Latest CVE Feed
-
2.7
LOWCVE-2025-52484
RISC Zero is a general computing platform based on zk-STARKs and the RISC-V microarchitecture. Due to a missing constraint in the rv32im circuit, any 3-register RISC-V instruction (including remu and divu) in risc0-zkvm 2.0.0, 2.0.1, and 2.0.2 are vulnera... Read more
Affected Products :- Published: Jun. 20, 2025
- Modified: Jun. 23, 2025
- Vuln Type: Misconfiguration
-
2.7
LOWCVE-2025-49843
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travis_headers function in the conda-smithy repository creates files with permissions e... Read more
Affected Products :- Published: Jun. 17, 2025
- Modified: Jun. 18, 2025
- Vuln Type: Misconfiguration
-
2.7
LOWCVE-2024-52589
Discourse is an open source platform for community discussion. Moderators can see the Screened emails list in the admin dashboard, and through that can learn the email of a user. This problem is patched in the latest version of Discourse. Users unable to ... Read more
Affected Products : discourse- Published: Dec. 19, 2024
- Modified: Aug. 26, 2025
-
2.7
LOWCVE-2025-1088
In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher.... Read more
Affected Products : grafana- Published: Jun. 18, 2025
- Modified: Jun. 18, 2025
- Vuln Type: Denial of Service
-
2.7
LOWCVE-2024-45133
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on c... Read more
- Published: Oct. 10, 2024
- Modified: Oct. 11, 2024
-
2.7
LOWCVE-2024-45149
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass sec... Read more
- Published: Oct. 10, 2024
- Modified: Dec. 12, 2024
-
2.7
LOWCVE-2024-45134
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on c... Read more
- Published: Oct. 10, 2024
- Modified: Oct. 11, 2024
-
2.7
LOWCVE-2025-24474
An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiManager Cloud 7.4.1 through... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 22, 2025
- Vuln Type: Injection
-
2.7
LOWCVE-2024-40864
The issue was addressed with improved handling of protocols. This issue is fixed in macOS Ventura 13.7.5, macOS Sonoma 14.7.5. An attacker in a privileged network position can track a user's activity.... Read more
Affected Products : macos- Published: Mar. 31, 2025
- Modified: Apr. 04, 2025
- Vuln Type: Information Disclosure
-
2.7
LOWCVE-2022-27597
A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, Qu... Read more
Affected Products : quts_hero qts qutscloud qvr qvp-41b_firmware qvp-63b_firmware qvp-85b_firmware qvp-21a_firmware qvp-41a_firmware qvp-63a_firmware +8 more products- EPSS Score: %0.24
- Published: Mar. 29, 2023
- Modified: Nov. 21, 2024
-
2.7
LOWCVE-2023-22113
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multi... Read more
- EPSS Score: %0.06
- Published: Oct. 17, 2023
- Modified: Jun. 12, 2025
-
2.7
LOWCVE-2014-3493
The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without... Read more
Affected Products : samba- EPSS Score: %2.25
- Published: Jun. 23, 2014
- Modified: Apr. 12, 2025
-
2.7
LOWCVE-2024-29947
There is a NULL dereference pointer vulnerability in some Hikvision NVRs. Due to an insufficient validation of a parameter in a message, an attacker may send specially crafted messages to an affected product, causing a process abnormality. ... Read more
Affected Products :- Published: Apr. 02, 2024
- Modified: Nov. 21, 2024
-
2.7
LOWCVE-2025-27398
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly neutralize special characters when interpreting user controlled log paths. This could allow an authenticated highly-privi... Read more
- Published: Mar. 11, 2025
- Modified: Aug. 22, 2025
- Vuln Type: Path Traversal
-
2.7
LOWCVE-2024-40455
An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request.... Read more
Affected Products : thinksaas- Published: Jul. 16, 2024
- Modified: Apr. 28, 2025
-
2.7
LOWCVE-2013-5875
Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect integrity and availability via vectors related to Role Based Access Control (RBAC).... Read more
- EPSS Score: %0.10
- Published: Jan. 15, 2014
- Modified: Apr. 11, 2025
-
2.7
LOWCVE-2014-3608
The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into the rescue state, suspending it, which puts into an ERROR... Read more
Affected Products : nova- EPSS Score: %0.69
- Published: Oct. 06, 2014
- Modified: Apr. 12, 2025
-
2.7
LOWCVE-2025-50104
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access ... Read more
- Published: Jul. 15, 2025
- Modified: Jul. 16, 2025
- Vuln Type: Denial of Service
-
2.7
LOWCVE-2025-50066
Vulnerability in the Oracle Database Materialized View component of Oracle Database Server. Supported versions that are affected are 19.3-19.27, 21.3-21.18 and 23.4-23.8. Easily exploitable vulnerability allows high privileged attacker having Execute on... Read more
- Published: Jul. 15, 2025
- Modified: Jul. 24, 2025
- Vuln Type: Authorization
-
2.7
LOWCVE-2025-48491
Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version.... Read more
Affected Products :- Published: May. 30, 2025
- Modified: May. 30, 2025
- Vuln Type: Misconfiguration