8.8

CVSS3.1

CVE-2025-47773 - Combodo iTop has XSS vulnerability in /pages/ajax.render.php

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is edited via an AJAX call. Versions 2.7.13 and 3.2.2 protect rendered HTML content.

πŸ“… Published: Nov. 10, 2025, 7:13 p.m. πŸ”„ Last Modified: Nov. 21, 2025, 9:13 p.m.

5.9

CVSS3.1

CVE-2025-43723 -

Dell PowerScale OneFS, versions prior to 9.10.1.3 and versions 9.11.0.0 through 9.12.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

πŸ“… Published: Nov. 10, 2025, 7:10 p.m. πŸ”„ Last Modified: Feb. 20, 2026, 6:38 p.m.

8.6

CVSS4.0

CVE-2025-47286 - Combodo iTop vulnerable to Remote Code Execution in the backup creation functionality

Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, an administrator can, by editing the configuration of the iTop instance, execute code on the server. Versions 2.7.13 and 3.2.2 escape and check the config parameter before executing a command based on it.

πŸ“… Published: Nov. 10, 2025, 6:38 p.m. πŸ”„ Last Modified: Nov. 21, 2025, 9:15 p.m.

8.6

CVSS4.0

CVE-2025-12967 -

An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users. We recommend customers u…

πŸ“… Published: Nov. 10, 2025, 6:09 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.3

CVSS3.1

CVE-2025-43079 - Local Privilege Escalation via qagent_uninstall.sh Qualys Cloud Agents

The Qualys Cloud Agent included a bundled uninstall script (qagent_uninstall.sh), specific to Mac and Linux supported versions that invoked multiple system commands without using absolute paths and without sanitizing the $PATH environment. If the uninstall script is executed with elevated privilege…

πŸ“… Published: Nov. 10, 2025, 5:10 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.3

CVSS3.1

CVE-2025-46430 -

Dell Display and Peripheral Manager, versions prior to 2.1.2.12, contains an Execution with Unnecessary Privileges vulnerability in the Installer. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

πŸ“… Published: Nov. 10, 2025, 3:59 p.m. πŸ”„ Last Modified: Feb. 26, 2026, 5:47 p.m.

9.1

CVSS3.1

CVE-2025-12480 -

Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.

πŸ“… Published: Nov. 10, 2025, 2:20 p.m. πŸ”„ Last Modified: Feb. 26, 2026, 5:47 p.m.

4.2

CVSS3.1

CVE-2025-64457 -

In JetBrains ReSharper, Rider and dotTrace before 2025.2.5 local privilege escalation was possible via race condition

πŸ“… Published: Nov. 10, 2025, 1:28 p.m. πŸ”„ Last Modified: Feb. 26, 2026, 5:47 p.m.

8.4

CVSS3.1

CVE-2025-64456 -

In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation

πŸ“… Published: Nov. 10, 2025, 1:28 p.m. πŸ”„ Last Modified: Feb. 26, 2026, 5:47 p.m.

5.4

CVSS3.1

CVE-2025-64690 -

In JetBrains YouTrack before 2025.3.104432 insecure Junie configuration could lead to data exposure and unauthorized changes

πŸ“… Published: Nov. 10, 2025, 1:28 p.m. πŸ”„ Last Modified: Nov. 21, 2025, 4:13 p.m.
Total resulsts: 347900
Page 2962 of 34,790
Β« previous page Β» next page
Filters