Latest CVE Feed
-
2.7
LOWCVE-2025-6168
An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated maintainers to bypass group-level user invitation restrictions by sending crafted API requests.... Read more
Affected Products : gitlab- Published: Jul. 10, 2025
- Modified: Jul. 25, 2025
- Vuln Type: Authorization
-
2.7
LOWCVE-2024-28214
nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker.... Read more
Affected Products : ngrinder- Published: Mar. 07, 2024
- Modified: May. 07, 2025
-
2.7
LOWCVE-2024-32882
Wagtail is an open source content management system built on Django. In affected versions if a model has been made available for editing through the `wagtail.contrib.settings` module or `ModelViewSet`, and the `permission` argument on `FieldPanel` has bee... Read more
- Published: May. 02, 2024
- Modified: Nov. 21, 2024
-
2.7
LOWCVE-2014-4022
The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, when running on an ARM platform, does not properly initialize the structure containing the grant table pages for a domain, which allows local guest administrators to obtain sensitive info... Read more
Affected Products : xen- EPSS Score: %0.17
- Published: Jul. 09, 2014
- Modified: Apr. 12, 2025
-
2.7
LOWCVE-2014-0624
EMC RSA Data Loss Prevention (DLP) 9.x before 9.6-SP2 does not properly manage sessions, which allows remote authenticated users to gain privileges and bypass intended content-reading restrictions via unspecified vectors.... Read more
Affected Products : rsa_data_loss_prevention- EPSS Score: %0.08
- Published: Mar. 06, 2014
- Modified: Apr. 12, 2025
-
2.7
LOWCVE-2024-38823
Salt's request server is vulnerable to replay attacks when not using a TLS encrypted transport.... Read more
Affected Products :- Published: Jun. 13, 2025
- Modified: Jun. 16, 2025
- Vuln Type: Misconfiguration
-
2.7
LOWCVE-2022-39409
Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Business Process Automation). Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows high privileged attacker with ... Read more
Affected Products : transportation_management- EPSS Score: %0.10
- Published: Oct. 18, 2022
- Modified: Nov. 21, 2024
-
2.7
LOWCVE-2025-32205
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in piotnetdotcom Piotnet Forms. This issue affects Piotnet Forms: from n/a through 1.0.30.... Read more
Affected Products : piotnet_forms- Published: Apr. 10, 2025
- Modified: Apr. 11, 2025
- Vuln Type: Path Traversal
-
2.7
LOWCVE-2024-39353
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads before audit logging them which allows a high privileged attacker with access to the audit logs to read message contents.... Read more
- Published: Jul. 03, 2024
- Modified: Nov. 21, 2024
-
2.7
LOWCVE-2024-4195
Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests. ... Read more
Affected Products : mattermost_server- Published: Apr. 26, 2024
- Modified: May. 12, 2025
-
2.7
LOWCVE-2024-29733
Improper Certificate Validation vulnerability in Apache Airflow FTP Provider. The FTP hook lacks complete certificate validation in FTP_TLS connections, which can potentially be leveraged. Implementing proper certificate validation by passing context=ssl... Read more
Affected Products : apache-airflow-providers-ftp- Published: Apr. 21, 2024
- Modified: Jul. 10, 2025
-
2.7
LOWCVE-2023-27265
Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response. ... Read more
- EPSS Score: %0.15
- Published: Feb. 27, 2023
- Modified: Nov. 21, 2024
-
2.7
LOWCVE-2024-20905
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure SEC). Supported versions that are affected are Prior to 9.2.8.0. Easily exploitable vulnerability allows high privileged attacker with ... Read more
Affected Products : jd_edwards_enterpriseone_tools- Published: Feb. 17, 2024
- Modified: Mar. 27, 2025
-
2.7
LOWCVE-2025-50098
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network a... Read more
- Published: Jul. 15, 2025
- Modified: Jul. 17, 2025
- Vuln Type: Denial of Service
-
2.7
LOWCVE-2023-1084
An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A malicious project Maintainer may create a Project Access Token with Owner le... Read more
Affected Products : gitlab- EPSS Score: %1.02
- Published: Mar. 09, 2023
- Modified: Nov. 21, 2024
-
2.7
LOWCVE-2024-22123
Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbix_server will try to communicate with it as modem. As a result, log... Read more
Affected Products : zabbix- Published: Aug. 12, 2024
- Modified: Dec. 10, 2024
-
2.7
LOWCVE-2022-2459
An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for email invited members to join a project even after the Gro... Read more
Affected Products : gitlab- EPSS Score: %0.18
- Published: Aug. 05, 2022
- Modified: Nov. 21, 2024
-
2.7
LOWCVE-2025-30703
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via m... Read more
Affected Products : mysql_server- Published: Apr. 15, 2025
- Modified: Apr. 21, 2025
- Vuln Type: Authorization
-
2.7
LOWCVE-2022-27598
A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, Qu... Read more
Affected Products : quts_hero qts qutscloud qvp-41b_firmware qvp-63b_firmware qvp-85b_firmware qvp-21a_firmware qvp-41a_firmware qvp-63a_firmware qvp-85a_firmware +7 more products- EPSS Score: %0.26
- Published: Mar. 29, 2023
- Modified: Nov. 21, 2024
-
2.7
LOWCVE-2024-36464
When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected... Read more
Affected Products : zabbix- Published: Nov. 27, 2024
- Modified: Nov. 27, 2024