Latest CVE Feed
-
3.1
LOWCVE-2024-39458
When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of se... Read more
Affected Products :- Published: Jun. 26, 2024
- Modified: Nov. 21, 2024
-
3.1
LOWCVE-2024-2032
A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerabili... Read more
Affected Products : zenml- Published: Jun. 06, 2024
- Modified: Nov. 21, 2024
-
3.1
LOWCVE-2024-45120
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to alt... Read more
- Published: Oct. 10, 2024
- Modified: Dec. 12, 2024
-
3.1
LOWCVE-2017-3539
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticat... Read more
Affected Products : debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus enterprise_linux_server_tus jdk jre satellite +1 more products- Published: Apr. 24, 2017
- Modified: Apr. 20, 2025
-
3.1
LOWCVE-2017-2739
The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. A man in the middle (MITM) can tamper with the upgrade package of Huawei Vmall APP, and to implant the malicious applications.... Read more
Affected Products : vmall- Published: Nov. 22, 2017
- Modified: Apr. 20, 2025
-
3.1
LOWCVE-2024-1221
This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. The attacker must carry out some reconnaissance to gain knowledge of a system token. This CVE only ... Read more
- Published: Mar. 14, 2024
- Modified: Jan. 23, 2025
-
3.1
LOWCVE-2024-21003
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exp... Read more
- Published: Apr. 16, 2024
- Modified: Mar. 29, 2025
-
3.1
LOWCVE-2017-17282
SCCP (Signalling Connection Control Part) module in Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006... Read more
Affected Products : dp300_firmware te60_firmware rp200_firmware te30_firmware te40_firmware te50_firmware te30 te40 te50 te60 +2 more products- Published: Mar. 09, 2018
- Modified: Nov. 21, 2024
-
3.1
LOWCVE-2016-5166
The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote atta... Read more
- Published: Sep. 11, 2016
- Modified: Apr. 12, 2025
-
3.1
LOWCVE-2019-15126
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of ... Read more
Affected Products : mac_os_x iphone_os ipados simatic_rf350m_firmware simatic_rf650m_firmware simotics_connect_400_firmware bcm4389_firmware bcm43012_firmware bcm43013_firmware bcm4375_firmware +8 more products- Published: Feb. 05, 2020
- Modified: Nov. 21, 2024
-
3.1
LOWCVE-2023-34414
The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locati... Read more
- Published: Jun. 19, 2023
- Modified: Nov. 21, 2024
-
3.1
LOWCVE-2022-4923
Inappropriate implementation in Omnibox in Google Chrome prior to 99.0.4844.51 allowed an attacker in a privileged network position to perform a man-in-the-middle attack via malicious network traffic. (Chromium security severity: Low)... Read more
Affected Products : chrome- Published: Jul. 29, 2023
- Modified: Nov. 21, 2024
-
3.1
LOWCVE-2016-7199
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the Same Origin Policy and obtain sensitive window-state information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."... Read more
- Published: Nov. 10, 2016
- Modified: Apr. 12, 2025
-
3.1
LOWCVE-2023-38158
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability... Read more
Affected Products : edge_chromium- Published: Aug. 21, 2023
- Modified: Feb. 28, 2025
-
3.1
LOWCVE-2021-22898
curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV... Read more
Affected Products : fedora debian_linux curl communications_cloud_native_core_network_slice_selection_function communications_cloud_native_core_network_repository_function sinec_infrastructure_network_services essbase universal_forwarder communications_cloud_native_core_network_function_cloud_native_environment communications_cloud_native_core_binding_support_function +2 more products- Published: Jun. 11, 2021
- Modified: Nov. 21, 2024
-
3.1
LOWCVE-2024-42194
An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by crafting a specific REST API call.... Read more
Affected Products :- Published: Dec. 17, 2024
- Modified: Dec. 17, 2024
-
3.1
LOWCVE-2024-39919
@jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. The package includes an `ALLOW_LIST` where the host can specify which services the us... Read more
Affected Products :- Published: Jul. 15, 2024
- Modified: Nov. 21, 2024
-
3.1
LOWCVE-2023-22128
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via rquota to compromise Or... Read more
- Published: Oct. 17, 2023
- Modified: Nov. 21, 2024
-
3.1
LOWCVE-2018-2790
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthent... Read more
- Published: Apr. 19, 2018
- Modified: May. 06, 2025
-
3.1
LOWCVE-2023-22048
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple p... Read more
Affected Products : fedora active_iq_unified_manager mysql oncommand_insight oncommand_workflow_automation snapcenter mysql_server- Published: Jul. 18, 2023
- Modified: Nov. 21, 2024