Total
654 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-32783 | 2025-04-17 | 4.7 Medium | ||
| XWiki Platform is a generic wiki platform. A vulnerability in versions from 5.0 to 16.7.1 affects users with Message Stream enabled and a wiki configured as closed from selecting "Prevent unregistered users to view pages" in the Administrations Rights. The vulnerability is that any message sent in a subwiki to "everyone" is actually sent to the farm: any visitor of the main wiki will be able to see that message through the Dashboard, even if the subwiki is configured to be private. This issue will not be patched as Message Stream has been deprecated in XWiki 16.8.0RC1 and is not maintained anymore. A workaround for this issue involves keeping Message Stream disabled by default. It's advised to keep it disabled from Administration > Social > Message Stream. | ||||
| CVE-2025-3651 | 2025-04-17 | N/A | ||
| Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions 10.8.1.46 and earlier allows attackers to execute arbitrary commands via unauthorized access to the Agent service. This has been remediated in Work Desktop for Mac version 10.8.2.33. | ||||
| CVE-2021-27424 | 1 Ge | 38 Multilin B30, Multilin B30 Firmware, Multilin B90 and 35 more | 2025-04-16 | 5.3 Medium |
| GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information. | ||||
| CVE-2022-1467 | 1 Aveva | 2 Intouch Access Anywhere, Plant Scada Access Anywhere | 2025-04-16 | 7.4 High |
| Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS. | ||||
| CVE-2023-38994 | 1 Univention | 1 Univention Corporate Server | 2025-04-15 | 7.9 High |
| The 'check_univention_joinstatus' prometheus monitoring script (and other scripts) in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privileges and perform followup attacks. By default, the configuration of UCS does not allow local ssh access for regular users. | ||||
| CVE-2025-32428 | 2025-04-15 | N/A | ||
| Jupyter Remote Desktop Proxy allows you to run a Linux Desktop on a JupyterHub. jupyter-remote-desktop-proxy was meant to rely on UNIX sockets readable only by the current user since version 3.0.0, but when used with TigerVNC, the VNC server started by jupyter-remote-desktop-proxy were still accessible via the network. This vulnerability does not affect users having TurboVNC as the vncserver executable. This issue is fixed in 3.0.1. | ||||
| CVE-2022-38474 | 1 Mozilla | 1 Firefox | 2025-04-15 | 4.3 Medium |
| A website that had permission to access the microphone could record audio without the audio notification being shown. This bug does not allow the attacker to bypass the permission prompt - it only affects the notification shown once permission has been granted.<br />*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 104. | ||||
| CVE-2020-36532 | 1 Klapp | 1 App | 2025-04-15 | 4.3 Medium |
| A vulnerability has been found in Klapp App and classified as problematic. This vulnerability affects unknown code of the component Authorization. The manipulation leads to information disclosure (Credentials). The attack can be initiated remotely. It is recommended to upgrade the affected app. | ||||
| CVE-2022-3952 | 1 Manydesigns | 1 Portofino | 2025-04-15 | 2.6 Low |
| A vulnerability has been found in ManyDesigns Portofino 5.3.2 and classified as problematic. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipulation leads to creation of temporary file in directory with insecure permissions. Upgrading to version 5.3.3 is able to address this issue. The name of the patch is 94653cb357806c9cf24d8d294e6afea33f8f0775. It is recommended to upgrade the affected component. The identifier VDB-213457 was assigned to this vulnerability. | ||||
| CVE-2023-36429 | 1 Microsoft | 1 Dynamics 365 | 2025-04-14 | 6.5 Medium |
| Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | ||||
| CVE-2023-36596 | 1 Microsoft | 10 Windows 10 1507, Windows 10 1809, Windows 10 21h1 and 7 more | 2025-04-14 | 7.5 High |
| Remote Procedure Call Information Disclosure Vulnerability | ||||
| CVE-2022-45895 | 1 Planetestream | 1 Planet Estream | 2025-04-14 | 6.5 Medium |
| Planet eStream before 6.72.10.07 discloses sensitive information, related to the ON cookie (findable in HTML source code for Default.aspx in some situations) and the WhoAmI endpoint (e.g., path disclosure). | ||||
| CVE-2019-9011 | 1 Pilz | 1 Pmc | 2025-04-14 | 5.3 Medium |
| In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), an attacker can identify valid usernames. | ||||
| CVE-2016-5334 | 1 Vmware | 2 Identity Manager, Vrealize Automation | 2025-04-12 | 5.3 Medium |
| VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors. | ||||
| CVE-2016-5787 | 1 Ge | 1 Cimplicity | 2025-04-12 | 6.3 Medium |
| General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors. | ||||
| CVE-2015-10004 | 1 Json Web Token Project | 1 Json Web Token | 2025-04-11 | 7.5 High |
| Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC. | ||||
| CVE-2022-48198 | 2 Ntpd Driver Project, Openrobotics | 2 Ntpd Driver, Robot Operating System | 2025-04-11 | 9.8 Critical |
| The ntpd_driver component before 1.3.0 and 2.x before 2.2.0 for Robot Operating System (ROS) allows attackers, who control the source code of a different node in the same ROS application, to change a robot's behavior. This occurs because a topic name depends on the attacker-controlled time_ref_topic parameter. | ||||
| CVE-2013-4480 | 2 Redhat, Suse | 5 Network Satellite, Satellite, Satellite With Embedded Oracle and 2 more | 2025-04-11 | N/A |
| Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts. | ||||
| CVE-2011-1258 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | N/A |
| Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability." | ||||
| CVE-2012-1846 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a sandboxed process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code." | ||||