Latest CVE Feed
-
2.0
LOWCVE-2022-27049
Raidrive before v2021.12.35 allows attackers to arbitrarily move log files by pre-creating a mountpoint and log files before Raidrive is installed.... Read more
Affected Products : raidrive- EPSS Score: %0.14
- Published: Mar. 31, 2022
- Modified: Nov. 21, 2024
-
2.0
LOWCVE-2025-4655
SSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 G... Read more
- Published: Aug. 09, 2025
- Modified: Aug. 11, 2025
- Vuln Type: Server-Side Request Forgery
-
2.0
LOWCVE-2025-47824
Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have cleartext storage of code.... Read more
Affected Products :- Published: Jun. 27, 2025
- Modified: Jun. 30, 2025
- Vuln Type: Cryptography
-
2.0
LOWCVE-2025-22274
It is possible to inject HTML code into the page content using the "content" field in the "Application definition" page. This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multip... Read more
Affected Products :- Published: Feb. 28, 2025
- Modified: Mar. 05, 2025
- Vuln Type: Cross-Site Scripting
-
2.0
LOWCVE-2025-8573
Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page. Version 8 was not affected. A rogue admin could set up a malicious folder containing XSS to which users could be directed upon login. The Concr... Read more
- Published: Aug. 05, 2025
- Modified: Aug. 11, 2025
- Vuln Type: Cross-Site Scripting
-
2.0
LOWCVE-2025-2922
A vulnerability classified as problematic was found in Netis WF-2404 1.1.124EN. Affected by this vulnerability is an unknown functionality of the component BusyBox Shell. The manipulation leads to cleartext storage of sensitive information. It is possible... Read more
Affected Products :- Published: Mar. 28, 2025
- Modified: Apr. 01, 2025
- Vuln Type: Information Disclosure
-
2.0
LOWCVE-2024-21105
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris exec... Read more
- Published: Apr. 16, 2024
- Modified: May. 08, 2025
-
2.0
LOWCVE-2025-4762
Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths an... Read more
Affected Products :- Published: May. 15, 2025
- Modified: May. 16, 2025
- Vuln Type: Authorization
-
2.0
LOWCVE-2025-24335
Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP contain a SOAP message input validation flaw, which in theory could potentially be used for causing resource exhaustion in the Single RAN baseband OAM service. No practical exploit h... Read more
Affected Products :- Published: Jul. 02, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Denial of Service
-
2.0
LOWCVE-2024-12923
A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vul... Read more
Affected Products : photo_station- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
2.0
LOWCVE-2025-52937
Vulnerability in PointCloudLibrary PCL (surface/src/3rdparty/opennurbs modules). This vulnerability is associated with program files crc32.C. This vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to... Read more
Affected Products :- Published: Jun. 23, 2025
- Modified: Jun. 23, 2025
-
2.0
LOWCVE-2025-4599
The fragment preview functionality in Liferay Portal 7.4.3.61 through 7.4.3.132, and Liferay DXP 2024.Q4.1 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 update 61 through update 92 was ... Read more
- Published: Aug. 04, 2025
- Modified: Aug. 05, 2025
- Vuln Type: Cross-Site Scripting
-
2.0
LOWCVE-2015-7511
Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations.... Read more
- EPSS Score: %0.06
- Published: Apr. 19, 2016
- Modified: Apr. 12, 2025
-
2.0
LOWCVE-2024-52286
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input (file name) and uses it directly in the creation of HTML pages allowing an... Read more
Affected Products : stirling_pdf- Published: Nov. 11, 2024
- Modified: Jan. 09, 2025
-
2.0
LOWCVE-2025-2864
SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning the affected device, once the cookie is set. This attack only impacts the victim's browser (reflected XSS).... Read more
Affected Products :- Published: Mar. 28, 2025
- Modified: Mar. 28, 2025
-
2.0
LOWCVE-2024-35196
Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verificat... Read more
Affected Products : sentry- Published: May. 31, 2024
- Modified: Nov. 21, 2024
-
2.0
LOWCVE-2024-52008
Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces passwo... Read more
Affected Products : fides- Published: Nov. 26, 2024
- Modified: Nov. 26, 2024
-
2.0
LOWCVE-2023-26591
Unchecked return value in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an unauthenticated user to potentially enable denial of service via physical access.... Read more
Affected Products : thunderbolt_dch_driver- EPSS Score: %0.10
- Published: Feb. 14, 2024
- Modified: Nov. 21, 2024
-
2.0
LOWCVE-2024-1633
During the secure boot, bl2 (the second stage of the bootloader) loops over images defined in the table “bl2_mem_params_descs”. For each image, the bl2 reads the image length and destination from the image’s certificate. Because of the way of reading from... Read more
Affected Products : rcar_gen3 arm-trusted-firmware arm-trusted-firmware r-car_d3e r-car_e3e r-car_h3e r-car_h3ne r-car_m3e r-car_m3ne r-car_v3h +2 more products- Published: Feb. 19, 2024
- Modified: Jan. 24, 2025
-
2.0
LOWCVE-2025-0138
Web sessions in the web interface of Palo Alto Networks Prisma® Cloud Compute Edition do not expire when users are deleted, which makes Prisma Cloud Compute Edition susceptible to unauthorized access. Compute in Prisma Cloud Enterprise Edition is not aff... Read more
Affected Products : prisma_cloud_compute_edition- Published: May. 14, 2025
- Modified: May. 16, 2025
- Vuln Type: Authentication