Latest CVE Feed
-
4.1
MEDIUMCVE-2024-26652
In the Linux kernel, the following vulnerability has been resolved: net: pds_core: Fix possible double free in error handling path When auxiliary_device_add() returns error and then calls auxiliary_device_uninit(), Callback function pdsc_auxbus_dev_rele... Read more
Affected Products : linux_kernel- Published: Mar. 27, 2024
- Modified: Apr. 08, 2025
-
4.1
MEDIUMCVE-2024-29435
An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId parameter.... Read more
Affected Products : alldata- Published: Apr. 01, 2024
- Modified: May. 07, 2025
-
4.1
MEDIUMCVE-2024-1544
Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Meaning k = r mod n. The division used during the reduction estimates a factor q_e by d... Read more
Affected Products : wolfssl- Published: Aug. 27, 2024
- Modified: Aug. 28, 2024
-
4.1
MEDIUMCVE-2024-37663
Redmi router RB03 v1.0.57 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect messages.... Read more
- Published: Jun. 17, 2024
- Modified: Jul. 09, 2025
-
4.1
MEDIUMCVE-2020-25284
The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.... Read more
- Published: Sep. 13, 2020
- Modified: Nov. 21, 2024
-
4.1
MEDIUMCVE-2016-8017
Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user input.... Read more
Affected Products : virusscan_enterprise- Published: Mar. 14, 2017
- Modified: Apr. 20, 2025
-
4.1
MEDIUMCVE-2024-30148
Improper access control of endpoint in HCL Leap allows certain admin users to import applications from the server's filesystem.... Read more
Affected Products :- Published: Apr. 24, 2025
- Modified: Apr. 29, 2025
- Vuln Type: Authorization
-
4.1
MEDIUMCVE-2019-1167
A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka 'Windows Defender Application Control Security Feature Bypass Vulnerability'.... Read more
Affected Products : powershell_core- Published: Jul. 19, 2019
- Modified: Nov. 21, 2024
-
4.1
MEDIUMCVE-2023-44255
An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read e... Read more
- Published: Nov. 12, 2024
- Modified: Jan. 21, 2025
-
4.1
MEDIUMCVE-2024-9828
The Taskbuilder WordPress plugin before 3.0.5 does not sanitize user input into the 'load_orders' parameter and uses it in a SQL statement, allowing high privilege users such as admin to perform SQL Injection attacks... Read more
Affected Products : taskbuilder- Published: Nov. 21, 2024
- Modified: May. 15, 2025
-
4.1
MEDIUMCVE-2025-42935
The SAP NetWeaver Application Server ABAP and ABAP Platform Internet Communication Manager (ICM) permits authorized users with admin privileges and local access to log files to read sensitive information, resulting in information disclosure. This leads to... Read more
Affected Products :- Published: Aug. 12, 2025
- Modified: Aug. 12, 2025
- Vuln Type: Information Disclosure
-
4.1
MEDIUMCVE-2025-48470
Successful exploitation of the stored cross-site scripting vulnerability could allow an attacker to inject malicious scripts into device fields and executed in other users’ browser, potentially leading to session hijacking, defacement, credential theft, o... Read more
Affected Products : wise-4060lan_firmware wise-4060lan wise-4050lan_firmware wise-4050lan wise-4010lan_firmware wise-4010lan- Published: Jun. 24, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Cross-Site Scripting
-
4.1
MEDIUMCVE-2025-4573
Mattermost versions 10.7.x <= 10.7.1, 10.6.x <= 10.6.3, 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to execut... Read more
Affected Products : mattermost_server- Published: Jun. 11, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Injection
-
4.1
MEDIUMCVE-2023-50786
Dradis through 4.16.0 allows referencing external images (resources) over HTTPS, instead of forcing the use of embedded (uploaded) images. This can be leveraged by an authorized author to attempt to steal the Net-NTLM hashes of other authors on a Windows ... Read more
Affected Products : dradis- Published: Jul. 05, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Information Disclosure
-
4.1
MEDIUMCVE-2007-1345
Unspecified vulnerability in cube.exe in the GINA component for CA (Computer Associates) eTrust Admin 8.1.0 through 8.1.2 allows attackers with physical interactive or Remote Desktop access to bypass authentication and gain privileges via the password res... Read more
- Published: Mar. 10, 2007
- Modified: Apr. 09, 2025
-
4.1
MEDIUMCVE-2007-0161
The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifyi... Read more
Affected Products : color_laserjet_4650 pml_driver_hpz12 officejet_4100 officejet_5100 officejet_5500 officejet_6100 officejet_7100 officejet_d officejet_g officejet_k +11 more products- Published: Jan. 10, 2007
- Modified: Apr. 09, 2025
-
4.1
MEDIUMCVE-2024-33748
Cross-site scripting (XSS) vulnerability in the search function in Maven net.mingsoft MS Basic 2.1.13.4 and earlier.... Read more
Affected Products :- Published: May. 07, 2024
- Modified: Nov. 21, 2024
-
4.1
MEDIUMCVE-2024-51992
Orchid is a @laravel package that allows for rapid application development of back-office applications, admin/user panels, and dashboards. This vulnerability is a method exposure issue (CWE-749: Exposed Dangerous Method or Function) in the Orchid Platform... Read more
Affected Products :- Published: Nov. 11, 2024
- Modified: Nov. 12, 2024
-
4.1
MEDIUMCVE-2025-30345
An issue was discovered in OpenSlides before 4.2.5. When creating new chats via the chat_group.create action, the user is able to specify the name of the chat. Some HTML elements such as SCRIPT are filtered, whereas others are not. In most cases, HTML ent... Read more
Affected Products : openslides- Published: Mar. 21, 2025
- Modified: Mar. 27, 2025
- Vuln Type: Cross-Site Scripting
-
4.1
MEDIUMCVE-2022-26888
Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable information disclosure via local access.... Read more
Affected Products : quartus_prime- Published: Feb. 16, 2023
- Modified: Nov. 21, 2024