Latest CVE Feed
-
3.1
LOWCVE-2025-24839
Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to prevent Wrangler posts from triggering AI responses. This vulnerability allows users without access to the AI bot to activate it by attaching the activate_ai override propert... Read more
Affected Products : mattermost_server- Published: Apr. 16, 2025
- Modified: Apr. 16, 2025
- Vuln Type: Authorization
-
3.1
LOWCVE-2016-3276
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to conduct content-spoofing attacks via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability."... Read more
Affected Products : internet_explorer- Published: Jul. 13, 2016
- Modified: Apr. 12, 2025
-
3.1
LOWCVE-2020-14798
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthentica... Read more
Affected Products : debian_linux leap active_iq_unified_manager hci_management_node solidfire oncommand_insight oncommand_unified_manager jdk jre e-series_santricity_os_controller +8 more products- Published: Oct. 21, 2020
- Modified: May. 27, 2025
-
3.1
LOWCVE-2017-10193
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticat... Read more
- Published: Aug. 08, 2017
- Modified: Apr. 20, 2025
-
3.1
LOWCVE-2021-35588
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vuln... Read more
- Published: Oct. 20, 2021
- Modified: Nov. 21, 2024
-
3.1
LOWCVE-2021-24000
A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements (such as <input type="file">) this could have led... Read more
Affected Products : firefox- Published: Jun. 24, 2021
- Modified: Nov. 21, 2024
-
3.1
LOWCVE-2024-36452
Cross-site request forgery vulnerability exists in ajaxterm module of Webmin versions prior to 2.003. If this vulnerability is exploited, unintended operations may be performed when a user views a malicious page while logged in. As a result, data within a... Read more
Affected Products : webmin- Published: Jul. 10, 2024
- Modified: Nov. 21, 2024
-
3.1
LOWCVE-2025-6526
A vulnerability, which was classified as problematic, has been found in 70mai M300 up to 20250611. This issue affects some unknown processing of the component HTTP Server. The manipulation leads to insufficiently protected credentials. The attack can only... Read more
Affected Products :- Published: Jun. 23, 2025
- Modified: Jun. 26, 2025
- Vuln Type: Authentication
-
3.1
LOWCVE-2025-1083
A vulnerability classified as problematic was found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected by this vulnerability is an unknown functionality of the component CORS Handler. The manipulation leads to permissive cross-domain policy with untrusted do... Read more
Affected Products :- Published: Feb. 06, 2025
- Modified: Feb. 06, 2025
-
3.1
LOWCVE-2025-5031
A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the component wxapkg File Decompression Handler. The manipulation leads to resource consumption. The attack may be... Read more
Affected Products :- Published: May. 21, 2025
- Modified: May. 21, 2025
- Vuln Type: Denial of Service
-
3.1
LOWCVE-2024-8042
Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an emp... Read more
Affected Products : insight_platform- Published: Sep. 09, 2024
- Modified: Sep. 17, 2024
-
3.1
LOWCVE-2023-3584
Mattermost fails to properly check the authorization of POST /api/v4/teams when passing a team override scheme ID in the request, allowing an authenticated attacker with knowledge of a Team Override Scheme ID to create a new team with said team override s... Read more
- Published: Jul. 17, 2023
- Modified: Nov. 21, 2024
-
3.1
LOWCVE-2024-53701
Multiple FCNT Android devices provide the original security features such as "privacy mode" where arbitrary applications can be set not to be displayed, etc. Under certain conditions, and when an attacker can directly operate the device which its screen ... Read more
Affected Products :- Published: Nov. 29, 2024
- Modified: Nov. 29, 2024
-
3.1
LOWCVE-2021-22898
curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV... Read more
Affected Products : fedora debian_linux curl communications_cloud_native_core_network_slice_selection_function communications_cloud_native_core_network_repository_function sinec_infrastructure_network_services essbase universal_forwarder communications_cloud_native_core_network_function_cloud_native_environment communications_cloud_native_core_binding_support_function +2 more products- Published: Jun. 11, 2021
- Modified: Nov. 21, 2024
-
3.1
LOWCVE-2017-0042
Windows Media Player in Microsoft Windows 8.1; Windows Server 2012 R2; Windows RT 8.1; Windows 7 SP1; Windows 2008 SP2 and R2 SP1, Windows Server 2016; Windows Vista SP2; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive info... Read more
- Published: Mar. 17, 2017
- Modified: Apr. 20, 2025
-
3.1
LOWCVE-2016-7227
The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of local files via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."... Read more
- Published: Nov. 10, 2016
- Modified: Apr. 12, 2025
-
3.1
LOWCVE-2024-39919
@jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. The package includes an `ALLOW_LIST` where the host can specify which services the us... Read more
Affected Products :- Published: Jul. 15, 2024
- Modified: Nov. 21, 2024
-
3.1
LOWCVE-2019-15126
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of ... Read more
Affected Products : mac_os_x iphone_os ipados simatic_rf350m_firmware simatic_rf650m_firmware simotics_connect_400_firmware bcm4389_firmware bcm43012_firmware bcm43013_firmware bcm4375_firmware +8 more products- Published: Feb. 05, 2020
- Modified: Nov. 21, 2024
-
3.1
LOWCVE-2023-47634
Decidim is a participatory democracy framework. Starting in version 0.10.0 and prior to versions 0.26.9, 0.27.5, and 0.28.0, a race condition in the endorsement of resources (for instance, a proposal) allows a user to make more than once endorsement. To e... Read more
Affected Products : decidim- Published: Feb. 29, 2024
- Modified: Feb. 14, 2025
-
3.1
LOWCVE-2025-23191
Cached values belonging to the SAP OData endpoint in SAP Fiori for SAP ERP could be poisoned by modifying the Host header value in an HTTP GET request. An attacker could alter the `atom:link` values in the returned metadata redirecting them from the SAP s... Read more
Affected Products :- Published: Feb. 11, 2025
- Modified: Feb. 11, 2025
- Vuln Type: Misconfiguration