Latest CVE Feed
-
3.1
LOWCVE-2025-8277
A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to c... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Denial of Service
-
3.1
LOWCVE-2025-42914
Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to escalate privileges and perform activities that are otherwise restricted, resulting in a low impact on the i... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Authorization
-
3.1
LOWCVE-2025-10014
A flaw has been found in elunez eladmin up to 2.7. This impacts the function updateUserEmail of the file /api/users/updateEmail/ of the component Email Address Handler. Executing manipulation of the argument id/email can lead to improper authorization. Th... Read more
Affected Products : eladmin- Published: Sep. 05, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Authorization
-
3.1
LOWCVE-2025-40803
A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions). The affected device exposes certain non-critical information from the device. This could allow an unauthenticated attacker to access sensitive data, potentially lead... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Information Disclosure
-
3.1
LOWCVE-2025-42913
Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to escalate privileges and perform activities that are otherwise restricted, resulting in a low impact on the i... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Authorization
-
3.1
LOWCVE-2024-50341
symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom `user_checker` defined on a firewall is not called when Login Programmaticaly... Read more
Affected Products : symfony- Published: Nov. 06, 2024
- Modified: Nov. 08, 2024
-
3.1
LOWCVE-2024-50342
symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the `NoPrivateNetworkHttpClient`, some internal information is still leaking during host res... Read more
Affected Products : symfony- Published: Nov. 06, 2024
- Modified: Nov. 08, 2024
-
3.1
LOWCVE-2024-50343
symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\n`. Symfony as of ve... Read more
Affected Products : symfony- Published: Nov. 06, 2024
- Modified: Nov. 08, 2024
-
3.1
LOWCVE-2025-1151
A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The attack may be initiated remotely. The complexit... Read more
Affected Products : binutils- Published: Feb. 10, 2025
- Modified: Feb. 10, 2025
- Vuln Type: Memory Corruption
-
3.1
LOWCVE-2024-51744
golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired ... Read more
Affected Products :- Published: Nov. 04, 2024
- Modified: Nov. 05, 2024
-
3.1
LOWCVE-2025-24839
Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to prevent Wrangler posts from triggering AI responses. This vulnerability allows users without access to the AI bot to activate it by attaching the activate_ai override propert... Read more
Affected Products : mattermost_server- Published: Apr. 16, 2025
- Modified: Apr. 16, 2025
- Vuln Type: Authorization
-
3.1
LOWCVE-2025-3329
A vulnerability classified as problematic has been found in Consumer Comanda Mobile up to 14.9.3.2/15.0.0.8. This affects an unknown part of the component Restaurant Order Handler. The manipulation of the argument Login/Password leads to cleartext transmi... Read more
Affected Products : comanda_mobile- Published: Apr. 07, 2025
- Modified: Apr. 08, 2025
- Vuln Type: Cryptography
-
3.1
LOWCVE-2025-46653
Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." (Also, there is a scenario in which only t... Read more
Affected Products : formidable- Published: Apr. 26, 2025
- Modified: Apr. 29, 2025
- Vuln Type: Misconfiguration
-
3.1
LOWCVE-2025-3637
A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the mod_d... Read more
Affected Products : moodle- Published: Apr. 25, 2025
- Modified: Jun. 24, 2025
- Vuln Type: Information Disclosure
-
3.1
LOWCVE-2022-41963
BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3 contain a whiteboard grace period that exists to handle delayed messages, but this grace period could be used by attackers to take actions in the few seconds after their acce... Read more
Affected Products : bigbluebutton- Published: Dec. 16, 2022
- Modified: Nov. 21, 2024
-
3.1
LOWCVE-2025-59414
Nuxt is an open-source web development framework for Vue.js. Prior to 3.19.0 and 4.1.0, A client-side path traversal vulnerability in Nuxt's Island payload revival mechanism allowed attackers to manipulate client-side requests to different endpoints withi... Read more
Affected Products : nuxt- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Path Traversal
-
3.1
LOWCVE-2023-49619
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question once, and will o... Read more
Affected Products : answer- Published: Jan. 10, 2024
- Modified: Jun. 11, 2025
-
3.1
LOWCVE-2023-4579
Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine.... Read more
Affected Products : firefox- Published: Sep. 11, 2023
- Modified: Nov. 21, 2024
-
3.1
LOWCVE-2025-10252
A flaw has been found in SEAT Queue Ticket Kiosk up to 20250827. This affects an unknown part of the component Java RMI Registry Handler. This manipulation causes deserialization. The attack can only be done within the local network. The attack is conside... Read more
Affected Products :- Published: Sep. 11, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Information Disclosure
-
3.1
LOWCVE-2025-48463
Successful exploitation of the vulnerability could allow an attacker to intercept data and conduct session hijacking on the exposed data as the vulnerable product uses unencrypted HTTP communication, potentially leading to unauthorised access or data tamp... Read more
Affected Products : wise-4060lan_firmware wise-4060lan wise-4050lan_firmware wise-4050lan wise-4010lan_firmware wise-4010lan- Published: Jun. 24, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Cryptography