Latest CVE Feed
-
2.1
LOWCVE-2025-27726
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file download process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product'... Read more
Affected Products :- Published: Mar. 28, 2025
- Modified: Mar. 28, 2025
- Vuln Type: Path Traversal
-
2.1
LOWCVE-2024-53698
A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify memory. We have already fixed the vulnerability in... Read more
- Published: Mar. 07, 2025
- Modified: Mar. 07, 2025
- Vuln Type: Memory Corruption
-
2.1
LOWCVE-2024-53699
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. We have already fixed ... Read more
- Published: Mar. 07, 2025
- Modified: Mar. 07, 2025
- Vuln Type: Memory Corruption
-
2.1
LOWCVE-2014-5240
Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted... Read more
- EPSS Score: %0.33
- Published: Aug. 18, 2014
- Modified: Apr. 12, 2025
-
2.1
LOWCVE-2024-38638
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. QTS 5.2.x/QuTS hero h5... Read more
- Published: Mar. 07, 2025
- Modified: Mar. 07, 2025
- Vuln Type: Memory Corruption
-
2.1
LOWCVE-2024-53697
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. We have already fixed ... Read more
- Published: Mar. 07, 2025
- Modified: Mar. 07, 2025
- Vuln Type: Memory Corruption
-
2.1
LOWCVE-2011-3212
CoreStorage in Apple Mac OS X 10.7 before 10.7.2 does not ensure that all disk data is encrypted during the enabling of FileVault, which makes it easier for physically proximate attackers to obtain sensitive information by reading directly from the disk d... Read more
- EPSS Score: %0.11
- Published: Oct. 14, 2011
- Modified: Apr. 11, 2025
-
2.1
LOWCVE-2011-2977
Bugzilla 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files. NOTE: thi... Read more
- EPSS Score: %0.07
- Published: Aug. 09, 2011
- Modified: Apr. 11, 2025
-
2.1
LOWCVE-2025-21085
PingFederate OAuth2 grant duplication in PostgreSQL persistent storage allows OAuth2 requests to use excessive memory utilization.... Read more
Affected Products : pingfederate- Published: Jun. 15, 2025
- Modified: Jun. 16, 2025
- Vuln Type: Denial of Service
-
2.1
LOWCVE-2015-5864
IOAudioFamily in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.... Read more
- EPSS Score: %0.10
- Published: Oct. 09, 2015
- Modified: Apr. 12, 2025
-
2.1
LOWCVE-2024-42193
HCL BigFix Web Reports' service communicates over HTTPS but exhibits a weakness in its handling of SSL certificate validation. This scenario presents a possibility of man-in-the-middle (MITM) attacks and data exposure as, if exploited, this vulnerability ... Read more
Affected Products : bigfix_platform- Published: Apr. 15, 2025
- Modified: Apr. 16, 2025
- Vuln Type: Misconfiguration
-
2.1
LOWCVE-2015-2454
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels, which allows l... Read more
Affected Products : windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_vista windows_8 windows_rt- EPSS Score: %1.04
- Published: Aug. 15, 2015
- Modified: Apr. 12, 2025
-
2.1
LOWCVE-1999-0424
talkback in Netscape 4.5 allows a local user to overwrite arbitrary files of another user whose Netscape crashes.... Read more
Affected Products : communicator- EPSS Score: %0.12
- Published: Mar. 18, 1999
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2013-0985
Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified command line.... Read more
- EPSS Score: %0.05
- Published: Jun. 05, 2013
- Modified: Apr. 11, 2025
-
2.1
LOWCVE-2013-1764
The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method.... Read more
Affected Products : packagekit- EPSS Score: %0.06
- Published: Apr. 16, 2014
- Modified: Apr. 12, 2025
-
2.1
LOWCVE-2010-0530
Apple QuickTime before 7.6.9 on Windows sets weak permissions for the Apple Computer directory in the profile of a user account, which allows local users to obtain sensitive information by reading files in this directory.... Read more
- EPSS Score: %0.11
- Published: Dec. 09, 2010
- Modified: Apr. 11, 2025
-
2.1
LOWCVE-2013-4331
Light Display Manager (aka LightDM) 1.4.x before 1.4.3, 1.6.x before 1.6.2, and 1.7.x before 1.7.14 uses 0664 permissions for the temporary .Xauthority file, which allows local users to obtain sensitive information by reading the file.... Read more
Affected Products : lightdm- EPSS Score: %0.04
- Published: Feb. 02, 2014
- Modified: Apr. 11, 2025
-
2.1
LOWCVE-2010-1149
probers/udisks-dm-export.c in udisks before 1.0.1 exports UDISKS_DM_TARGETS_PARAMS information to udev even for a crypt UDISKS_DM_TARGETS_TYPE, which allows local users to discover encryption keys by (1) running a certain udevadm command or (2) reading a ... Read more
Affected Products : udisks- EPSS Score: %0.04
- Published: Apr. 12, 2010
- Modified: Apr. 11, 2025
-
2.1
LOWCVE-2013-4292
libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service (memory consumption) via a large number of domain migrate parameters in certain RPC calls in (1) daemon/remote.c and (2) remote/remote_driver.c.... Read more
Affected Products : libvirt- EPSS Score: %0.07
- Published: Sep. 30, 2013
- Modified: Apr. 11, 2025
-
2.1
LOWCVE-2013-5162
Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app.... Read more
Affected Products : iphone_os- EPSS Score: %0.06
- Published: Oct. 24, 2013
- Modified: Apr. 11, 2025