Latest CVE Feed
-
3.7
LOWCVE-2026-0988
A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an i... Read more
Affected Products :- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Denial of Service
-
3.7
LOWCVE-2026-0633
The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.1.0. This is due to the use of a forgeable cookie value derived only fro... Read more
Affected Products : metform_elementor_contact_form_builder- Published: Jan. 24, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Information Disclosure
-
3.7
LOWCVE-2026-26013
LangChain is a framework for building agents and LLM-powered applications. Prior to 1.2.11, the ChatOpenAI.get_num_tokens_from_messages() method fetches arbitrary image_url values without validation when computing token counts for vision-enabled models. T... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Server-Side Request Forgery
-
3.7
LOWCVE-2026-23522
LobeChat is an open source chat application platform. Prior to version 2.0.0-next.193, `knowledgeBase.removeFilesFromKnowledgeBase` tRPC ep allows authenticated users to delete files from any knowledge base without verifying ownership. `userId` filter in ... Read more
Affected Products : lobe_chat- Published: Jan. 19, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
3.7
LOWCVE-2026-0989
A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas ca... Read more
Affected Products :- Published: Jan. 15, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Denial of Service
-
3.7
LOWCVE-2025-14592
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized operations by submitt... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Authorization
-
3.7
LOWCVE-2026-0976
A flaw was found in Keycloak. This improper input validation vulnerability occurs because Keycloak accepts RFC-compliant matrix parameters in URL path segments, while common reverse proxy configurations may ignore or mishandle them. A remote attacker can ... Read more
Affected Products :- Published: Jan. 15, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Misconfiguration
-
3.7
LOWCVE-2025-68458
Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) can be bypassed to fetch resources from hosts outside allowedUris by using crafted URLs that include user... Read more
Affected Products : webpack- Published: Feb. 05, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Server-Side Request Forgery
-
3.7
LOWCVE-2025-15323
Tanium addressed an improper certificate validation vulnerability in Tanium Appliance.... Read more
- Published: Feb. 05, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Misconfiguration
-
3.7
LOWCVE-2026-25224
Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.3, a denial-of-service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStre... Read more
Affected Products : fastify- Published: Feb. 03, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Denial of Service
-
3.7
LOWCVE-2026-23996
FastAPI Api Key provides a backend-agnostic library that provides an API key system. Version 1.1.0 has a timing side-channel vulnerability in verify_key(). The method applied a random delay only on verification failures, allowing an attacker to statistica... Read more
Affected Products :- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authentication
-
3.6
LOWCVE-2026-2345
Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.addEventListener('message', ...) handlers that do not properly validate the origin of incoming messages. Specifically, an internal messagi... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Cross-Site Scripting
-
3.6
LOWCVE-2025-54155
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or proce... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Denial of Service
-
3.6
LOWCVE-2025-54161
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or proce... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Denial of Service
-
3.6
LOWCVE-2025-57711
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or proces... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Denial of Service
-
3.6
LOWCVE-2025-57710
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or proces... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Denial of Service
-
3.5
LOWCVE-2025-14594
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to view certain pipeline values by querying ... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Information Disclosure
-
3.5
LOWCVE-2026-23738
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the ... Read more
Affected Products : asterisk- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Cross-Site Scripting
-
3.5
LOWCVE-2025-36411
IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.... Read more
Affected Products : applinx- Published: Jan. 20, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Request Forgery
-
3.5
LOWCVE-2026-0798
Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, pot... Read more
Affected Products : gitea- Published: Jan. 22, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Information Disclosure