Unrated-severity CVEs
44 unrated-severity CVEs (11 with public PoCs). Browse the most dangerous vulnerabilities.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-12635 | Unrated | | 2026-06-25 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain co… |
CVE-2026-55611 | Unrated | | 2026-06-24 | AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. From 1.11.1 until 1.14.1, userId/wo… |
CVE-2026-44961 | Unrated | | 2026-06-23 | The XML‑RPC API addUser method has a validation bypass introduced in the fix for CVE‑2025‑55129. As a result, API users could create usernames that enabled imp… |
CVE-2026-44960 | Unrated | | 2026-06-23 | A stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user viewed the audit log details for affected entries, any malici… |
CVE-2026-44956 | Unrated | | 2026-06-23 | Low‑privileged users could use their Full Name as a vector for a stored XSS attack. The name is included in system‑generated emails, whose content is stored in… |
CVE-2026-56379 | Unrated | | 2026-06-23 | ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that allows attackers to inject arbitrary MVG drawing c… |
CVE-2026-56371 | Unrated | | 2026-06-23 | ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocate… |
CVE-2026-33637 | Unrated | | 2026-05-19 | Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-rel… |
CVE-2026-44283 | Unrated | | 2026-05-14 | etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via… |
CVE-2026-42873 | Unrated | | 2026-05-11 | WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, when attempting to upload a file with malicious content to funcionario/docdepe… |
CVE-2026-20188 | Unrated | 7.5 | 2026-05-06 | Following the initial publication of the Security Advisory about a denial of service (DoS) condition in Cisco Crosswork Network Controller and Cisco Network Se… |
CVE-2026-41144 | Unrated | | 2026-04-22 | F´ (F Prime) is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds… |
CVE-2025-66447 | Unrated | | 2026-04-10 | Chamilo LMS is a learning management system. From 1.11.0 to 2.0-beta.1, anyone can trigger a malicious redirect through the use of the redirect parameter to /l… |
CVE-2026-33343 | Unrated | | 2026-03-26 | etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, an authenticated user with RBAC restri… |
CVE-2026-30892 | Unrated | | 2026-03-26 | crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the `crun exec` option `-u` (`--user`) is incorrectly parsed… |
CVE-2026-32752 | Unrated | | 2026-03-19 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.208 and below, the ThreadPolicy::edit() method contains a br… |
CVE-2026-31897 | Unrated | | 2026-03-13 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in freerdp_bitmap_decompress_planar when SrcSi… |
CVE-2026-31873 | Unrated | | 2026-03-12 | Unhead is a document head and template manager. Prior to 2.1.11, The link.href check in makeTagSafe (safe.ts) uses String.includes(), which is case-sensitive… |
CVE-2026-31954 | Unrated | | 2026-03-11 | Emlog is an open source website building system. In 2.6.6 and earlier, the delete_async action (asynchronous delete) lacks a call to LoginAuth::checkToken(), e… |
CVE-2026-30825 | Unrated | | 2026-03-07 | hoppscotch is an open source API development ecosystem. Prior to version 2026.2.1, the DELETE /v1/access-tokens/revoke endpoint allows any authenticated user t… |