Latest CVE Feed
-
2.3
LOWCVE-2026-22714
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Monaco Skin allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Monaco Skin: 1.45, 1.44, 1.43, 1... Read more
Affected Products :- Published: Jan. 09, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Cross-Site Scripting
-
2.3
LOWCVE-2026-22710
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Wikibase Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Wikibase Extension: 1.45,... Read more
Affected Products :- Published: Jan. 09, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Cross-Site Scripting
-
2.3
LOWCVE-2026-22713
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - GrowthExperiment... Read more
Affected Products :- Published: Jan. 09, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Cross-Site Scripting
-
2.3
LOWCVE-2026-22712
Improper Encoding or Escaping of Output due to magic word replacement in ParserAfterTidy vulnerability in The Wikimedia Foundation Mediawiki - ApprovedRevs Extension allows Input Data Manipulation.This issue affects Mediawiki - ApprovedRevs Extension: 1.4... Read more
Affected Products :- Published: Jan. 09, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Injection
-
2.3
LOWCVE-2025-46643
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through ... Read more
Affected Products :- Published: Jan. 09, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Memory Corruption
-
2.2
LOWCVE-2026-0682
The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audio_url' parameter. This makes it possible for authenticated att... Read more
Affected Products : church_admin- Published: Jan. 17, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Server-Side Request Forgery
-
2.1
LOWCVE-2026-23847
SiYuan is a personal knowledge management system. Versions prior to 3.5.4 are vulnerable to reflected cross-site scripting in /api/icon/getDynamicIcon due to unsanitized SVG input. The endpoint generates SVG images for text icons (type=8). The content que... Read more
Affected Products : siyuan- Published: Jan. 19, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
2.1
LOWCVE-2026-22805
Metabase is an open-source data analytics platform. Prior to 55.13, 56.3, and 57.1, self-hosted Metabase instances that allow users to create subscriptions could be potentially impacted if their Metabase is colocated with other unsecured resources. This v... Read more
Affected Products : metabase- Published: Jan. 12, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Misconfiguration
-
2.0
LOWCVE-2026-1409
A security vulnerability has been detected in Beetel 777VR1 up to 01.00.09/01.00.09_55. This issue affects some unknown processing of the component UART Interface. The manipulation leads to improper restriction of excessive authentication attempts. It is ... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authentication
-
2.0
LOWCVE-2026-21437
eopkg is a Solus package manager implemented in python3. In versions prior to 4.4.0, a malicious package could include files that are not tracked by `eopkg`. This requires the installation of a package from a malicious or compromised source. Files in such... Read more
Affected Products :- Published: Jan. 01, 2026
- Modified: Jan. 02, 2026
- Vuln Type: Misconfiguration
-
2.0
LOWCVE-2026-1407
A security flaw has been discovered in Beetel 777VR1 up to 01.00.09/01.00.09_55. This affects an unknown part of the component UART Interface. Performing a manipulation results in information disclosure. The attack may be carried out on the physical devic... Read more
Affected Products :- Published: Jan. 25, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Information Disclosure
-
2.0
LOWCVE-2026-1408
A weakness has been identified in Beetel 777VR1 up to 01.00.09/01.00.09_55. This vulnerability affects unknown code of the component UART Interface. Executing a manipulation can lead to weak password requirements. The physical device can be targeted for t... Read more
Affected Products :- Published: Jan. 25, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authentication
-
1.9
LOWCVE-2025-11961
pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly do... Read more
Affected Products : libpcap- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Memory Corruption
-
1.9
LOWCVE-2025-11964
On Windows only, if libpcap needs to convert a Windows error message to UTF-8 and the message includes characters that UTF-8 represents using 4 bytes, utf_16le_to_utf_8_truncated() can write data beyond the end of the provided buffer.... Read more
Affected Products : libpcap- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Misconfiguration
-
1.8
LOWCVE-2025-12776
The Report Builder component of the application stores user input directly in a web page and displays it to other users, which raised concerns about a possible Cross-Site Scripting (XSS) attack. Proper management of this functionality helps ensure a secur... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cross-Site Scripting
-
1.8
LOWCVE-2026-1225
ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configurati... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Misconfiguration
-
1.8
LOWCVE-2025-55250
HCL AION version 2 is affected by a Technical Error Disclosure vulnerability. This can expose sensitive technical details, potentially resulting in information disclosure or aiding further attacks.... Read more
Affected Products :- Published: Jan. 19, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Information Disclosure
-
1.7
LOWCVE-2026-23833
ESPHome is a system to control microcontrollers remotely through Home Automation systems. In versions 2025.9.0 through 2025.12.6, an integer overflow in the API component's protobuf decoder allows denial-of-service attacks when API encryption is not used.... Read more
Affected Products : esphome_firmware- Published: Jan. 19, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Denial of Service
-
1.3
LOWCVE-2025-12738
Neo4j Enterprise edition versions prior to 2025.11.2 and 5.26.17 are vulnerable to a potential information disclosure by an attacker who has some legitimate access to the database. The vulnerability allows attacker without read access to a property to inf... Read more
Affected Products : enterprise_edition- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Information Disclosure
-
1.3
LOWCVE-2025-14986
When frontend.enableExecuteMultiOperation is enabled, the server can apply namespace-scoped validation and feature gates for the embedded StartWorkflowExecutionRequest using its Namespace field rather than the outer, authorized ExecuteMultiOperationReques... Read more
Affected Products : temporal- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Authorization