Unrated-severity CVEs

44 unrated-severity CVEs (11 with public PoCs). Browse the most dangerous vulnerabilities.

Top Unrated-severity CVEs
CVESeverityScorePublishedSummary
CVE-2026-12635Unrated2026-06-25GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain co…
CVE-2026-55611Unrated2026-06-24AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. From 1.11.1 until 1.14.1, userId/wo…
CVE-2026-44961Unrated2026-06-23The XML‑RPC API addUser method has a validation bypass introduced in the fix for CVE‑2025‑55129. As a result, API users could create usernames that enabled imp…
CVE-2026-44960Unrated2026-06-23A stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user viewed the audit log details for affected entries, any malici…
CVE-2026-44956Unrated2026-06-23Low‑privileged users could use their Full Name as a vector for a stored XSS attack. The name is included in system‑generated emails, whose content is stored in…
CVE-2026-56379Unrated2026-06-23ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that allows attackers to inject arbitrary MVG drawing c…
CVE-2026-56371Unrated2026-06-23ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocate…
CVE-2026-33637Unrated2026-05-19Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-rel…
CVE-2026-44283Unrated2026-05-14etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via…
CVE-2026-42873Unrated2026-05-11WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, when attempting to upload a file with malicious content to funcionario/docdepe…
CVE-2026-20188Unrated7.52026-05-06Following the initial publication of the Security Advisory about a denial of service (DoS) condition in Cisco Crosswork Network Controller and Cisco Network Se…
CVE-2026-41144Unrated2026-04-22F´ (F Prime) is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds…
CVE-2025-66447Unrated2026-04-10Chamilo LMS is a learning management system. From 1.11.0 to 2.0-beta.1, anyone can trigger a malicious redirect through the use of the redirect parameter to /l…
CVE-2026-33343Unrated2026-03-26etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, an authenticated user with RBAC restri…
CVE-2026-30892Unrated2026-03-26crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the `crun exec` option `-u` (`--user`) is incorrectly parsed…
CVE-2026-32752Unrated2026-03-19FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.208 and below, the ThreadPolicy::edit() method contains a br…
CVE-2026-31897Unrated2026-03-13FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in freerdp_bitmap_decompress_planar when SrcSi…
CVE-2026-31873Unrated2026-03-12Unhead is a document head and template manager. Prior to 2.1.11, The link.href check in makeTagSafe (safe.ts) uses String.includes(), which is case-sensitive…
CVE-2026-31954Unrated2026-03-11Emlog is an open source website building system. In 2.6.6 and earlier, the delete_async action (asynchronous delete) lacks a call to LoginAuth::checkToken(), e…
CVE-2026-30825Unrated2026-03-07hoppscotch is an open source API development ecosystem. Prior to version 2026.2.1, the DELETE /v1/access-tokens/revoke endpoint allows any authenticated user t…