Latest CVE Feed
-
3.3
LOWCVE-2025-43437
An information disclosure issue was addressed with improved privacy controls. This issue is fixed in iOS 26.1 and iPadOS 26.1. An app may be able to fingerprint the user.... Read more
- Published: Dec. 12, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Information Disclosure
-
3.3
LOWCVE-2025-68469
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.1-14, ImageMagick crashes when processing a crafted TIFF file. Version 7.1.1-14 fixes the issue.... Read more
Affected Products : imagemagick- Published: Dec. 18, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Memory Corruption
-
3.3
LOWCVE-2025-55703
An error-based SQL injection vulnerability exists in the Sunbird Power IQ 9.2.0 API. The vulnerability is due to an outdated API endpoint that applied arrays without proper input validation. This can allow attackers to manipulate SQL queries. This has bee... Read more
Affected Products : power_iq- Published: Dec. 15, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Injection
-
3.3
LOWCVE-2025-13321
Mattermost Desktop App versions <6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading t... Read more
- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Information Disclosure
-
3.3
LOWCVE-2025-43522
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3. An app may be able to access user-sensitive data.... Read more
Affected Products : macos- Published: Dec. 12, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Information Disclosure
-
3.3
LOWCVE-2025-14407
Soda PDF Desktop PDF File Parsing Memory Corruption Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit t... Read more
Affected Products : soda_pdf_desktop- Published: Dec. 23, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Memory Corruption
-
3.3
LOWCVE-2023-29144
Malwarebytes 1.0.14 for Linux doesn't properly compute signatures in some scenarios. This allows a bypass of detection.... Read more
Affected Products : malwarebytes- Published: Dec. 12, 2025
- Modified: Dec. 19, 2025
-
3.3
LOWCVE-2025-14410
Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit ... Read more
Affected Products : soda_pdf_desktop- Published: Dec. 23, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Information Disclosure
-
3.3
LOWCVE-2026-0747
Exposure of sensitive information in the TeamViewer entry dashboard component in Devolutions Remote Desktop Manager 2025.3.24.0 through 2025.3.28.0 on Windows allows an external observer to view a password on screen via a defective masking feature, for ex... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Information Disclosure
-
3.3
LOWCVE-2025-14411
Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit ... Read more
Affected Products : soda_pdf_desktop- Published: Dec. 23, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Information Disclosure
-
3.2
LOWCVE-2025-68462
Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases.... Read more
Affected Products : freedombox- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Information Disclosure
-
3.1
LOWCVE-2025-15119
A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function queryPageList of the file /sys/sysDepartRole/list. The manipulation of the argument deptId results in improper authorization. The attack can be executed remotely. A hig... Read more
- Published: Dec. 28, 2025
- Modified: Jan. 07, 2026
- Vuln Type: Authorization
-
3.1
LOWCVE-2025-15123
A vulnerability was determined in JeecgBoot up to 3.9.0. This affects an unknown function of the file /sys/sysDepartPermission/datarule/. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The attack r... Read more
- Published: Dec. 28, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Authorization
-
3.1
LOWCVE-2025-15141
A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator of the component Configuration Handler. Executing manipulation can lead to information disclosure. The attack may be performed from remo... Read more
Affected Products :- Published: Dec. 28, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Information Disclosure
-
3.1
LOWCVE-2025-15122
A vulnerability was found in JeecgBoot up to 3.9.0. The impacted element is the function loadDatarule of the file /sys/sysDepartRole/datarule/. Performing manipulation of the argument departId/roleId results in improper authorization. It is possible to in... Read more
- Published: Dec. 28, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Authorization
-
3.1
LOWCVE-2025-15117
A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserialization. The attack may be launched remotely. This attack ... Read more
Affected Products : sa-token- Published: Dec. 28, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Injection
-
3.1
LOWCVE-2025-67737
AzuraCast is a self-hosted, all-in-one web radio management suite. Versions 0.23.1 mistakenly include an API endpoint that is intended for internal use by the SFTP software sftpgo, exposing it to the public-facing HTTP API for AzuraCast installations. A u... Read more
Affected Products : azuracast- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Misconfiguration
-
3.1
LOWCVE-2025-43531
A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content m... Read more
- Published: Dec. 17, 2025
- Modified: Jan. 07, 2026
- Vuln Type: Race Condition
-
3.1
LOWCVE-2025-67739
In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure... Read more
Affected Products : teamcity- Published: Dec. 11, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Information Disclosure
-
3.1
LOW- Published: Dec. 18, 2025
- Modified: Jan. 06, 2026