Latest CVE Feed
-
3.8
LOWCVE-2023-2434
The Nested Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'reset' function in versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with editor-level permi... Read more
Affected Products : nested_pages- Published: May. 31, 2023
- Modified: Nov. 21, 2024
-
3.8
LOWCVE-2024-1742
Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list.... Read more
- Published: Mar. 22, 2024
- Modified: Dec. 04, 2024
-
3.8
LOWCVE-2024-45599
Cursor is an artificial intelligence code editor. Prior to version 0.41.0, if a user on macOS has granted Cursor access to the camera or microphone, any program that is run on the machine is able to access the camera or the microphone without explicitly b... Read more
Affected Products : cursor- Published: Sep. 25, 2024
- Modified: Sep. 26, 2024
-
3.8
LOWCVE-2024-38660
Protection mechanism failure in the SPP for some Intel(R) Xeon(R) processor family (E-Core) may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more
Affected Products :- Published: Nov. 13, 2024
- Modified: Nov. 15, 2024
-
3.8
LOWCVE-2025-32971
XWiki is a generic wiki platform. In versions starting from 4.5.1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the Solr script service doesn't take dropped programming rights into account. The Solr scr... Read more
Affected Products : xwiki- Published: Apr. 30, 2025
- Modified: May. 13, 2025
- Vuln Type: Misconfiguration
-
3.8
LOWCVE-2025-25228
A SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the product management area in backend.... Read more
Affected Products : virtuemart- Published: Apr. 21, 2025
- Modified: May. 28, 2025
- Vuln Type: Injection
-
3.8
LOWCVE-2024-35039
idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area.... Read more
- Published: May. 16, 2024
- Modified: Apr. 15, 2025
-
3.8
LOWCVE-2024-56321
GoCD is a continuous deliver server. GoCD versions 18.9.0 through 24.4.0 (inclusive) can allow GoCD admins to abuse the backup configuration "post-backup script" feature to potentially execute arbitrary scripts on the hosting server or container as GoCD's... Read more
Affected Products : gocd- Published: Jan. 03, 2025
- Modified: Aug. 01, 2025
-
3.8
LOWCVE-2025-32026
Element Web is a Matrix web client built using the Matrix React SDK. Element Web, starting from version 1.11.16 up to version 1.11.96, can be configured to load Element Call from an external URL. Under certain conditions, the external page is able to get ... Read more
Affected Products :- Published: Apr. 08, 2025
- Modified: Apr. 08, 2025
-
3.8
LOWCVE-2018-15532
SynTP.sys in Synaptics Touchpad drivers before 2018-06-06 allows local users to obtain sensitive information about freed kernel addresses.... Read more
Affected Products : synaptics_touchpad_driver- Published: Mar. 21, 2019
- Modified: Nov. 21, 2024
-
3.8
LOWCVE-2024-53502
Seecms v4.8 was discovered to contain a SQL injection vulnerability in the SEMCMS_SeoAndTag.php page.... Read more
Affected Products : semcms- Published: Dec. 03, 2024
- Modified: Apr. 04, 2025
-
3.8
LOWCVE-2023-27307
Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access.... Read more
Affected Products : thunderbolt_dch_driver- Published: Feb. 14, 2024
- Modified: Nov. 21, 2024
-
3.8
LOWCVE-2024-30142
HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel.... Read more
Affected Products : bigfix_compliance- Published: Nov. 07, 2024
- Modified: Jun. 17, 2025
-
3.8
LOWCVE-2024-5445
Ecosystem Agent version 4 < 4.1.5.2597 and Ecosystem Agent version 5 < 5.1.4.2473 did not properly validate SSL/TLS certificates, which could allow a malicious actor to perform a Man-in-the-Middle and intercept traffic between the agent and N-able servers... Read more
Affected Products :- Published: Aug. 12, 2024
- Modified: Jan. 07, 2025
-
3.8
LOWCVE-2024-5030
The CM Table Of Contents WordPress plugin before 1.2.3 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin perform such action via a CSRF attack... Read more
Affected Products : cm_table_of_contents- Published: Nov. 18, 2024
- Modified: May. 15, 2025
-
3.8
LOWCVE-2023-29062
The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS... Read more
- Published: Nov. 28, 2023
- Modified: Nov. 21, 2024
-
3.8
LOWCVE-2020-26625
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal.... Read more
Affected Products : gila_cms- Published: Jan. 02, 2024
- Modified: May. 16, 2025
-
3.8
LOWCVE-2024-32314
Tenda AC500 V2.0.1.9(1307) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter.... Read more
- Published: Apr. 17, 2024
- Modified: Mar. 17, 2025
-
3.8
LOWCVE-2021-3593
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issu... Read more
- Published: Jun. 15, 2021
- Modified: Nov. 21, 2024
-
3.8
LOWCVE-2024-46897
Incorrect permission assignment for critical resource issue exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. A logged-in user with the permission of table management may obtain and/or alter the information of the unauthorized table.... Read more
Affected Products : exment- Published: Oct. 18, 2024
- Modified: Oct. 22, 2024