Latest CVE Feed
-
2.6
LOWCVE-2013-2037
httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attack... Read more
- EPSS Score: %0.49
- Published: Jan. 18, 2014
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2015-4744
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 allows remote attackers... Read more
Affected Products : fusion_middleware- EPSS Score: %0.29
- Published: Jul. 16, 2015
- Modified: Apr. 12, 2025
-
2.6
LOWCVE-2013-3571
socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based o... Read more
Affected Products : socat- EPSS Score: %0.82
- Published: May. 08, 2014
- Modified: Apr. 12, 2025
-
2.6
LOWCVE-2015-8035
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.... Read more
- EPSS Score: %1.05
- Published: Nov. 18, 2015
- Modified: Apr. 12, 2025
-
2.6
LOWCVE-2006-5793
The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service (crash) via malformed sPLT chunks that tri... Read more
Affected Products : libpng- EPSS Score: %2.33
- Published: Nov. 17, 2006
- Modified: Apr. 09, 2025
-
2.6
LOWCVE-2003-0282
Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence.... Read more
- EPSS Score: %12.23
- Published: Jun. 16, 2003
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2002-1233
A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on te... Read more
Affected Products : http_server- EPSS Score: %0.11
- Published: Nov. 04, 2002
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2006-4807
loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted TGA image that triggers an out-of-bounds memory read, a different issue than CVE-2006-4808.... Read more
Affected Products : imlib2- EPSS Score: %2.14
- Published: Nov. 07, 2006
- Modified: Apr. 09, 2025
-
2.6
LOWCVE-2004-0124
The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."... Read more
- EPSS Score: %36.36
- Published: Jun. 01, 2004
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2006-5229
OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than... Read more
- EPSS Score: %38.37
- Published: Oct. 10, 2006
- Modified: Apr. 09, 2025
-
2.6
LOWCVE-2006-5455
Cross-site request forgery (CSRF) vulnerability in editversions.cgi in Bugzilla before 2.22.1 and 2.23.x before 2.23.3 allows user-assisted remote attackers to create, modify, or delete arbitrary bug reports via a crafted URL.... Read more
Affected Products : bugzilla- EPSS Score: %0.91
- Published: Oct. 23, 2006
- Modified: Apr. 09, 2025
-
2.6
LOWCVE-2025-47794
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1, an attacker on a multi-user system m... Read more
Affected Products : notes- Published: May. 16, 2025
- Modified: May. 19, 2025
- Vuln Type: Information Disclosure
-
2.6
LOWCVE-2025-25985
An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 allows a physically proximate attacker to execute arbitrary code via the /mnt/mtd/mvconf/wifi.ini and /mnt/mtd/mvconf/user_info.ini components.... Read more
- Published: Apr. 18, 2025
- Modified: Jun. 25, 2025
- Vuln Type: Authentication
-
2.6
LOWCVE-2012-1693
Unspecified vulnerability in Oracle SPARC Enterprise M Series Servers XCP 1110 allows remote attackers to affect availability, related to XSCF Control Package (XCP).... Read more
- EPSS Score: %0.92
- Published: May. 03, 2012
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2006-4914
Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote attackers to read arbitrary files via ".." sequences in the ze_langue_02 cookie, as demonstrated by using the choix_lng parameter to choix_langue.php to indirectly set the cookie, then acc... Read more
Affected Products : a.l-pifou- EPSS Score: %0.84
- Published: Sep. 21, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2024-37181
Time-of-check time-of-use race condition in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable information disclosure via adjacent access.... Read more
Affected Products :- Published: Jan. 16, 2025
- Modified: Jan. 16, 2025
- Vuln Type: Race Condition
-
2.6
LOWCVE-2013-4504
The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL.... Read more
- EPSS Score: %0.28
- Published: May. 13, 2014
- Modified: Aug. 27, 2025
-
2.6
LOWCVE-2000-0501
Race condition in MDaemon 2.8.5.0 POP server allows local users to cause a denial of service by entering a UIDL command and quickly exiting the server.... Read more
Affected Products : mdaemon- EPSS Score: %2.01
- Published: Jun. 16, 2000
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2005-3275
The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in Linux kernel 2.6 before 2.6.13 and 2.4 before 2.4.32-rc1 incorrectly declares a variable to be static, which allows remote attackers to cause a denial of service (memory corruption) by caus... Read more
- EPSS Score: %8.97
- Published: Oct. 21, 2005
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2008-3270
yum-rhn-plugin in Red Hat Enterprise Linux (RHEL) 5 does not verify the SSL certificate for a file download from a Red Hat Network (RHN) server, which makes it easier for remote man-in-the-middle attackers to cause a denial of service (loss of updates) or... Read more
Affected Products : enterprise_linux- EPSS Score: %0.30
- Published: Aug. 18, 2008
- Modified: Apr. 09, 2025