Latest CVE Feed
-
3.3
LOWCVE-2025-14407
Soda PDF Desktop PDF File Parsing Memory Corruption Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit t... Read more
Affected Products :- Published: Dec. 23, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Memory Corruption
-
3.3
LOWCVE-2025-13321
Mattermost Desktop App versions <6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading t... Read more
- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Information Disclosure
-
3.3
LOWCVE-2025-66546
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1.... Read more
- Published: Dec. 05, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authentication
-
3.3
LOWCVE-2023-29144
Malwarebytes 1.0.14 for Linux doesn't properly compute signatures in some scenarios. This allows a bypass of detection.... Read more
Affected Products : malwarebytes- Published: Dec. 12, 2025
- Modified: Dec. 19, 2025
-
3.3
LOWCVE-2025-43516
A session management issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. A user with Voice Control enabled may be able to transcribe another user's activity.... Read more
Affected Products : macos- Published: Dec. 12, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Authentication
-
3.3
LOWCVE-2025-43518
A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3. An app may be able to inappropriately access files through the spellcheck API.... Read more
- Published: Dec. 12, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Authorization
-
3.3
LOWCVE-2025-60912
phpIPAM v1.7.3 contains a Cross-Site Request Forgery (CSRF) vulnerability in the database export functionality. The generate-mysql.php function, located in the /app/admin/import-export/ endpoint, allows remote attackers to trigger large database dump down... Read more
Affected Products : phpipam- Published: Dec. 08, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Cross-Site Request Forgery
-
3.3
LOWCVE-2025-14421
pdfforge PDF Architect PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of pdfforge PDF Architect. User interaction is required... Read more
Affected Products :- Published: Dec. 23, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Information Disclosure
-
3.3
LOWCVE-2025-40818
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications contain private SSL/TLS keys on the server that are not properly protected allowing any user with server access to read these keys. This c... Read more
Affected Products : sinema_remote_connect_server- Published: Dec. 09, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Cryptography
-
3.3
LOWCVE-2025-14411
Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit ... Read more
Affected Products :- Published: Dec. 23, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Information Disclosure
-
3.2
LOWCVE-2025-68462
Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases.... Read more
Affected Products : freedombox- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Information Disclosure
-
3.2
LOWCVE-2025-59696
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to modify or erase tamper events via the Chassis management board.... Read more
- Published: Dec. 02, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Misconfiguration
-
3.1
LOWCVE-2025-15122
A vulnerability was found in JeecgBoot up to 3.9.0. The impacted element is the function loadDatarule of the file /sys/sysDepartRole/datarule/. Performing manipulation of the argument departId/roleId results in improper authorization. It is possible to in... Read more
Affected Products : jeecgboot- Published: Dec. 28, 2025
- Modified: Dec. 28, 2025
- Vuln Type: Authorization
-
3.1
LOW- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
-
3.1
LOWCVE-2025-68940
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request.... Read more
Affected Products : gitea- Published: Dec. 26, 2025
- Modified: Dec. 26, 2025
- Vuln Type: Authorization
-
3.1
LOWCVE-2025-67739
In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure... Read more
Affected Products : teamcity- Published: Dec. 11, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Information Disclosure
-
3.1
LOWCVE-2025-15124
A vulnerability was identified in JeecgBoot up to 3.9.0. This impacts the function getParameterMap of the file /sys/sysDepartPermission/list. The manipulation of the argument departId leads to improper authorization. The attack can be initiated remotely. ... Read more
Affected Products : jeecgboot- Published: Dec. 28, 2025
- Modified: Dec. 28, 2025
- Vuln Type: Authorization
-
3.1
LOWCVE-2025-15125
A security flaw has been discovered in JeecgBoot up to 3.9.0. Affected is the function queryDepartPermission of the file /sys/permission/queryDepartPermission. The manipulation of the argument departId results in improper authorization. The attack can be ... Read more
Affected Products : jeecgboot- Published: Dec. 28, 2025
- Modified: Dec. 28, 2025
- Vuln Type: Authorization
-
3.1
LOWCVE-2025-62690
Mattermost versions 10.11.x <= 10.11.4 fail to validate redirect URLs on the /error page, which allows an attacker to redirect a victim to a malicious site via a crafted link opened in a new tab.... Read more
Affected Products : mattermost_server- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Misconfiguration
-
3.1
LOWCVE-2025-12997
Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with access to specific device and user information to submit web requests to an API endpoint that would expose sensitive user information.... Read more
Affected Products : carelink_network- Published: Dec. 04, 2025
- Modified: Dec. 22, 2025
- Vuln Type: Authorization