Latest CVE Feed
-
3.3
LOWCVE-2025-43522
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3. An app may be able to access user-sensitive data.... Read more
Affected Products : macos- Published: Dec. 12, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Information Disclosure
-
3.3
LOWCVE-2025-5467
It was discovered that process_crash() in data/apport in Canonical's Apport crash reporting tool may create crash files with incorrect group ownership, possibly exposing crash information beyond expected or intended groups.... Read more
Affected Products : apport- Published: Dec. 10, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Misconfiguration
-
3.3
LOWCVE-2023-29144
Malwarebytes 1.0.14 for Linux doesn't properly compute signatures in some scenarios. This allows a bypass of detection.... Read more
Affected Products : malwarebytes- Published: Dec. 12, 2025
- Modified: Dec. 19, 2025
-
3.3
LOWCVE-2025-60912
phpIPAM v1.7.3 contains a Cross-Site Request Forgery (CSRF) vulnerability in the database export functionality. The generate-mysql.php function, located in the /app/admin/import-export/ endpoint, allows remote attackers to trigger large database dump down... Read more
Affected Products : phpipam- Published: Dec. 08, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Cross-Site Request Forgery
-
3.3
LOWCVE-2025-40818
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications contain private SSL/TLS keys on the server that are not properly protected allowing any user with server access to read these keys. This c... Read more
Affected Products : sinema_remote_connect_server- Published: Dec. 09, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Cryptography
-
3.3
LOWCVE-2025-14421
pdfforge PDF Architect PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of pdfforge PDF Architect. User interaction is required... Read more
Affected Products :- Published: Dec. 23, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Information Disclosure
-
3.2
LOWCVE-2025-59696
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to modify or erase tamper events via the Chassis management board.... Read more
- Published: Dec. 02, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Misconfiguration
-
3.2
LOWCVE-2025-68462
Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases.... Read more
Affected Products : freedombox- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Information Disclosure
-
3.1
LOWCVE-2025-15119
A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function queryPageList of the file /sys/sysDepartRole/list. The manipulation of the argument deptId results in improper authorization. The attack can be executed remotely. A hig... Read more
Affected Products : jeecgboot- Published: Dec. 28, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
3.1
LOWCVE-2025-68940
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request.... Read more
Affected Products : gitea- Published: Dec. 26, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
3.1
LOWCVE-2025-15141
A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator of the component Configuration Handler. Executing manipulation can lead to information disclosure. The attack may be performed from remo... Read more
Affected Products :- Published: Dec. 28, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Information Disclosure
-
3.1
LOWCVE-2025-67737
AzuraCast is a self-hosted, all-in-one web radio management suite. Versions 0.23.1 mistakenly include an API endpoint that is intended for internal use by the SFTP software sftpgo, exposing it to the public-facing HTTP API for AzuraCast installations. A u... Read more
Affected Products : azuracast- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Misconfiguration
-
3.1
LOWCVE-2025-15123
A vulnerability was determined in JeecgBoot up to 3.9.0. This affects an unknown function of the file /sys/sysDepartPermission/datarule/. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The attack r... Read more
Affected Products : jeecgboot- Published: Dec. 28, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
3.1
LOWCVE-2025-15126
A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this vulnerability is the function getPositionUserList of the file /sys/position/getPositionUserList. This manipulation of the argument positionId causes improper authorization. The atta... Read more
Affected Products : jeecgboot- Published: Dec. 28, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
3.1
LOWCVE-2025-67739
In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure... Read more
Affected Products : teamcity- Published: Dec. 11, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Information Disclosure
-
3.1
LOWCVE-2025-15120
A flaw has been found in JeecgBoot up to 3.9.0. Impacted is the function getDeptRoleList of the file /sys/sysDepartRole/getDeptRoleList. This manipulation of the argument departId causes improper authorization. The attack is possible to be carried out rem... Read more
Affected Products : jeecgboot- Published: Dec. 28, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
3.1
LOWCVE-2025-15117
A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserialization. The attack may be launched remotely. This attack ... Read more
Affected Products : sa-token- Published: Dec. 28, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Injection
-
3.1
LOWCVE-2025-15122
A vulnerability was found in JeecgBoot up to 3.9.0. The impacted element is the function loadDatarule of the file /sys/sysDepartRole/datarule/. Performing manipulation of the argument departId/roleId results in improper authorization. It is possible to in... Read more
Affected Products : jeecgboot- Published: Dec. 28, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
3.1
LOW- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
-
3.1
LOWCVE-2025-12997
Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with access to specific device and user information to submit web requests to an API endpoint that would expose sensitive user information.... Read more
Affected Products : carelink_network- Published: Dec. 04, 2025
- Modified: Dec. 22, 2025
- Vuln Type: Authorization