7.3
CVE-2025-59273 - Azure Event Grid System Elevation of Privilege Vulnerability
Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network.
7.7
CVE-2025-59500 - Azure Notification Service Elevation of Privilege Vulnerability
Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network.
8.8
CVE-2025-12100 - MongoDB BI Connector ODBC driver installation via MSI may leave ACLs unset on custom installation dβ¦
Incorrect Default Permissions vulnerability in MongoDB BI Connector ODBC driver allows Privilege Escalation.This issue affects BI Connector ODBC driver: from 1.0.0 through 1.4.6.
6.4
CVE-2025-57848 - Container-native-virtualization: privilege escalation via excessive /etc/passwd permissions
A container privilege escalation flaw was found in certain Container-native Virtualization images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, evβ¦
5.9
CVE-2025-62517 - Rollbar.js Prototype Pollution Vulnerability in merge()
Rollbar.js offers error tracking and logging from Javascript to Rollbar. In versions before 2.26.5 and from 3.0.0-alpha1 to before 3.0.0-beta5, there is a prototype pollution vulnerability in merge(). If application code calls rollbar.configure() with untrusted input, prototype pollution is possiblβ¦
9.4
CVE-2025-58428 - Command Injection in Veeder-Root TLS4B Automatic Tank Gauge System
The TLS4B ATG system's SOAP-based interface is vulnerable due to its accessibility through the web services handler. This vulnerability enables remote attackers with valid credentials to execute system-level commands on the underlying Linux system. This could allow the attacker to achieve remote coβ¦
7.1
CVE-2025-55067 - Integer Overflow or Wraparound in Veeder-Root TLS4B Automatic Tank Gauge System
The TLS4B ATG system is vulnerable to improper handling of Unix time values that exceed the 2038 epoch rollover. When the system clock reaches January 19, 2038, it resets to December 13, 1901, causing authentication failures and disrupting core system functionalities such as login access, history vβ¦
6.9
CVE-2025-62236 - Frontier Airlines publicly available email address validation
The Frontier Airlines website has a publicly available endpoint that validates if an email addresses is associated with an account. An unauthenticated, remote attacker could determine valid email addresses, possibly aiding in further attacks.
7.5
CVE-2025-12044 - Vault Vulnerable to Denial of Service Due to Rate Limit Regression
Vault and Vault Enterprise (βVaultβ) are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for [+HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/7639β¦
8.1
CVE-2025-11621 - Vault AWS auth method bypass due to AWS client cache
Vault and Vault Enterpriseβs (βVaultβ) AWS Auth method may be susceptible to authentication bypass if the role of the configured bound_principal_iam is the same across AWS accounts, or uses a wildcard. This vulnerability, CVE-2025-11621, is fixed in Vault Community Edition 1.21.0 and Vault Enterpriβ¦