7.5
CVE-2025-9230 - Out-of-bounds read & write in RFC 3211 KEK Unwrap
Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a mβ¦
10
CVE-2025-34217 - Vasion Print (formerly PrinterLogic) Undocumented Hardcoded SSH Key
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) contain an undocumented 'printerlogic' user with a hardcoded SSH public key in '~/.ssh/authorized_keys' and a sudoers rule granting the printerlogic_ssh group 'NOPASSWD: ALL'. Possession of the matchinβ¦
4
CVE-2025-10859 - Data stored in cookies for non-HTML content while browsing Incognito could be viewed after closing β¦
Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to escape Incognito mode even after the user closed all tabs. This vulnerability was fixed in Firefox for iOS 143.1.
7.5
CVE-2025-11153 - JIT miscompilation in the JavaScript Engine: JIT component
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 143.0.3.
8.6
CVE-2025-11152 - Sandbox escape due to integer overflow in the Graphics: Canvas2D component
Sandbox escape due to integer overflow in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143.0.3.
7.5
CVE-2025-11234 - Qemu-kvm: vnc websocket handshake use-after-free
A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network access β¦
6
CVE-2025-10217 -
A vulnerability exists in Asset Suite for an authenticated user to manipulate the content of performance related log data or to inject crafted data in logfile for potentially carrying out further malicious attacks. Performance logging is typically enabled for troubleshooting purposes while resolvinβ¦
7.1
CVE-2025-41098 - Insecure Direct Object Reference in GPS BOLD Workplanner
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of aΒ misuse of the general enquiry web service.
7.1
CVE-2025-41099 - Insecure Direct Object Reference in GPS BOLD Workplanner
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated user toΒ access to the list of permissions using unauthorised internal identifiers.
7.1
CVE-2025-41097 - Insecure Direct Object Reference in GPS BOLD Workplanner
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated user toΒ access to basic employee details using unauthorised internal identifiers.