Latest CVE Feed
-
3.1
LOWCVE-2020-11767
Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. If there is a TCP connection (negotiated with SNI over HTTPS) to *.example.com, a request for a domain concurrently configured explicitly (e.g., abc.example.com) is sent to the server(s)... Read more
- Published: Apr. 15, 2020
- Modified: Nov. 21, 2024
-
3.1
LOWCVE-2024-28344
An Open Redirect vulnerability was found in Sipwise C5 NGCP Dashboard below mr11.5.1. The Open Redirect vulnerability allows attackers to control the "back" parameter in the URL through a double encoded URL.... Read more
Affected Products : next_generation_communication_platform- Published: Apr. 10, 2024
- Modified: Jun. 17, 2025
-
3.1
LOWCVE-2019-10397
Jenkins Aqua Security Serverless Scanner Plugin 1.0.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure.... Read more
Affected Products : aqua_security_severless_scanner- Published: Sep. 12, 2019
- Modified: Nov. 21, 2024
-
3.1
LOWCVE-2020-14796
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthentica... Read more
Affected Products : debian_linux leap active_iq_unified_manager hci_management_node solidfire oncommand_insight oncommand_unified_manager jdk jre e-series_santricity_os_controller +8 more products- Published: Oct. 21, 2020
- Modified: May. 27, 2025
-
3.1
LOWCVE-2018-0878
Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an infor... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016- Published: Mar. 14, 2018
- Modified: Apr. 04, 2025
-
3.1
LOWCVE-2017-11791
ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Serve... Read more
- Published: Nov. 15, 2017
- Modified: Apr. 20, 2025
-
3.1
LOWCVE-2025-41423
Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to properly validate permissions for the API endpoint /plugins/playbooks/api/v0/signal/keywords/ignore-thread, allowing any user or attacker to delete posts containing actions ... Read more
Affected Products : mattermost_server- Published: Apr. 24, 2025
- Modified: Apr. 29, 2025
- Vuln Type: Authorization
-
3.1
LOWCVE-2025-52463
Cross-site request forgery vulnerability exists in Active! mail 6 BuildInfo: 6.60.06008562 and earlier. If this vulnerability is exploited, unintended E-mail may be sent when a user accesses a specially crafted URL while being logged in.... Read more
Affected Products : active\!_mail- Published: Jul. 02, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Cross-Site Request Forgery
-
3.1
LOWCVE-2023-6068
On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL’s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and som... Read more
Affected Products : mos- Published: Mar. 04, 2024
- Modified: Nov. 21, 2024
-
3.1
LOWCVE-2018-8481
An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server... Read more
- Published: Oct. 10, 2018
- Modified: Nov. 21, 2024
-
3.1
LOWCVE-2023-42119
Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. Th... Read more
Affected Products : exim- Published: May. 03, 2024
- Modified: Aug. 07, 2025
-
3.1
LOWCVE-2018-8482
An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server... Read more
- Published: Oct. 10, 2018
- Modified: Nov. 21, 2024
-
3.1
LOWCVE-2017-0042
Windows Media Player in Microsoft Windows 8.1; Windows Server 2012 R2; Windows RT 8.1; Windows 7 SP1; Windows 2008 SP2 and R2 SP1, Windows Server 2016; Windows Vista SP2; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive info... Read more
- Published: Mar. 17, 2017
- Modified: Apr. 20, 2025
-
3.1
LOWCVE-2018-8864
In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger fal... Read more
Affected Products : hpss16_firmware hpss32_firmware mhpss_firmware alert4000_firmware hpss16 hpss32 mhpss alert4000- Published: May. 25, 2018
- Modified: Nov. 21, 2024
-
3.1
LOWCVE-2019-2493
Vulnerability in the PeopleSoft Enterprise CS Campus Community component of Oracle PeopleSoft Products (subcomponent: Frameworks). Supported versions that are affected are 9.0 and 9.2. Difficult to exploit vulnerability allows unauthenticated attacker wit... Read more
- Published: Jan. 16, 2019
- Modified: Nov. 21, 2024
-
3.1
LOWCVE-2019-2422
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with... Read more
- Published: Jan. 16, 2019
- Modified: Nov. 21, 2024
-
3.1
LOWCVE-2023-22006
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise ... Read more
- Published: Jul. 18, 2023
- Modified: Nov. 21, 2024
-
3.1
LOWCVE-2009-3552
In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterpr... Read more
Affected Products : enterprise_virtualization_manager- Published: Nov. 09, 2019
- Modified: Nov. 21, 2024
-
3.1
LOWCVE-2017-10345
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploi... Read more
- Published: Oct. 19, 2017
- Modified: Apr. 20, 2025
-
3.1
LOWCVE-2023-4579
Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine.... Read more
Affected Products : firefox- Published: Sep. 11, 2023
- Modified: Nov. 21, 2024