Latest CVE Feed
-
2.0
LOWCVE-2024-52286
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input (file name) and uses it directly in the creation of HTML pages allowing an... Read more
Affected Products : stirling_pdf- Published: Nov. 11, 2024
- Modified: Jan. 09, 2025
-
2.0
LOWCVE-2025-52937
Vulnerability in PointCloudLibrary PCL (surface/src/3rdparty/opennurbs modules). This vulnerability is associated with program files crc32.C. This vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to... Read more
Affected Products :- Published: Jun. 23, 2025
- Modified: Jun. 23, 2025
-
2.0
LOWCVE-2024-3995
In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by Bryan Riggins.... Read more
Affected Products : helix_alm- Published: Jun. 28, 2024
- Modified: Nov. 21, 2024
-
2.0
LOWCVE-2024-53274
Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `register` function in `home.vue` containsa reflected XSS vulnerability due to an incorrect sanitization function. An attacke... Read more
Affected Products :- Published: Dec. 12, 2024
- Modified: Dec. 12, 2024
-
2.0
LOWCVE-2025-0138
Web sessions in the web interface of Palo Alto Networks Prisma® Cloud Compute Edition do not expire when users are deleted, which makes Prisma Cloud Compute Edition susceptible to unauthorized access. Compute in Prisma Cloud Enterprise Edition is not aff... Read more
Affected Products : prisma_cloud_compute_edition- Published: May. 14, 2025
- Modified: May. 16, 2025
- Vuln Type: Authentication
-
2.0
LOWCVE-2024-12014
Path Traversal vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers.... Read more
Affected Products :- Published: Dec. 20, 2024
- Modified: May. 20, 2025
-
2.0
LOWCVE-2022-26328
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText Performance Center on Windows allows Cross-Site Scripting (XSS).This issue affects Performance Center: 12.63.... Read more
Affected Products :- Published: Aug. 21, 2024
- Modified: Aug. 21, 2024
-
2.0
LOWCVE-2025-1243
The Temporal api-go library prior to version 1.44.1 did not send `update response` information to Data Converter when the proxy package within the api-go module was used in a gRPC proxy prior to transmission. This resulted in information contained within ... Read more
Affected Products :- Published: Feb. 12, 2025
- Modified: Feb. 12, 2025
- Vuln Type: Misconfiguration
-
2.0
LOWCVE-2023-26591
Unchecked return value in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an unauthenticated user to potentially enable denial of service via physical access.... Read more
Affected Products : thunderbolt_dch_driver- EPSS Score: %0.10
- Published: Feb. 14, 2024
- Modified: Nov. 21, 2024
-
2.0
LOWCVE-2023-45706
An administrative user of WebReports may perform a Cross Site Scripting (XSS) and/or Man in the Middle (MITM) exploit through SAML configuration. ... Read more
Affected Products : bigfix_platform- Published: Mar. 28, 2024
- Modified: Nov. 21, 2024
-
2.0
LOWCVE-2024-1633
During the secure boot, bl2 (the second stage of the bootloader) loops over images defined in the table “bl2_mem_params_descs”. For each image, the bl2 reads the image length and destination from the image’s certificate. Because of the way of reading from... Read more
Affected Products : rcar_gen3 arm-trusted-firmware arm-trusted-firmware r-car_d3e r-car_e3e r-car_h3e r-car_h3ne r-car_m3e r-car_m3ne r-car_v3h +2 more products- Published: Feb. 19, 2024
- Modified: Jan. 24, 2025
-
2.0
LOWCVE-2022-27049
Raidrive before v2021.12.35 allows attackers to arbitrarily move log files by pre-creating a mountpoint and log files before Raidrive is installed.... Read more
Affected Products : raidrive- EPSS Score: %0.14
- Published: Mar. 31, 2022
- Modified: Nov. 21, 2024
-
2.0
LOWCVE-2024-21105
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris exec... Read more
- Published: Apr. 16, 2024
- Modified: May. 08, 2025
-
2.0
LOWCVE-2025-8573
Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page. Version 8 was not affected. A rogue admin could set up a malicious folder containing XSS to which users could be directed upon login. The Concr... Read more
- Published: Aug. 05, 2025
- Modified: Aug. 11, 2025
- Vuln Type: Cross-Site Scripting
-
2.0
LOWCVE-2025-47820
Flock Safety Gunshot Detection devices before 1.3 have cleartext storage of code.... Read more
Affected Products :- Published: Jun. 27, 2025
- Modified: Jun. 30, 2025
- Vuln Type: Cryptography
-
2.0
LOWCVE-2025-5941
Netskope is notified about a potential gap in its agent (NS Client) in which a malicious actor could trigger a memory leak by sending a crafted DNS packet to a machine. A successful exploitation may require administrative privileges on the machine, based ... Read more
Affected Products : netskope- Published: Aug. 14, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Memory Corruption
-
2.0
LOWCVE-2025-22274
It is possible to inject HTML code into the page content using the "content" field in the "Application definition" page. This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multip... Read more
Affected Products :- Published: Feb. 28, 2025
- Modified: Mar. 05, 2025
- Vuln Type: Cross-Site Scripting
-
2.0
LOWCVE-2025-4599
The fragment preview functionality in Liferay Portal 7.4.3.61 through 7.4.3.132, and Liferay DXP 2024.Q4.1 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 update 61 through update 92 was ... Read more
- Published: Aug. 04, 2025
- Modified: Aug. 05, 2025
- Vuln Type: Cross-Site Scripting
-
2.0
LOWCVE-2015-7511
Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations.... Read more
- EPSS Score: %0.06
- Published: Apr. 19, 2016
- Modified: Apr. 12, 2025
-
2.0
LOWCVE-2025-2920
A vulnerability was found in Netis WF-2404 1.1.124EN. It has been rated as problematic. This issue affects some unknown processing of the file /еtc/passwd. The manipulation leads to use of weak hash. It is possible to launch the attack on the physical dev... Read more
Affected Products :- Published: Mar. 28, 2025
- Modified: Apr. 01, 2025
- Vuln Type: Cryptography