Latest CVE Feed
-
2.3
LOWCVE-2017-8118
The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak.... Read more
Affected Products : uma- EPSS Score: %0.03
- Published: Nov. 22, 2017
- Modified: Apr. 20, 2025
-
2.3
LOWCVE-2023-22313
Improper buffer restrictions in some Intel(R) QAT Library software before version 22.07.1 may allow a privileged user to potentially enable information disclosure via local access.... Read more
- EPSS Score: %0.04
- Published: Nov. 14, 2023
- Modified: Nov. 21, 2024
-
2.3
LOWCVE-2024-51745
Wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", "COM2", "LPT0", "LPT1", and so on, however it did not block access to the special devi... Read more
Affected Products : wasmtime- Published: Nov. 05, 2024
- Modified: Nov. 21, 2024
-
2.3
LOWCVE-2024-51756
The cap-std project is organized around the eponymous `cap-std` crate, and develops libraries to make it easy to write capability-based code. cap-std's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", ... Read more
Affected Products :- Published: Nov. 05, 2024
- Modified: Nov. 21, 2024
-
2.3
LOWCVE-2022-33699
Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.... Read more
- EPSS Score: %0.02
- Published: Jul. 12, 2022
- Modified: Nov. 21, 2024
-
2.3
LOWCVE-2025-22482
A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed t... Read more
Affected Products : qsync_central- Published: Jun. 06, 2025
- Modified: Jun. 09, 2025
- Vuln Type: Information Disclosure
-
2.3
LOWCVE-2024-36032
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix info leak when fetching fw build id Add the missing sanity checks and move the 255-byte build-id buffer off the stack to avoid leaking stack data through debugfs in ... Read more
Affected Products : linux_kernel- Published: May. 30, 2024
- Modified: Nov. 21, 2024
-
2.3
LOWCVE-2024-51758
Filament is a collection of full-stack components for accelerated Laravel development. All Filament features that interact with storage use the `default_filesystem_disk` config option. This allows the user to easily swap their storage driver to something ... Read more
Affected Products : filament- Published: Nov. 07, 2024
- Modified: Nov. 21, 2024
-
2.3
LOWCVE-2024-12056
The Client secret is not checked when using the OAuth Password grant type. By exploiting this vulnerability, an attacker could connect to a web server using a client application not explicitly authorized as part of the OAuth deployment. Exploitation requ... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024
-
2.3
LOWCVE-2017-10292
Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create User privilege with logon to ... Read more
Affected Products : database- EPSS Score: %0.07
- Published: Oct. 19, 2017
- Modified: Apr. 20, 2025
-
2.3
LOWCVE-2022-31223
Dell BIOS versions contain an Improper Neutralization of Null Byte vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by sending unexpected null bytes in order to read memory on the system.... Read more
- EPSS Score: %0.04
- Published: Sep. 12, 2022
- Modified: Nov. 21, 2024
-
2.3
LOWCVE-2024-23591
ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel... Read more
- Published: Feb. 16, 2024
- Modified: Jul. 23, 2025
-
2.3
LOWCVE-2021-47440
In the Linux kernel, the following vulnerability has been resolved: net: encx24j600: check error in devm_regmap_init_encx24j600 devm_regmap_init may return error which caused by like out of memory, this will results in null pointer dereference later whe... Read more
Affected Products : linux_kernel- Published: May. 22, 2024
- Modified: Apr. 02, 2025
-
2.3
LOWCVE-2024-28238
Directus is a real-time API and App dashboard for managing SQL database content. When reaching the /files page, a JWT is passed via GET request. Inclusion of session tokens in URLs poses a security risk as URLs are often logged in various places (e.g., we... Read more
Affected Products : directus- Published: Mar. 12, 2024
- Modified: Jan. 03, 2025
-
2.3
LOWCVE-2021-21726
Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illeg... Read more
Affected Products : zxone_9700_firmware zxone_8700_firmware zxone_19700_firmware zxone_9700 zxone_8700 zxone_19700- EPSS Score: %0.05
- Published: Mar. 12, 2021
- Modified: Nov. 21, 2024
-
2.3
LOWCVE-2021-22887
A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BI... Read more
Affected Products : psa-5000_firmware psa-7000_firmware x10slh-f_firmware x10sll-f_firmware x10slm-f_firmware x10sll\+f_firmware x10slm\+-f_firmware x10slm\+ln4f_firmware x10sla-f_firmware x10sl7-f_firmware +14 more products- EPSS Score: %0.06
- Published: Mar. 16, 2021
- Modified: Nov. 21, 2024
-
2.3
LOWCVE-2017-15307
Huawei Honor 8 smartphone with software versions earlier than FRD-L04C567B389 and earlier than FRD-L14C567B389 have a permission control vulnerability due to improper authorization configuration on specific device information.... Read more
- EPSS Score: %0.02
- Published: Dec. 22, 2017
- Modified: Apr. 20, 2025
-
2.3
LOWCVE-2025-53029
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracl... Read more
Affected Products : vm_virtualbox- Published: Jul. 15, 2025
- Modified: Jul. 16, 2025
- Vuln Type: Information Disclosure
-
2.3
LOWCVE-2025-24369
Anubis is a tool that allows administrators to protect bots against AI scrapers through bot-checking heuristics and a proof-of-work challenge to discourage scraping from multiple IP addresses. Anubis allows attackers to bypass the bot protection by reques... Read more
Affected Products :- Published: Jan. 27, 2025
- Modified: Jan. 27, 2025
- Vuln Type: Authentication
-
2.3
LOWCVE-2025-3864
Hackney fails to properly release HTTP connections to the pool after handling 307 Temporary Redirect responses. Remote attackers can exploit this to exhaust connection pools, causing denial of service in applications using the library. Fix for this issue ... Read more
Affected Products :- Published: May. 28, 2025
- Modified: May. 28, 2025
- Vuln Type: Denial of Service