Latest CVE Feed
-
2.6
LOWCVE-2025-0251
HCL IEM is affected by a concurrent login vulnerability. The application allows multiple concurrent sessions using the same user credentials, which may introduce security risks.... Read more
Affected Products :- Published: Jul. 25, 2025
- Modified: Jul. 25, 2025
- Vuln Type: Authentication
-
2.6
LOWCVE-2014-9507
MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS.... Read more
Affected Products : mediawiki- EPSS Score: %0.27
- Published: Jan. 04, 2015
- Modified: Apr. 12, 2025
-
2.6
LOWCVE-2025-32435
Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access secrets that are accessible by the hydra user/group. This should not affect the signing keys, that are owned by the hydra... Read more
Affected Products :- Published: Apr. 15, 2025
- Modified: Apr. 16, 2025
- Vuln Type: Authorization
-
2.6
LOWCVE-1999-0793
Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet.... Read more
Affected Products : internet_explorer- EPSS Score: %21.09
- Published: Nov. 17, 1999
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2011-1068
Microsoft Windows Azure Software Development Kit (SDK) 1.3.x before 1.3.20121.1237, when Full IIS and a Web Role are used with an ASP.NET application, does not properly support the use of cookies for maintaining state, which allows remote attackers to obt... Read more
Affected Products : windows_azure_sdk- EPSS Score: %15.95
- Published: Feb. 23, 2011
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2015-4346
Cross-site scripting (XSS) vulnerability in the SMS Framework module 6.x-1.x before 6.x-1.1 for Drupal, when the "Send to phone" submodule is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to messag... Read more
Affected Products : sms_framework- EPSS Score: %0.28
- Published: Jun. 15, 2015
- Modified: Apr. 12, 2025
-
2.6
LOWCVE-2008-0266
Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. NOTE: either the old password must be known, or the attacker mu... Read more
Affected Products : eticket- EPSS Score: %0.40
- Published: Jan. 15, 2008
- Modified: Apr. 09, 2025
-
2.6
LOWCVE-2006-3654
Buffer overflow in wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote attackers to cause a denial of service (CPU consumption or crash) via crafted Excel files.... Read more
Affected Products : works- EPSS Score: %39.58
- Published: Jul. 18, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2006-2997
Cross-site scripting (XSS) vulnerability in ZMS 2.9 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the raw parameter in the search field.... Read more
Affected Products : zms- EPSS Score: %0.61
- Published: Jun. 13, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2022-31017
Zulip is an open-source team collaboration tool. Versions 2.1.0 through and including 5.2 are vulnerable to a logic error. A stream configured as private with protected history, where new subscribers should not be allowed to see messages sent before they ... Read more
- EPSS Score: %0.17
- Published: Jun. 25, 2022
- Modified: Nov. 21, 2024
-
2.6
LOWCVE-2014-9433
Multiple cross-site scripting (XSS) vulnerabilities in cms/front_content.php in Contenido before 4.9.6, when advanced mod rewrite (AMR) is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) idart, (2) lang, or (3) idcat pa... Read more
Affected Products : contendio- EPSS Score: %0.42
- Published: Dec. 31, 2014
- Modified: Apr. 12, 2025
-
2.6
LOWCVE-2024-52513
Nextcloud Server is a self hosted personal cloud system. After receiving a "Files drop" or "Password protected" share link a malicious user was able to download attachments that are referenced in Text files without providing the password. It is recommende... Read more
Affected Products : notes- Published: Nov. 15, 2024
- Modified: Nov. 18, 2024
-
2.6
LOWCVE-2015-5514
Cross-site scripting (XSS) vulnerability in the Migrate module 7.x-2.x before 7.x-2.8 for Drupal, when the migrate_ui submodule is enabled, allows user-assisted remote attackers to inject arbitrary web script or HTML via a destination field label.... Read more
Affected Products : migrate- EPSS Score: %0.36
- Published: Aug. 18, 2015
- Modified: Apr. 12, 2025
-
2.6
LOWCVE-1999-0870
Internet Explorer 4.01 allows remote attackers to read arbitrary files by pasting a file name into the file upload control, aka untrusted scripted paste.... Read more
Affected Products : internet_explorer- EPSS Score: %9.12
- Published: Oct. 01, 1998
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-1999-0861
Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext.... Read more
Affected Products : internet_information_server site_server site_server_commerce commercial_internet_system- EPSS Score: %5.46
- Published: Aug. 11, 1999
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-1999-0827
By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.... Read more
- EPSS Score: %0.88
- Published: Nov. 01, 1999
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2001-0273
pgp4pine Pine/PGP interface version 1.75-6 does not properly check to see if a public key has expired when obtaining the keys via Gnu Privacy Guard (GnuPG), which causes the message to be sent in cleartext.... Read more
Affected Products : pgp4pine- EPSS Score: %0.59
- Published: May. 03, 2001
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2012-2710
Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x before 6.x-1.1 for Drupal, when "Append the content title to the end of the breadcrumb" is enabled, allows remote attackers to inject arbitrary web script or HTML via the content title in ... Read more
- EPSS Score: %0.36
- Published: Jun. 27, 2012
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2008-5944
Cross-site scripting (XSS) vulnerability in modules.php in NavBoard 16 (2.6.0) allows remote attackers to inject arbitrary web script or HTML via the module parameter.... Read more
Affected Products : navboard- EPSS Score: %1.35
- Published: Jan. 22, 2009
- Modified: Apr. 09, 2025
-
2.6
LOWCVE-2006-0760
LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP... Read more
Affected Products : lighttpd- EPSS Score: %0.44
- Published: Feb. 18, 2006
- Modified: Apr. 03, 2025