Latest CVE Feed
-
2.2
LOWCVE-2025-50100
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Difficult to exploit vulnerability allows high privileged attacker with ne... Read more
- Published: Jul. 15, 2025
- Modified: Jul. 17, 2025
- Vuln Type: Denial of Service
-
2.2
LOWCVE-2024-21243
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Telemetry). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network acces... Read more
- Published: Oct. 15, 2024
- Modified: Oct. 16, 2024
-
2.2
LOWCVE-2025-47823
Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have a hardcoded password for a system.... Read more
Affected Products :- Published: Jun. 27, 2025
- Modified: Jun. 30, 2025
- Vuln Type: Misconfiguration
-
2.2
LOWCVE-2025-47821
Flock Safety Gunshot Detection devices before 1.3 have a hardcoded password for a system.... Read more
Affected Products :- Published: Jun. 27, 2025
- Modified: Jun. 30, 2025
- Vuln Type: Authentication
-
2.2
LOWCVE-2025-47818
Flock Safety Gunshot Detection devices before 1.3 have a hard-coded password for a connection.... Read more
Affected Products :- Published: Jun. 27, 2025
- Modified: Jun. 30, 2025
- Vuln Type: Misconfiguration
-
2.2
LOWCVE-2025-27538
Mattermost versions 10.5.x <= 10.5.1, 9.11.x <= 9.11.9 fail to enforce MFA checks in PUT /api/v4/users/user-id/mfa when the requesting user differs from the target user ID, which allows users with edit_other_users permission to activate or deactivate MFA ... Read more
Affected Products : mattermost_server- Published: Apr. 16, 2025
- Modified: Apr. 16, 2025
- Vuln Type: Authentication
-
2.2
LOWCVE-2017-1000401
The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secrets, <f:password/>, supports form validation (e.g. for API keys). The form validation AJAX requests were sent via GET, which could result in secrets being lo... Read more
Affected Products : jenkins- EPSS Score: %0.03
- Published: Jan. 26, 2018
- Modified: Nov. 21, 2024
-
2.2
LOWCVE-2024-29206
An Improper Access Control could allow a malicious actor authenticated in the API to enable Android Debug Bridge (ADB) and make unsupported changes to the system. Affected Products: UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connec... Read more
Affected Products :- Published: May. 07, 2024
- Modified: Nov. 21, 2024
-
2.2
LOWCVE-2025-40571
A vulnerability has been identified in Mendix OIDC SSO (Mendix 10 compatible) (All versions < V4.1.0), Mendix OIDC SSO (Mendix 10.12 compatible) (All versions < V4.0.1), Mendix OIDC SSO (Mendix 9 compatible) (All versions). The Mendix OIDC SSO module gran... Read more
Affected Products :- Published: May. 13, 2025
- Modified: Jun. 12, 2025
- Vuln Type: Authorization
-
2.2
LOWCVE-2024-53564
A vulnerability was discovered in FreePBX 17.0.19.17. It does not verify the type of uploaded (valid FreePBX module) files, allowing high-privilege administrators to insert unwanted files. NOTE: the Supplier's position is that there is no risk beyond what... Read more
Affected Products : freepbx- Published: Dec. 02, 2024
- Modified: Jan. 09, 2025
-
2.2
LOWCVE-2024-29208
An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password. Affected Products: UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV... Read more
Affected Products :- Published: May. 07, 2024
- Modified: Nov. 21, 2024
-
2.1
LOWCVE-2001-0642
Directory traversal vulnerability in IncrediMail version 1400185 and earlier allows local users to overwrite files on the local hard drive by appending .. (dot dot) sequences to filenames listed in the content.ini file.... Read more
Affected Products : incredimail- EPSS Score: %0.12
- Published: Sep. 20, 2001
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2006-0379
FreeBSD kernel 5.4-STABLE and 6.0 does not completely initialize a buffer before making it available to userland, which could allow local users to read portions of kernel memory.... Read more
Affected Products : freebsd- EPSS Score: %0.07
- Published: Jan. 25, 2006
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2008-0663
Novell Challenge Response Client (LCM) 2.7.5 and earlier, as used with Novell Client for Windows 4.91 SP4, allows users with physical access to a locked system to obtain contents of the clipboard by pasting the contents into the Challenge Question field.... Read more
- EPSS Score: %0.08
- Published: Feb. 08, 2008
- Modified: Apr. 09, 2025
-
2.1
LOWCVE-2015-1005
IniNet embeddedWebServer (aka eWebServer) before 2.02 for Windows CE uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information via unspecified vectors.... Read more
Affected Products : scada_web_server- EPSS Score: %0.06
- Published: Oct. 25, 2015
- Modified: Apr. 12, 2025
-
2.1
LOWCVE-2010-2403
Unspecified vulnerability in the PeopleSoft Enterprise Campus Solutions component in Oracle PeopleSoft and JDEdwards Suite Campus Solutions 9.0 Bundle #17 allows remote authenticated users to affect confidentiality via unknown vectors.... Read more
Affected Products : peoplesoft_and_jdedwards_suite_campus_solutions- EPSS Score: %0.17
- Published: Jul. 13, 2010
- Modified: Apr. 11, 2025
-
2.1
LOWCVE-2001-1098
Cisco PIX firewall manager (PFM) 4.3(2)g logs the enable password in plaintext in the pfm.log file, which could allow local users to obtain the password by reading the file.... Read more
Affected Products : pix_firewall_manager- EPSS Score: %0.11
- Published: Oct. 10, 2001
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2015-1598
The Siemens SPCanywhere application for Android does not properly store application passwords, which allows physically proximate attackers to obtain sensitive information by examining the device filesystem.... Read more
Affected Products : spcanywhere- EPSS Score: %0.06
- Published: Mar. 07, 2015
- Modified: Apr. 12, 2025
-
2.1
LOWCVE-2012-5538
Cross-site scripting (XSS) vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows remote authenticated users to inject arbitrary web script... Read more
- EPSS Score: %0.20
- Published: Dec. 03, 2012
- Modified: Apr. 11, 2025
-
2.1
LOWCVE-2001-0219
Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11 and earlier allows local users to cause a denial of service.... Read more
Affected Products : hp-ux- EPSS Score: %0.10
- Published: Mar. 26, 2001
- Modified: Apr. 03, 2025