Latest CVE Feed
-
3.5
LOWCVE-2025-11203
LiteLLM Information health API_KEY Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LiteLLM. Authentication is required to exploit this vulnerability. The spec... Read more
Affected Products : litellm- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Information Disclosure
-
3.5
LOWCVE-2025-64744
OpenObserve is a cloud-native observability platform. In versions up to and including 0.16.1, when creating or renaming an organization with HTML in the name, the markup is rendered inside the invitation email. This indicates that user-controlled input is... Read more
Affected Products : openobserve- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Cross-Site Scripting
-
3.4
LOWCVE-2025-13015
Spoofing issue in Firefox. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, and Firefox ESR < 115.30.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 13, 2025
-
3.3
LOWCVE-2025-63396
An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or hang during finalization, leading to a Denial of Service (DoS).... Read more
Affected Products :- Published: Nov. 12, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Denial of Service
-
3.3
LOWCVE-2025-21077
Improper input validation in Samsung Email prior to version 6.2.06.0 allows local attackers to launch arbitrary activity with Samsung Email privilege.... Read more
Affected Products : email- Published: Nov. 05, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Authorization
-
3.3
LOWCVE-2025-5496
ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4.2508.14, 11.4.2516.06, and 11.4.2518.01 are affected by an arbitrary file deletion vulnerability in the agent setup component.... Read more
Affected Products : manageengine_endpoint_central- Published: Oct. 21, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Misconfiguration
-
3.3
LOWCVE-2025-60361
radare2 v5.9.8 and before contains a memory leak in the function bochs_open.... Read more
Affected Products : radare2- Published: Oct. 17, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Memory Corruption
-
3.3
LOWCVE-2025-43395
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access protected user data.... Read more
Affected Products : macos- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Path Traversal
-
3.3
LOWCVE-2025-25216
Improper input validation in some firmware for some Intel(R) Graphics Drivers and Intel LTS kernels within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity atta... Read more
Affected Products :- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Denial of Service
-
3.3
LOWCVE-2025-46370
Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Process Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Disclosure.... Read more
Affected Products :- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Information Disclosure
-
3.1
LOWCVE-2025-12918
A security flaw has been discovered in yungifez Skuul School Management System up to 2.6.5. The impacted element is an unknown function of the file /dashboard/fees/fee-invoices/ of the component View Fee Invoice. Performing manipulation of the argument in... Read more
Affected Products :- Published: Nov. 09, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Authorization
-
3.1
LOWCVE-2025-12817
Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE pr... Read more
Affected Products : postgresql- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Authorization
-
3.1
LOWCVE-2025-11219
Use after free in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Low)... Read more
- Published: Nov. 06, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Memory Corruption
-
3.1
LOWCVE-2025-64686
In JetBrains YouTrack before 2025.3.104432 missing user principal cleanup led to reuse of incorrect authorization context... Read more
Affected Products : youtrack- Published: Nov. 10, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Authorization
-
3.1
LOWCVE-2025-8850
In danny-avila/librechat version 0.7.9, there is an insecure API design issue in the 2-Factor Authentication (2FA) flow. The system allows users to disable 2FA without requiring a valid OTP or backup code, bypassing the intended verification process. This... Read more
Affected Products : librechat- Published: Oct. 30, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Authentication
-
3.1
LOWCVE-2025-41436
Mattermost versions <11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads... Read more
Affected Products : mattermost_server- Published: Nov. 14, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Authorization
-
3.1
LOWCVE-2025-8998
It was possible to upload files with a specific name to a temporary directory, which may result in process crashes and impact usability. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account.... Read more
Affected Products : axis_os- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Denial of Service
-
3.1
LOWCVE-2025-12623
A vulnerability was identified in fushengqian fuint up to 41e26be8a2c609413a0feaa69bdad33a71ae8032. Affected by this issue is some unknown functionality of the file fuint-application/src/main/java/com/fuint/module/clientApi/controller/ClientSignController... Read more
Affected Products :- Published: Nov. 03, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Authorization
-
3.1
LOWCVE-2025-62711
Wasmtime is a runtime for WebAssembly. In versions from 38.0.0 to before 38.0.3, the implementation of component-model related host-to-wasm trampolines in Wasmtime contained a bug where it's possible to carefully craft a component, which when called in a ... Read more
Affected Products : wasmtime- Published: Oct. 24, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Memory Corruption
-
3.1
LOWCVE-2025-23050
QLowEnergyController in Qt before 6.8.2 mishandles malformed Bluetooth ATT commands, leading to an out-of-bounds read (or division by zero). This is fixed in 5.15.19, 6.5.9, and 6.8.2.... Read more
Affected Products : qt- Published: Oct. 31, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Memory Corruption