Latest CVE Feed
-
2.7
LOWCVE-2024-10098
The ApplyOnline WordPress plugin before 2.6.3 does not protect uploaded files during the application process, allowing unauthenticated users to access them and any private information they contain... Read more
Affected Products : applyonline_-_application_form_builder_and_manager- Published: May. 15, 2025
- Modified: Jun. 09, 2025
- Vuln Type: Information Disclosure
-
2.7
LOWCVE-2025-48059
PowSyBl (Power System Blocks) is a framework to build power system oriented software. In com.powsybl:powsybl-iidm-criteria versions 6.3.0 to before 6.7.2 and com.powsybl:powsybl-contingency-api versions 5.0.0 to before 6.3.0, there is a a potential polyno... Read more
Affected Products :- Published: Jun. 20, 2025
- Modified: Jun. 23, 2025
- Vuln Type: Denial of Service
-
2.7
LOWCVE-2025-4972
An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-level user invitation restrictions by manipulating group... Read more
Affected Products : gitlab- Published: Jul. 10, 2025
- Modified: Jul. 25, 2025
- Vuln Type: Authorization
-
2.7
LOWCVE-2025-6168
An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated maintainers to bypass group-level user invitation restrictions by sending crafted API requests.... Read more
Affected Products : gitlab- Published: Jul. 10, 2025
- Modified: Jul. 25, 2025
- Vuln Type: Authorization
-
2.7
LOWCVE-2024-48455
An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Netis Wifi Router ... Read more
Affected Products :- Published: Jan. 06, 2025
- Modified: Jan. 07, 2025
- Vuln Type: Information Disclosure
-
2.7
LOWCVE-2025-30877
Missing Authorization vulnerability in fatcatapps Quiz Cat allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Quiz Cat: from n/a through 3.0.8.... Read more
Affected Products :- Published: Mar. 27, 2025
- Modified: Mar. 27, 2025
- Vuln Type: Authorization
-
2.7
LOWCVE-2025-54873
RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. RISC packages risc0-zkvm versions 2.0.0 through 2.1.0 and risc0-circuit-rv32im and risc0-circuit-rv32im-sys versions 2.0.0 through 2.0... Read more
Affected Products :- Published: Aug. 06, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Misconfiguration
-
2.7
LOWCVE-2022-35931
Nextcloud Password Policy is an app that enables a Nextcloud server admin to define certain rules for passwords. Prior to versions 22.2.10, 23.0.7, and 24.0.3 the random password generator may, in very rare cases, generate common passwords that the valida... Read more
- EPSS Score: %0.04
- Published: Sep. 06, 2022
- Modified: Nov. 21, 2024
-
2.7
LOWCVE-2012-2625
The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service (memory consumption) via a large (1) bzip2 or (2) lzma compressed kernel image.... Read more
- EPSS Score: %0.32
- Published: Oct. 31, 2012
- Modified: Apr. 11, 2025
-
2.7
LOWCVE-2025-46777
A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted secre... Read more
Affected Products : fortiportal- Published: May. 28, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Information Disclosure
-
2.7
LOWCVE-2025-48370
auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.69.1, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead... Read more
Affected Products :- Published: May. 27, 2025
- Modified: May. 28, 2025
- Vuln Type: Path Traversal
-
2.7
LOWCVE-2025-32205
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in piotnetdotcom Piotnet Forms. This issue affects Piotnet Forms: from n/a through 1.0.30.... Read more
Affected Products : piotnet_forms- Published: Apr. 10, 2025
- Modified: Apr. 11, 2025
- Vuln Type: Path Traversal
-
2.7
LOWCVE-2024-7038
An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides diff... Read more
Affected Products : open_webui- Published: Oct. 09, 2024
- Modified: Nov. 03, 2024
-
2.7
LOWCVE-2023-27266
Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response. ... Read more
- EPSS Score: %0.15
- Published: Feb. 27, 2023
- Modified: Nov. 21, 2024
-
2.7
LOWCVE-2015-2115
Unspecified vulnerability in HP Capture and Route Software (HPCR) 1.3 before Patch 7, 1.3 FP1 before Patch 1, and 1.4 before Patch 1 allows remote authenticated users to obtain sensitive information via unknown vectors.... Read more
Affected Products : capture_and_route_software- EPSS Score: %0.10
- Published: Apr. 27, 2015
- Modified: Apr. 12, 2025
-
2.7
LOWCVE-2023-32684
Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to version 0.16.0, a virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is mounted from the ... Read more
Affected Products : lima- EPSS Score: %0.08
- Published: May. 30, 2023
- Modified: Nov. 21, 2024
-
2.7
LOWCVE-2024-47190
Northern.tech Hosted Mender before 2024.07.11 allows SSRF.... Read more
Affected Products :- Published: Nov. 08, 2024
- Modified: Nov. 08, 2024
-
2.7
LOWCVE-2023-5775
The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup destination passwords in plaintext. This makes it possi... Read more
Affected Products : backwpup- Published: Feb. 26, 2024
- Modified: Feb. 05, 2025
-
2.7
LOWCVE-2024-4214
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in Bill Minozzi Car Dealer allows Code Injection.This issue affects Car Dealer: from n/a through 4.15.... Read more
Affected Products :- Published: May. 17, 2024
- Modified: Nov. 21, 2024
-
2.7
LOWCVE-2024-29177
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the re... Read more
Affected Products : data_domain_operating_system- Published: Jun. 26, 2024
- Modified: Nov. 21, 2024