Vulnerabilities > Low

DATE CVE VULNERABILITY TITLE RISK
2025-03-16 CVE-2025-2352 A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0.
network
low complexity
CWE-94
2.4
2025-03-16 CVE-2025-2349 A vulnerability was found in IROAD Dash Cam FX2 up to 20250308.
high complexity
CWE-916
3.1
2025-03-16 CVE-2025-2341 A vulnerability was found in IROAD Dash Cam X5 up to 20250203.
high complexity
3.1
2025-03-16 CVE-2025-2340 A vulnerability was found in otale Tale Blog 2.0.5.
network
low complexity
CWE-94
2.4
2025-03-16 CVE-2025-2335 A vulnerability classified as problematic was found in Drivin Soluções up to 20250226.
network
low complexity
CWE-94
3.5
2025-03-15 CVE-2025-2157 A flaw was found in Foreman/Red Hat Satellite.
local
low complexity
CWE-922
3.3
2025-03-12 CVE-2025-21851 Improper Locking vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix softlockup in arena_map_free on 64k page kernel On an aarch64 kernel with CONFIG_PAGE_SIZE_64KB=y, arena_htab tests cause a segmentation fault and soft lockup. The same failure is not observed with 4k pages on aarch64. It turns out arena_map_free() is calling apply_to_existing_page_range() with the address returned by bpf_arena_get_kern_vm_start().
local
low complexity
linux CWE-667
3.3
2025-03-12 CVE-2025-21860 Unspecified vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: mm/zswap: fix inconsistency when zswap_store_page() fails Commit b7c0ccdfbafd ("mm: zswap: support large folios in zswap_store()") skips charging any zswap entries when it failed to zswap the entire folio. However, when some base pages are zswapped but it failed to zswap the entire folio, the zswap operation is rolled back.
local
low complexity
linux
3.3
2025-03-12 CVE-2024-13838 Server-Side Request Forgery (SSRF) vulnerability in Uncannyowl Uncanny Automator
The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.2 via the 'call_webhook' method of the Automator_Send_Webhook class This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
network
low complexity
uncannyowl CWE-918
3.8
2025-03-11 CVE-2025-2212 A vulnerability was found in Castlenet CBW383G2N up to 20250301.
network
low complexity
CWE-94
2.4