Latest CVE Feed
-
7.8
HIGHCVE-2024-11611
AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction is require... Read more
- Published: Jan. 30, 2025
- Modified: Aug. 12, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2024-11610
AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction is require... Read more
- Published: Jan. 30, 2025
- Modified: Aug. 12, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2024-11609
AutomationDirect C-More EA9 EAP9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction ... Read more
- Published: Jan. 30, 2025
- Modified: Aug. 12, 2025
- Vuln Type: Memory Corruption
-
8.6
HIGHCVE-2025-24802
Plonky2 is a SNARK implementation based on techniques from PLONK and FRI. Lookup tables, whose length is not divisible by 26 = floor(num_routed_wires / 3) always include the 0 -> 0 input-output pair. Thus a malicious prover can always prove that f(0) = 0 ... Read more
Affected Products :- Published: Jan. 30, 2025
- Modified: Jan. 30, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-0147
Type confusion in the Zoom Workplace App for Linux before 6.2.10 may allow an authorized user to conduct an escalation of privilege via network access.... Read more
Affected Products : meeting_software_development_kit video_software_development_kit workplace_desktop- Published: Jan. 30, 2025
- Modified: Aug. 01, 2025
- Vuln Type: Authorization
-
5.0
MEDIUMCVE-2025-0146
Symlink following in the installer for Zoom Workplace App for macOS before 6.2.10 may allow an authenticated user to conduct a denial of service via local access.... Read more
- Published: Jan. 30, 2025
- Modified: Aug. 01, 2025
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2025-0145
Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of privilege via local access.... Read more
- Published: Jan. 30, 2025
- Modified: Aug. 20, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-0144
Out-of-bounds write in some Zoom Workplace Apps may allow an authorized user to conduct a loss of integrity via network access.... Read more
- Published: Jan. 30, 2025
- Modified: Aug. 20, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-0143
Out-of-bounds write in the Zoom Workplace App for Linux before version 6.2.5 may allow an unauthorized user to conduct a denial of service via network access.... Read more
Affected Products : meeting_software_development_kit video_software_development_kit workplace_desktop- Published: Jan. 30, 2025
- Modified: Jul. 31, 2025
- Vuln Type: Denial of Service
-
4.3
MEDIUMCVE-2025-0142
Cleartext storage of sensitive information in the Zoom Jenkins Marketplace plugin before version 1.4 may allow an authenticated user to conduct a disclosure of information via network access.... Read more
Affected Products :- Published: Jan. 30, 2025
- Modified: Jan. 30, 2025
- Vuln Type: Information Disclosure
-
6.9
MEDIUMCVE-2024-10604
Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID allow for these values to be guessed under circumstances... Read more
Affected Products : fuchsia- Published: Jan. 30, 2025
- Modified: Jul. 29, 2025
- Vuln Type: Cryptography
-
6.3
MEDIUMCVE-2024-10603
Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances.... Read more
Affected Products : gvisor- Published: Jan. 30, 2025
- Modified: Jul. 29, 2025
- Vuln Type: Misconfiguration
-
6.3
MEDIUMCVE-2024-10026
A weak hashing algorithm and small sizes of seeds/secrets in Google's gVisor allowed for a remote attacker to calculate a local IP address and a per-boot identifier that could aid in tracking of a device in certain circumstances.... Read more
Affected Products : gvisor- Published: Jan. 30, 2025
- Modified: Jul. 31, 2025
- Vuln Type: Cryptography
-
8.9
HIGHCVE-2025-24507
This vulnerability allows appliance compromise at boot time.... Read more
Affected Products : symantec_privileged_access_management- Published: Jan. 30, 2025
- Modified: Feb. 05, 2025
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-24506
A specific authentication strategy allows to learn ids of PAM users associated with certain authentication types.... Read more
Affected Products : symantec_privileged_access_management- Published: Jan. 30, 2025
- Modified: Feb. 05, 2025
- Vuln Type: Authentication
-
8.8
HIGHCVE-2025-24505
This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file.... Read more
Affected Products : symantec_privileged_access_management- Published: Jan. 30, 2025
- Modified: Feb. 05, 2025
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-24504
An improper input validation the CSRF filter results in unsanitized user input written to the application logs.... Read more
Affected Products : symantec_privileged_access_management- Published: Jan. 30, 2025
- Modified: Feb. 05, 2025
- Vuln Type: Cross-Site Request Forgery
-
9.3
CRITICALCVE-2025-24503
A malicious actor can fix the session of a PAM user by tricking the user to click on a specially crafted link to the PAM server.... Read more
Affected Products : symantec_privileged_access_management- Published: Jan. 30, 2025
- Modified: Feb. 05, 2025
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-24502
An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address.... Read more
Affected Products : symantec_privileged_access_management- Published: Jan. 30, 2025
- Modified: Feb. 05, 2025
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-24501
An improper input validation allows an unauthenticated attacker to alter PAM logs by sending a specially crafted HTTP request.... Read more
Affected Products : symantec_privileged_access_management- Published: Jan. 30, 2025
- Modified: Feb. 05, 2025
- Vuln Type: Misconfiguration