Latest CVE Feed
-
3.5
LOWCVE-2008-1941
Cross-site scripting (XSS) vulnerability in the profile update feature in Akiva WebBoard 8.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in the form field. NOTE: the provenance of this information is u... Read more
Affected Products : webboard- Published: Apr. 25, 2008
- Modified: Apr. 09, 2025
-
3.5
LOWCVE-2019-20382
QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.... Read more
- Published: Mar. 05, 2020
- Modified: Nov. 21, 2024
-
3.5
LOWCVE-2015-7561
Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.... Read more
- Published: Aug. 07, 2017
- Modified: Apr. 20, 2025
-
3.5
LOWCVE-2024-37141
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an open redirect vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to information disclosure.... Read more
Affected Products : data_domain_operating_system- Published: Jun. 26, 2024
- Modified: Nov. 21, 2024
-
3.5
LOWCVE-2015-8602
The Token Insert Entity module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote authenticated users with certain permissions to bypass intended access restrictions and possibly obtain sensitive information by inse... Read more
Affected Products : token_insert_entity- Published: Dec. 17, 2015
- Modified: Apr. 12, 2025
-
3.5
LOWCVE-2016-0370
Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an application that was built with this product.... Read more
Affected Products : forms_experience_builder- Published: Sep. 01, 2016
- Modified: Apr. 12, 2025
-
3.5
LOWCVE-2024-37314
Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2.... Read more
- Published: Jun. 14, 2024
- Modified: Nov. 21, 2024
-
3.5
LOWCVE-2015-0505
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.... Read more
- Published: Apr. 16, 2015
- Modified: Apr. 12, 2025
-
3.5
LOWCVE-2012-3111
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect integrity, related to TECH, a different vulnerability than CVE-2012-1762.... Read more
Affected Products : peoplesoft_products- Published: Jul. 17, 2012
- Modified: Apr. 11, 2025
-
3.5
LOWCVE-2012-3157
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 through 5.3.4, 6.0.1, 6.2.0, and 12 allows remote authenticated users to affect integrity, related to BASE.... Read more
Affected Products : financial_services_software- Published: Oct. 16, 2012
- Modified: Apr. 11, 2025
-
3.5
LOWCVE-2012-5200
Cross-site scripting (XSS) vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote authenticated users to inject arbitrary web script or HTML via unspecif... Read more
- Published: Mar. 09, 2013
- Modified: Apr. 11, 2025
-
3.5
LOWCVE-2012-2340
The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the "access the site-wide contact form" permission to modify the module settings via unspecified... Read more
- Published: May. 21, 2012
- Modified: Apr. 11, 2025
-
3.5
LOWCVE-2012-2205
Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a workspace query.... Read more
Affected Products : rational_clearquest- Published: Aug. 17, 2012
- Modified: Apr. 11, 2025
-
3.5
LOWCVE-2012-5761
Cross-site scripting (XSS) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more
Affected Products : netezza- Published: Feb. 20, 2013
- Modified: Apr. 11, 2025
-
3.5
LOWCVE-2012-2214
proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer requests... Read more
Affected Products : pidgin- Published: Jul. 03, 2012
- Modified: Apr. 11, 2025
-
3.5
LOWCVE-2007-6421
Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.... Read more
Affected Products : http_server- Published: Jan. 08, 2008
- Modified: Apr. 09, 2025
-
3.5
LOWCVE-2012-3142
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.5, 5.1.0, 5.2.0, and 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality, related to BASE.... Read more
Affected Products : financial_services_software- Published: Oct. 16, 2012
- Modified: Apr. 11, 2025
-
3.5
LOWCVE-2012-4587
McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1, when one-time provisioning (OTP) mode is enabled, have an improper dependency on DNS SRV records, which makes it easier for remote attackers to discover user passwords by sp... Read more
- Published: Aug. 22, 2012
- Modified: Apr. 11, 2025
-
3.5
LOWCVE-2012-5762
Cross-site scripting (XSS) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to inject arbitrary web script or HTML via vectors involving the MHTML protocol.... Read more
Affected Products : netezza- Published: Feb. 20, 2013
- Modified: Apr. 11, 2025
-
3.5
LOWCVE-2012-2308
Cross-site scripting (XSS) vulnerability in the Taxonomy Grid : Catalog module for Drupal 6.x-1.6 and earlier allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.... Read more
- Published: Jul. 25, 2012
- Modified: Apr. 11, 2025