Latest CVE Feed
-
2.4
LOWCVE-2016-7765
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Clipboard" component, which allows physically proximate attackers to obtain sensitive information in the lockscreen state by viewing clipboard contents... Read more
Affected Products : iphone_os- EPSS Score: %0.06
- Published: Feb. 20, 2017
- Modified: Apr. 20, 2025
-
2.4
LOWCVE-2017-7139
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Phone" component. It allows attackers to obtain sensitive information by leveraging a timing bug to read a secure-content screenshot that occurred during... Read more
Affected Products : iphone_os- EPSS Score: %0.06
- Published: Oct. 23, 2017
- Modified: Apr. 20, 2025
-
2.4
LOWCVE-2016-1852
Siri in Apple iOS before 9.3.2 does not block data detectors within results in the lock-screen state, which allows physically proximate attackers to obtain sensitive contact and photo information via unspecified vectors.... Read more
Affected Products : iphone_os- EPSS Score: %0.07
- Published: May. 20, 2016
- Modified: Apr. 12, 2025
-
2.4
LOWCVE-2016-7653
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Media Player" component, which allows physically proximate attackers to obtain sensitive photo and contact information by leveraging lockscreen access.... Read more
Affected Products : iphone_os- EPSS Score: %0.07
- Published: Feb. 20, 2017
- Modified: Apr. 20, 2025
-
2.4
LOWCVE-2017-13805
An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to obtain sensitive information via a Siri request for private-content notifications that sho... Read more
Affected Products : iphone_os- EPSS Score: %0.06
- Published: Nov. 13, 2017
- Modified: Apr. 20, 2025
-
2.4
LOWCVE-2024-45284
An authenticated attacker with high privilege can use functions of SLCM transactions to which access should be restricted. This may result in an escalation of privileges causing low impact on integrity of the application.... Read more
Affected Products :- Published: Sep. 10, 2024
- Modified: Sep. 10, 2024
-
2.4
LOWCVE-2023-4624
Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08.... Read more
Affected Products : bookstack- EPSS Score: %0.26
- Published: Aug. 30, 2023
- Modified: Nov. 21, 2024
-
2.4
LOWCVE-2022-36876
Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication.... Read more
- EPSS Score: %0.14
- Published: Sep. 09, 2022
- Modified: Nov. 21, 2024
-
2.4
LOWCVE-2025-1421
Data provided in a request performed to the server while activating a new device are put in a database. Other high privileged users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker c... Read more
Affected Products :- Published: May. 21, 2025
- Modified: May. 21, 2025
-
2.4
LOWCVE-2024-48909
SpiceDB is an open source database for scalably storing and querying fine-grained authorization data. Starting in version 1.35.0 and prior to version 1.37.1, clients that have enabled `LookupResources2` and have caveats in the evaluation path for their re... Read more
Affected Products : spicedb- Published: Oct. 14, 2024
- Modified: Oct. 17, 2024
-
2.4
LOWCVE-2024-20855
Improper access control vulnerability in multitasking framework prior to SMR May-2024 Release 1 allows physical attackers to access unlocked screen for a while.... Read more
- Published: May. 07, 2024
- Modified: Feb. 07, 2025
-
2.4
LOWCVE-2022-0005
Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access.... Read more
- EPSS Score: %0.04
- Published: May. 12, 2022
- Modified: May. 05, 2025
-
2.4
LOWCVE-2025-49546
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Access Control vulnerability that could lead to a partial application denial-of-service. A high-privileged attacker could exploit this vulnerability to partially disrupt ... Read more
Affected Products : coldfusion- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Authorization
-
2.4
LOWCVE-2024-45687
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in Payara Platform Payara Server (Grizzly, REST Management Interface modules), Payara Platform Payara Micro (Grizzly modules) allows Manipulating S... Read more
Affected Products :- Published: Jan. 21, 2025
- Modified: Jan. 21, 2025
- Vuln Type: Misconfiguration
-
2.4
LOWCVE-2024-40822
This issue was addressed by restricting options offered on a locked device. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9. An attacker with physical access to a device may be able to access ... Read more
- Published: Jul. 29, 2024
- Modified: Mar. 27, 2025
-
2.4
LOWCVE-2025-52687
Successful exploitation of the vulnerability could allow an attacker with administrator credentials for the access point to inject malicious JavaScript into the payload of web traffics, potentially leading to session hijacking and denial-of-service (DoS).... Read more
Affected Products :- Published: Jul. 16, 2025
- Modified: Jul. 16, 2025
- Vuln Type: Injection
-
2.4
LOWCVE-2020-3859
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. A person with physical access to an iOS device may be able to access contacts from the lock screen.... Read more
- EPSS Score: %0.15
- Published: Feb. 27, 2020
- Modified: Nov. 21, 2024
-
2.4
LOWCVE-2017-18673
An issue was discovered on Samsung mobile devices with N(7.x) software. An attacker can disable the Location service on a locked device, making it impossible for the rightful owner to find a stolen device. The Samsung ID is SVE-2017-8524 (May 2017).... Read more
Affected Products : android- EPSS Score: %0.02
- Published: Apr. 07, 2020
- Modified: Nov. 21, 2024
-
2.4
LOWCVE-2022-31224
Dell BIOS versions contain an Improper Protection Against Voltage and Clock Glitches vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by triggering a fault condition in order to change the behavior... Read more
- EPSS Score: %0.11
- Published: Sep. 12, 2022
- Modified: Nov. 21, 2024
-
2.4
LOWCVE-2019-4265
IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have device root detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160198.... Read more
Affected Products : maximo_anywhere- EPSS Score: %0.05
- Published: Oct. 10, 2019
- Modified: Nov. 21, 2024