Latest CVE Feed
-
3.7
LOWCVE-2025-68458
Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) can be bypassed to fetch resources from hosts outside allowedUris by using crafted URLs that include user... Read more
Affected Products : webpack- Published: Feb. 05, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Server-Side Request Forgery
-
3.7
LOWCVE-2026-0976
A flaw was found in Keycloak. This improper input validation vulnerability occurs because Keycloak accepts RFC-compliant matrix parameters in URL path segments, while common reverse proxy configurations may ignore or mishandle them. A remote attacker can ... Read more
Affected Products :- Published: Jan. 15, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Misconfiguration
-
3.6
LOWCVE-2026-2345
Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.addEventListener('message', ...) handlers that do not properly validate the origin of incoming messages. Specifically, an internal messagi... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Cross-Site Scripting
-
3.5
LOWCVE-2026-25764
OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an HTML injection vulnerability occurs in the time tracking function of OpenProject. The application does not escape HTML tags, an attacker with adm... Read more
Affected Products : openproject- Published: Feb. 06, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
3.5
LOWCVE-2026-0798
Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, pot... Read more
Affected Products : gitea- Published: Jan. 22, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Information Disclosure
-
3.5
LOWCVE-2025-1823
IBM Jazz Reporting Service could allow an authenticated user on the host network to cause a denial of service using specially crafted SQL query that consumes excess memory resources.... Read more
Affected Products : jazz_reporting_service- Published: Feb. 04, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service
-
3.5
LOWCVE-2026-24048
Backstage is an open framework for building developer portals, and @backstage/backend-defaults provides the default implementations and setup for a standard Backstage backend app. Prior to versions 0.12.2, 0.13.2, 0.14.1, and 0.15.0, the `FetchUrlReader` ... Read more
Affected Products : backstage- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Server-Side Request Forgery
-
3.5
LOWCVE-2026-23738
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the ... Read more
Affected Products : asterisk- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Cross-Site Scripting
-
3.5
LOWCVE-2025-36411
IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.... Read more
Affected Products : applinx- Published: Jan. 20, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Request Forgery
-
3.5
LOWCVE-2025-2134
IBM Jazz Reporting Service could allow an authenticated user on the network to affect the system's performance using complicated queries due to insufficient resource pooling.... Read more
Affected Products : jazz_reporting_service- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Denial of Service
-
3.5
LOWCVE-2025-14594
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to view certain pipeline values by querying ... Read more
Affected Products : gitlab- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Information Disclosure
-
3.5
LOWCVE-2025-27550
IBM Jazz Reporting Service could allow an authenticated user on the host network to obtain sensitive information about other projects that reside on the server.... Read more
Affected Products : jazz_reporting_service- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Information Disclosure
-
3.4
LOWCVE-2026-23686
Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content enables injection... Read more
Affected Products : netweaver_application_server_java- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Injection
-
3.3
LOWCVE-2026-20656
A logic issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, Safari 26.3, macOS Tahoe 26.3. An app may be able to access a user's Safari history.... Read more
- Published: Feb. 11, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Information Disclosure
-
3.3
LOWCVE-2025-33030
Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable dat... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
3.3
LOWCVE-2026-20646
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to read sensitive location information.... Read more
Affected Products : macos- Published: Feb. 11, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Information Disclosure
-
3.3
LOWCVE-2026-21249
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 +6 more products- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Path Traversal
-
3.3
LOWCVE-2025-31186
A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 16.3. An app may be able to bypass Privacy preferences.... Read more
Affected Products : xcode- Published: Jan. 16, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Authorization
-
3.3
LOWCVE-2024-44210
This issue was addressed with improved permissions checking. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data.... Read more
Affected Products : macos- Published: Jan. 16, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Authorization
-
3.3
LOWCVE-2026-20730
A vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attackers to gain access to sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Information Disclosure