Latest CVE Feed
-
3.1
LOWCVE-2025-32787
SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. Versions 5.02.5184 to 5.02.5187 are vulnerable to NULL dereference in `DeleteIPv6DefaultRouterInRA` called by `StorePacket`. Before dereferencing, `DeleteIPv6DefaultRouterInRA` do... Read more
Affected Products :- Published: Apr. 16, 2025
- Modified: Apr. 17, 2025
- Vuln Type: Denial of Service
-
3.1
LOWCVE-2022-29147
Microsoft Edge (Chromium-based) Spoofing Vulnerability... Read more
Affected Products : edge_chromium- Published: Jun. 29, 2023
- Modified: Nov. 21, 2024
-
3.1
LOWCVE-2024-55070
A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions.... Read more
Affected Products : mealie- Published: Mar. 27, 2025
- Modified: Apr. 11, 2025
- Vuln Type: Authorization
-
3.1
LOWCVE-2017-10193
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticat... Read more
- Published: Aug. 08, 2017
- Modified: Apr. 20, 2025
-
3.1
LOWCVE-2020-14798
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthentica... Read more
Affected Products : debian_linux leap active_iq_unified_manager hci_management_node solidfire oncommand_insight oncommand_unified_manager jdk jre e-series_santricity_os_controller +8 more products- Published: Oct. 21, 2020
- Modified: May. 27, 2025
-
3.1
LOWCVE-2018-8862
In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, an improper authentication vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms.... Read more
Affected Products : hpss16_firmware hpss32_firmware mhpss_firmware alert4000_firmware hpss16 hpss32 mhpss alert4000- Published: May. 25, 2018
- Modified: Nov. 21, 2024
-
3.1
LOWCVE-2024-8042
Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an emp... Read more
Affected Products : insight_platform- Published: Sep. 09, 2024
- Modified: Sep. 17, 2024
-
3.1
LOWCVE-2020-11767
Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. If there is a TCP connection (negotiated with SNI over HTTPS) to *.example.com, a request for a domain concurrently configured explicitly (e.g., abc.example.com) is sent to the server(s)... Read more
- Published: Apr. 15, 2020
- Modified: Nov. 21, 2024
-
3.1
LOWCVE-2016-7199
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the Same Origin Policy and obtain sensitive window-state information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."... Read more
- Published: Nov. 10, 2016
- Modified: Apr. 12, 2025
-
3.1
LOWCVE-2023-4658
An issue has been discovered in GitLab EE affecting all versions starting from 8.13 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the `Allowed to merge... Read more
Affected Products : gitlab- Published: Dec. 01, 2023
- Modified: Nov. 21, 2024
-
3.1
LOWCVE-2023-4579
Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine.... Read more
Affected Products : firefox- Published: Sep. 11, 2023
- Modified: Nov. 21, 2024
-
3.1
LOWCVE-2023-5600
An issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. Arbitrary access to the titles of an private specific referenc... Read more
Affected Products : gitlab- Published: Jun. 20, 2025
- Modified: Aug. 12, 2025
- Vuln Type: Information Disclosure
-
3.1
LOWCVE-2025-6107
A vulnerability was found in comfyanonymous comfyui 0.3.40. It has been classified as problematic. Affected is the function set_attr of the file /comfy/utils.py. The manipulation leads to dynamically-determined object attributes. It is possible to launch ... Read more
Affected Products :- Published: Jun. 16, 2025
- Modified: Jun. 16, 2025
- Vuln Type: Misconfiguration
-
3.1
LOWCVE-2025-52463
Cross-site request forgery vulnerability exists in Active! mail 6 BuildInfo: 6.60.06008562 and earlier. If this vulnerability is exploited, unintended E-mail may be sent when a user accesses a specially crafted URL while being logged in.... Read more
Affected Products : active\!_mail- Published: Jul. 02, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Cross-Site Request Forgery
-
3.1
LOWCVE-2025-59270
psPAS PowerShell module does not explicitly enforce TLS 1.2 within the 'Get-PASSAMLResponse' function during the SAML authentication process. An unauthenticated attacker in a 'Man-in-the-Middle' position could manipulate the TLS handshake and downgrade TL... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Cryptography
-
3.1
LOWCVE-2025-10320
A vulnerability was detected in iteachyou Dreamer CMS up to 4.1.3.2. This issue affects some unknown processing of the file /admin/user/updatePwd. Performing manipulation results in weak password requirements. Remote exploitation of the attack is possible... Read more
Affected Products : dreamer_cms- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Authentication
-
3.1
LOWCVE-2023-47634
Decidim is a participatory democracy framework. Starting in version 0.10.0 and prior to versions 0.26.9, 0.27.5, and 0.28.0, a race condition in the endorsement of resources (for instance, a proposal) allows a user to make more than once endorsement. To e... Read more
Affected Products : decidim- Published: Feb. 29, 2024
- Modified: Feb. 14, 2025
-
3.1
LOWCVE-2025-41423
Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to properly validate permissions for the API endpoint /plugins/playbooks/api/v0/signal/keywords/ignore-thread, allowing any user or attacker to delete posts containing actions ... Read more
Affected Products : mattermost_server- Published: Apr. 24, 2025
- Modified: Apr. 29, 2025
- Vuln Type: Authorization
-
3.1
LOWCVE-2025-6527
A vulnerability, which was classified as problematic, was found in 70mai M300 up to 20250611. Affected is an unknown function of the component Web Server. The manipulation leads to improper access controls. The attack can only be initiated within the loca... Read more
Affected Products :- Published: Jun. 23, 2025
- Modified: Jun. 26, 2025
- Vuln Type: Authorization
-
3.1
LOWCVE-2018-2790
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthent... Read more
- Published: Apr. 19, 2018
- Modified: May. 06, 2025