Latest CVE Feed
-
3.1
LOWCVE-2023-4579
Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine.... Read more
Affected Products : firefox- EPSS Score: %0.17
- Published: Sep. 11, 2023
- Modified: Nov. 21, 2024
-
3.1
LOWCVE-2017-3539
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticat... Read more
Affected Products : debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus enterprise_linux_server_tus jdk jre satellite +1 more products- EPSS Score: %0.50
- Published: Apr. 24, 2017
- Modified: Apr. 20, 2025
-
3.1
LOWCVE-2016-0125
Microsoft Edge mishandles the Referer policy, which allows remote attackers to obtain sensitive browser-history and request information via a crafted HTTPS web site, aka "Microsoft Edge Information Disclosure Vulnerability."... Read more
Affected Products : edge- EPSS Score: %4.49
- Published: Mar. 09, 2016
- Modified: Apr. 12, 2025
-
3.1
LOWCVE-2025-52463
Cross-site request forgery vulnerability exists in Active! mail 6 BuildInfo: 6.60.06008562 and earlier. If this vulnerability is exploited, unintended E-mail may be sent when a user accesses a specially crafted URL while being logged in.... Read more
Affected Products : active\!_mail- Published: Jul. 02, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Cross-Site Request Forgery
-
3.1
LOWCVE-2025-47279
Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the appl... Read more
Affected Products : undici- Published: May. 15, 2025
- Modified: May. 16, 2025
- Vuln Type: Memory Corruption
-
3.1
LOWCVE-2017-10193
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticat... Read more
- EPSS Score: %0.38
- Published: Aug. 08, 2017
- Modified: Apr. 20, 2025
-
3.1
LOWCVE-2020-14798
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthentica... Read more
Affected Products : debian_linux leap active_iq_unified_manager hci_management_node solidfire oncommand_insight oncommand_unified_manager jdk jre e-series_santricity_os_controller +8 more products- EPSS Score: %0.25
- Published: Oct. 21, 2020
- Modified: May. 27, 2025
-
3.1
LOWCVE-2025-32787
SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. Versions 5.02.5184 to 5.02.5187 are vulnerable to NULL dereference in `DeleteIPv6DefaultRouterInRA` called by `StorePacket`. Before dereferencing, `DeleteIPv6DefaultRouterInRA` do... Read more
Affected Products :- Published: Apr. 16, 2025
- Modified: Apr. 17, 2025
- Vuln Type: Denial of Service
-
3.1
LOWCVE-2024-21003
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exp... Read more
- Published: Apr. 16, 2024
- Modified: Mar. 29, 2025
-
3.1
LOWCVE-2024-21005
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exp... Read more
- Published: Apr. 16, 2024
- Modified: Dec. 05, 2024
-
3.1
LOWCVE-2024-1221
This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. The attacker must carry out some reconnaissance to gain knowledge of a system token. This CVE only ... Read more
- Published: Mar. 14, 2024
- Modified: Jan. 23, 2025
-
3.1
LOWCVE-2024-21231
Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker wit... Read more
- Published: Oct. 15, 2024
- Modified: Mar. 13, 2025
-
3.1
LOWCVE-2025-46653
Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." (Also, there is a scenario in which only t... Read more
Affected Products : formidable- Published: Apr. 26, 2025
- Modified: Apr. 29, 2025
- Vuln Type: Misconfiguration
-
3.1
LOWCVE-2025-3637
A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the mod_d... Read more
Affected Products : moodle- Published: Apr. 25, 2025
- Modified: Jun. 24, 2025
- Vuln Type: Information Disclosure
-
3.1
LOWCVE-2025-41423
Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to properly validate permissions for the API endpoint /plugins/playbooks/api/v0/signal/keywords/ignore-thread, allowing any user or attacker to delete posts containing actions ... Read more
Affected Products : mattermost_server- Published: Apr. 24, 2025
- Modified: Apr. 29, 2025
- Vuln Type: Authorization
-
3.1
LOWCVE-2025-1878
A vulnerability has been found in i-Drive i11 and i12 up to 20250227 and classified as problematic. This vulnerability affects unknown code of the component WiFi. The manipulation leads to use of default password. Access to the local network is required f... Read more
- Published: Mar. 03, 2025
- Modified: Mar. 06, 2025
- Vuln Type: Authentication
-
3.1
LOWCVE-2025-22601
Discourse is an open source platform for community discussion. In affected versions an attacker can trick a target user to make changes to their own username via carefully crafted link using the `activate-account` route. This problem has been patched in t... Read more
Affected Products : discourse- Published: Feb. 04, 2025
- Modified: Aug. 26, 2025
- Vuln Type: Authentication
-
3.1
LOWCVE-2018-8482
An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server... Read more
- EPSS Score: %2.46
- Published: Oct. 10, 2018
- Modified: Nov. 21, 2024
-
3.1
LOWCVE-2024-20925
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exp... Read more
- Published: Feb. 17, 2024
- Modified: Dec. 09, 2024
-
3.1
LOWCVE-2021-22898
curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV... Read more
Affected Products : fedora debian_linux curl communications_cloud_native_core_network_slice_selection_function communications_cloud_native_core_network_repository_function sinec_infrastructure_network_services essbase universal_forwarder communications_cloud_native_core_network_function_cloud_native_environment communications_cloud_native_core_binding_support_function +2 more products- EPSS Score: %0.11
- Published: Jun. 11, 2021
- Modified: Nov. 21, 2024