Low Severity CVEs Low

245 documented vulnerabilities classified as low severity.

Other levels: Critical High Medium
2026
170
2025
75

Top Affected Vendors (Low Severity)

Sohu 14 Jeecg 8 Mattermost 5 Hcltech 5 Oretnom23 4 Openclaw 4 Open5Gs 3 Razormist 3 Apple 3 Campcodes 3 Vmware 2 Ibm 2 Adobe 2 Janobe 2 Phpems 2

All Low CVEs

Recent Highest Score Oldest
CVE-2026-33659
3.5 low

EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Attachment/fromImageUrl endpoint is vulnerable to Server-Side Request Forgery (SSRF) via a DNS rebinding (TOCTOU) condition. Host validation uses dns_get_record() but the actual HTTP

Apr 13, 2026
CVE-2026-6192
3.3 low

A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The ident

Apr 13, 2026
CVE-2026-36952
2.7 low

Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in the file /otas/admin/curriculum/manage_curriculum.php.

Apr 13, 2026
CVE-2026-36950
2.7 low

Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in /otas/projects_per_department.php.

Apr 13, 2026
CVE-2026-6184
2.4 low

A weakness has been identified in code-projects Simple Content Management System 1.0. This affects an unknown part of the file /web/admin/welcome.php. Executing a manipulation of the argument News Title can lead to cross site scripting. The attack can be executed remotely. The exploit has been made

Apr 13, 2026
CVE-2026-36938
2.7 low

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/rooms/view_room.php.

Apr 13, 2026
CVE-2026-36937
2.7 low

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/reservations/view_details.php.

Apr 13, 2026
CVE-2026-36945
2.7 low

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/clients/manage_client.php

Apr 13, 2026
CVE-2026-36944
2.7 low

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerale to SQL injection in the file/rsms/admin/repairs/view_details.php.

Apr 13, 2026
CVE-2026-36943
2.7 low

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/repairs/manage_repair.php.

Apr 13, 2026
CVE-2026-36942
2.7 low

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in the file /orms/admin/activities/manage_activity.php.

Apr 13, 2026
CVE-2026-36941
2.7 low

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL Injection in the file /orms/admin/rooms/manage_room.php.

Apr 13, 2026
CVE-2026-36947
2.7 low

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/admin/services/view_service.php.

Oretnom23 Computer And Mobile Repair Shop Management System Apr 13, 2026
CVE-2026-36946
2.7 low

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/inquiries/view_details.php.

Oretnom23 Computer And Mobile Repair Shop Management System Apr 13, 2026
CVE-2026-36923
2.7 low

Sourcecodester Cab Management System 1.0 is vulnerable to SQL Injection in the file /cms/admin/bookings/view_booking.php.

Oretnom23 Cab Management System Apr 13, 2026
CVE-2026-36922
2.7 low

Sourcecodester Cab Management System v1.0 is vulnerable to SQL injection in the file /cms/admin/categories/view_category.php.

Oretnom23 Cab Management System Apr 13, 2026
CVE-2026-36920
2.7 low

Sourcecodester Online Reviewer System v1.0 is vulnerable to SQL Injection in the file /system/system/admins/assessments/examproper/questions-view.php.

Janobe Online Reviewer System Apr 13, 2026
CVE-2026-36919
2.7 low

Sourcecodester Online Reviewer System v1.0 is vulnerale to SQL Injection in the file /system/system/admins/assessments/examproper/exam-update.php.

Janobe Online Reviewer System Apr 13, 2026
CVE-2026-36874
2.7 low

Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_student.php.

Razormist Basic Library System Apr 13, 2026
CVE-2026-36873
2.7 low

Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_admin.php.

Razormist Basic Library System Apr 13, 2026
CVE-2026-36872
2.7 low

Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_book.php.

Razormist Basic Library System Apr 13, 2026
CVE-2025-15632
3.5 low

A vulnerability has been found in 1Panel-dev MaxKB up to 2.4.2. Impacted is an unknown function of the file ui/src/chat.ts of the component MdPreview. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. U

Apr 13, 2026
CVE-2026-40109
3.1 low

Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any vali

Apr 9, 2026
CVE-2026-40077
3.5 low

Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they know t

Apr 9, 2026