9517 low-severity CVEs (2374 with public PoCs). Browse the most dangerous vulnerabilities.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-56377 | Low | 3.3 | 2026-06-30 | ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attack… |
CVE-2026-56369 | Low | 3.7 | 2026-06-30 | ImageMagick before 7.1.2-22 contains an information disclosure vulnerability in the PasskeyEncipherImage method due to AES-CTR nonce reuse. Attackers can explo… |
CVE-2026-56365 | Low | 3.7 | 2026-06-30 | ImageMagick before 7.1.2-19 contains a memory leak vulnerability in the PNG encoder when writing MNG images. Attackers can trigger the encoder failure conditio… |
CVE-2026-56364 | Low | 1.9 | 2026-06-30 | ImageMagick before 7.1.2-13 contains a memory leak vulnerability in LoadOpenCLDeviceBenchmark() function when parsing malformed OpenCL device profile XML files… |
CVE-2026-56363 | Low | 3.3 | 2026-06-30 | ImageMagick before 7.1.2-22 contains a division by zero vulnerability in binomial kernel processing that allows attackers to cause denial of service. An attack… |
CVE-2026-56361 | Low | 3.3 | 2026-06-30 | ImageMagick before 7.1.2-19 contains an off-by-one error in morphology validation allowing out-of-bounds heap buffer reads. Attackers can trigger heap buffer o… |
CVE-2026-54696 | Low | 3.7 | 2026-06-30 | Ruby JSON is a JSON implementation for Ruby. Versions 2.9.0 through 2.19.8 are vulnerable to heap buffer overflow when the JSON generator is provided with an o… |
CVE-2026-9836 | Low | 3.5 | 2026-06-30 | IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability. |
CVE-2026-58371 | Low | 3.1 | 2026-06-30 | SeaweedFS before 4.30 reflects the callback query parameter verbatim into responses served with Content-Type application/javascript in the shared writeJson hel… |
CVE-2026-10654 | Low | 3.1 | 2026-06-30 | A race condition in the Zephyr Bluetooth Classic RFCOMM host stack (subsys/bluetooth/host/classic/rfcomm.c) mishandles a simultaneous bidirectional session dis… |
CVE-2026-13758 | Low | 3.7 | 2026-06-29 | CryptX versions before 0.088_001 for Perl compare AEAD authentication tags in non-constant time in the streaming decrypt_done path. The decrypt_done($tag) for… |
CVE-2026-57946 | Low | 3.7 | 2026-06-29 | Invidious before version 2.20260626.0 contains a broken access control vulnerability that allows unauthenticated attackers to retrieve private playlist content… |
CVE-2026-13746 | Low | 3.6 | 2026-06-29 | Improper neutralization of local CLI parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. A user could trigger this issue by su… |
CVE-2026-13587 | Low | 3.7 | 2026-06-29 | A vulnerability was found in seladb PcapPlusPlus 25.05. The affected element is the function parse_by_block_type of the file light_pcapng.c of the component Li… |
CVE-2026-13574 | Low | 3.3 | 2026-06-29 | A vulnerability was determined in llvm llvm-project up to 22.1.6. This impacts the function GCRelocateInst::getBasePtr in the library llvm/lib/IR/IntrinsicInst… |
CVE-2026-13573 | Low | 3.3 | 2026-06-29 | A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of t… |
CVE-2026-13570 | Low | 3.5 | 2026-06-29 | A vulnerability was detected in SourceCodester Inventory Management System 1.0. Impacted is an unknown function of the file /api/users_handler.php of the compo… |
CVE-2026-13558 | Low | 3.5 | 2026-06-29 | A security flaw has been discovered in CodeAstro Complaint Management System 1.0. This issue affects some unknown processing of the file /report/addreport of t… |
CVE-2025-0824 | Low | 3.7 | 2026-06-29 | Lack of validation for firmware update in Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28. This issue affects Hitachi Virtual Storage Platfo… |
CVE-2026-13523 | Low | 3.3 | 2026-06-29 | A weakness has been identified in GPAC up to 26.02.0. This affects an unknown part of the file src/utils/base_encoding.c of the component ISOBMFF Parser. Execu… |