Latest CVE Feed
-
2.7
LOWCVE-2025-24866
Mattermost versions 9.11.x <= 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs.... Read more
Affected Products : mattermost_server- Published: Apr. 10, 2025
- Modified: Apr. 11, 2025
- Vuln Type: Authorization
-
2.7
LOWCVE-2022-46498
Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the doc_number parameter at his_admin_view_single_employee.php.... Read more
- Published: Mar. 07, 2024
- Modified: Mar. 28, 2025
-
2.7
LOWCVE-2025-30369
Zulip is an open-source team collaboration tool. The API for deleting an organization custom profile field is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the ... Read more
- Published: Mar. 31, 2025
- Modified: Aug. 27, 2025
- Vuln Type: Authorization
-
2.7
LOWCVE-2024-30507
Authorization Bypass Through User-Controlled Key vulnerability in Molongui.This issue affects Molongui: from n/a through 4.7.7. ... Read more
Affected Products :- Published: Mar. 29, 2024
- Modified: Nov. 21, 2024
-
2.7
LOWCVE-2022-45428
Some Dahua software products have a vulnerability of sensitive information leakage. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can obtain the debugging information.... Read more
- EPSS Score: %0.07
- Published: Dec. 27, 2022
- Modified: Apr. 14, 2025
-
2.7
LOWCVE-2023-21882
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protoco... Read more
- EPSS Score: %0.06
- Published: Jan. 18, 2023
- Modified: Nov. 21, 2024
-
2.7
LOWCVE-2014-3608
The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into the rescue state, suspending it, which puts into an ERROR... Read more
Affected Products : nova- EPSS Score: %0.69
- Published: Oct. 06, 2014
- Modified: Apr. 12, 2025
-
2.7
LOWCVE-2025-4563
A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled, the controller properly validates resource claim status... Read more
Affected Products : kubernetes- Published: Jun. 23, 2025
- Modified: Jun. 23, 2025
- Vuln Type: Authorization
-
2.7
LOWCVE-2023-21874
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pr... Read more
- EPSS Score: %0.04
- Published: Jan. 18, 2023
- Modified: Nov. 21, 2024
-
2.7
LOWCVE-2024-40864
The issue was addressed with improved handling of protocols. This issue is fixed in macOS Ventura 13.7.5, macOS Sonoma 14.7.5. An attacker in a privileged network position can track a user's activity.... Read more
Affected Products : macos- Published: Mar. 31, 2025
- Modified: Apr. 04, 2025
- Vuln Type: Information Disclosure
-
2.7
LOWCVE-2013-0167
VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via guestInfo dictionaries with "unexpected fields."... Read more
Affected Products : enterprise_virtualization- EPSS Score: %0.10
- Published: Aug. 19, 2013
- Modified: Apr. 11, 2025
-
2.7
LOWCVE-2025-55193
Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI seque... Read more
Affected Products : rails- Published: Aug. 13, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Information Disclosure
-
2.7
LOWCVE-2025-54873
RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. RISC packages risc0-zkvm versions 2.0.0 through 2.1.0 and risc0-circuit-rv32im and risc0-circuit-rv32im-sys versions 2.0.0 through 2.0... Read more
Affected Products :- Published: Aug. 06, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Misconfiguration
-
2.7
LOWCVE-2025-27398
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly neutralize special characters when interpreting user controlled log paths. This could allow an authenticated highly-privi... Read more
- Published: Mar. 11, 2025
- Modified: Aug. 22, 2025
- Vuln Type: Path Traversal
-
2.7
LOWCVE-2024-40884
Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to properly enforce permissions which allows a team admin user without "Add Team Members" permission to disable the invite URL.... Read more
- Published: Aug. 22, 2024
- Modified: Oct. 17, 2024
-
2.7
LOWCVE-2025-30258
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "ve... Read more
Affected Products : gnupg- Published: Mar. 19, 2025
- Modified: Mar. 19, 2025
- Vuln Type: Denial of Service
-
2.7
LOWCVE-2025-30681
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network... Read more
- Published: Apr. 15, 2025
- Modified: Apr. 17, 2025
- Vuln Type: Denial of Service
-
2.7
LOWCVE-2024-7038
An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides diff... Read more
Affected Products : open_webui- Published: Oct. 09, 2024
- Modified: Nov. 03, 2024
-
2.7
LOWCVE-2023-48303
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, admins can change authentication details... Read more
- EPSS Score: %0.19
- Published: Nov. 21, 2023
- Modified: Nov. 21, 2024
-
2.7
LOWCVE-2023-27266
Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response. ... Read more
- EPSS Score: %0.15
- Published: Feb. 27, 2023
- Modified: Nov. 21, 2024