Latest CVE Feed
-
3.8
LOWCVE-2025-8013
The Quttera Web Malware Scanner plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.5.1.41 via the 'RunExternalScan' function. This makes it possible for authenticated attackers, with Administrator-lev... Read more
Affected Products : quttera_web_malware_scanner- Published: Aug. 15, 2025
- Modified: Aug. 15, 2025
- Vuln Type: Server-Side Request Forgery
-
3.8
LOWCVE-2025-25878
A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /del.php. The attack can use SQL injection to obtain sensitive data.... Read more
Affected Products : simple_chatbox- Published: Feb. 21, 2025
- Modified: Apr. 07, 2025
- Vuln Type: Injection
-
3.8
LOWCVE-2023-38420
Improper conditions check in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable information disclosure via local access.... Read more
- Published: May. 16, 2024
- Modified: Sep. 02, 2025
-
3.8
LOWCVE-2020-12829
In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this f... Read more
- Published: Aug. 31, 2020
- Modified: Nov. 21, 2024
-
3.8
LOWCVE-2025-47938
TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, the backend user management interface allows password changes without ... Read more
Affected Products : typo3- Published: May. 20, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Authentication
-
3.8
LOWCVE-2023-21988
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows low privileged attacker with logon to the ... Read more
Affected Products : vm_virtualbox- Published: Apr. 18, 2023
- Modified: Nov. 21, 2024
-
3.8
LOWCVE-2025-8298
Realtek RTL8811AU rtwlanu.sys N6CQueryInformationHandleCustomized11nOids Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of Realtek RTL8811AU dr... Read more
- Published: Sep. 02, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Information Disclosure
-
3.8
LOWCVE-2025-21546
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged ... Read more
Affected Products : mysql_server- Published: Jan. 21, 2025
- Modified: Apr. 08, 2025
- Vuln Type: Authorization
-
3.8
LOWCVE-2019-2504
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to t... Read more
Affected Products : vm_virtualbox- Published: Jan. 16, 2019
- Modified: Nov. 21, 2024
-
3.8
LOWCVE-2018-20927
cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382).... Read more
Affected Products : cpanel- Published: Aug. 01, 2019
- Modified: Nov. 21, 2024
-
3.8
LOWCVE-2023-2434
The Nested Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'reset' function in versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with editor-level permi... Read more
Affected Products : nested_pages- Published: May. 31, 2023
- Modified: Nov. 21, 2024
-
3.8
LOWCVE-2023-0091
A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.... Read more
- Published: Jan. 13, 2023
- Modified: Apr. 09, 2025
-
3.8
LOWCVE-2024-5470
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with `admin_push_rules` permission may have been able to create project-level deploy tokens.... Read more
Affected Products : gitlab- Published: Jul. 11, 2024
- Modified: Nov. 21, 2024
-
3.8
LOWCVE-2019-2553
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to t... Read more
Affected Products : vm_virtualbox- Published: Jan. 16, 2019
- Modified: Nov. 21, 2024
-
3.8
LOWCVE-2020-16128
The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.... Read more
Affected Products : ubuntu_linux- Published: Dec. 09, 2020
- Modified: Nov. 21, 2024
-
3.8
LOWCVE-2024-0173
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory.... Read more
- Published: Mar. 13, 2024
- Modified: Jan. 31, 2025
-
3.8
LOWCVE-2024-0154
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory.... Read more
- Published: Mar. 13, 2024
- Modified: Jan. 31, 2025
-
3.8
LOWCVE-2023-29062
The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS... Read more
- Published: Nov. 28, 2023
- Modified: Nov. 21, 2024
-
3.8
LOWCVE-2024-53502
Seecms v4.8 was discovered to contain a SQL injection vulnerability in the SEMCMS_SeoAndTag.php page.... Read more
Affected Products : semcms- Published: Dec. 03, 2024
- Modified: Apr. 04, 2025
-
3.8
LOWCVE-2023-27307
Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access.... Read more
Affected Products : thunderbolt_dch_driver- Published: Feb. 14, 2024
- Modified: Nov. 21, 2024