4.4

CVSS3.1

CVE-2024-40590 -

AnΒ improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMTP server may allow an unauthenticated attacker in a Man-in-t…

πŸ“… Published: March 14, 2025, 3:02 p.m. πŸ”„ Last Modified: March 14, 2025, 6:02 p.m.

4.1

CVSS3.1

CVE-2024-45638 - IBM QRadar EDR information disclosure

IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user.

πŸ“… Published: March 14, 2025, 2:49 p.m. πŸ”„ Last Modified: March 14, 2025, 6:50 p.m.

5.9

CVSS3.1

CVE-2024-45643 - IBM QRadar EDR information disclosure

IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information.

πŸ“… Published: March 14, 2025, 2:49 p.m. πŸ”„ Last Modified: March 15, 2025, 3:55 a.m.

6.9

CVSS4.0

CVE-2025-2268 - HP LaserJet MFP M232-M237 Printer Series - Potential Denial of Service

The HP LaserJet MFP M232-M237 Printer Series may be vulnerable to a denial of service attack when a specially crafted request message is sent via Internet Printing Protocol (IPP).

πŸ“… Published: March 14, 2025, 1:33 p.m. πŸ”„ Last Modified: March 14, 2025, 2:37 p.m.

8.7

CVSS4.0

CVE-2025-29776 - Azle calling `setTimer` causes infinite loop of timers

Azle is a WebAssembly runtime for TypeScript and JavaScript on ICP. Calling `setTimer` in Azle versions `0.27.0`, `0.28.0`, and `0.29.0` causes an immediate infinite loop of timers to be executed on the canister, each timer attempting to clean up the global state of the previous timer. The infinite…

πŸ“… Published: March 14, 2025, 1:13 p.m. πŸ”„ Last Modified: March 15, 2025, 8:49 p.m.

9.8

CVSS3.1

CVE-2025-2000 - Qiskit SDK code execution

A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. A python process calling Qiskit 0.18.0 through 1.4.1's `qiskit.qpy.load()` function could potentially execute any arbitrary Python code embed…

πŸ“… Published: March 14, 2025, 1:04 p.m. πŸ”„ Last Modified: March 15, 2025, 3:55 a.m.

9.8

CVSS3.1

CVE-2025-27595 - Weak hashing alghrythm

The device uses a weak hashing alghorithm to create the password hash. Hence, a matching password can be easily calculated by an attacker. This impacts the security and the integrity of the device.

πŸ“… Published: March 14, 2025, 12:53 p.m. πŸ”„ Last Modified: March 14, 2025, 1:35 p.m.

7.5

CVSS3.1

CVE-2025-27594 - Unencrypted transmission of password hash

The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the device using a pass-the-hash attack.

πŸ“… Published: March 14, 2025, 12:50 p.m. πŸ”„ Last Modified: March 14, 2025, 1:35 p.m.

6.5

CVSS3.1

CVE-2025-26626 - GLPI Inventory Plugin vulnerable to reflective Cross-site Scripting

The GLPI Inventory Plugin handles various types of tasks for GLPI agents for the GLPI asset and IT management software package. Versions prior to 1.5.0 are vulnerable to reflective cross-site scripting, which may lead to executing javascript code. Version 1.5.0 fixes the issue.

πŸ“… Published: March 14, 2025, 12:47 p.m. πŸ”„ Last Modified: March 14, 2025, 1:36 p.m.

9.3

CVSS3.1

CVE-2025-27593 - RCE due to Device Driver

The product can be used to distribute malicious code using SDD Device Drivers due to missing download verification checks, leading to code execution on target systems.

πŸ“… Published: March 14, 2025, 12:46 p.m. πŸ”„ Last Modified: March 14, 2025, 1:36 p.m.
Total resulsts: 285451
Page 18 of 28,546
Β« previous page Β» next page
Filters