0.0
CVE-2025-61671 -
Further research determined the issue is not an open source vulnerability.
7.5
CVE-2025-45376 -
Dell Repository Manager (DRM), versions 3.4.7 and 3.4.8, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
5.1
CVE-2025-35034 - Medical Informatics Engineering Enterprise Health reflected cross site scripting via portlet_user_id
Medical Informatics Engineering Enterprise Health has a reflected cross site scripting vulnerability in the 'portlet_user_id' URL parameter. A remote, unauthenticated attacker can craft a URL that can execute arbitrary JavaScript in the victim's browser. This issue is fixed as of 2025-03-14.
6.3
CVE-2025-35033 - Medical Informatics Engineering Enterprise Health CSV injection
Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a remote, authenticated attacker to inject macros in downloadable CSV files. This issue is fixed as of 2025-03-14.
6.2
CVE-2025-35032 - Medical Informatics Engineering Enterprise Health arbitrary file upload
Medical Informatics Engineering Enterprise Health allows authenticated users to upload arbitrary files. The impact of this behavior depends on how files are accessed. This issue is fixed as of 2025-04-08.
4.6
CVE-2025-35031 - Medical Informatics Engineering Enterprise Health includes session token in debug output
Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. An attacker could convince a user to send this output to the attacker, thus allowing the attacker to impersonate that user. This issue is fixed as of 2025-04-08.
8.6
CVE-2025-35030 - Medical Informatics Engineering Enterprise Health cross site request forgery
Medical Informatics Engineering Enterprise Health has a cross site request forgery vulnerability that allows an unauthenticated attacker to trick administrative users into clicking a crafted URL and perform actions on behalf of that administrative user. This issue is fixed as of 2025-04-08.
9.3
CVE-2025-34196 - Vasion Print (formerly PrinterLogic) Hardcoded PrinterLogic CA Private Key and Hardcoded Password
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application prior to 25.1.1413 (Windows client deployments) contain a hardcoded private key for the PrinterLogic Certificate Authority (CA) and a hardcoded password in product configuration files. The Windowsβ¦
7.5
CVE-2025-41252 - Username enumeration vulnerability
Description: VMware NSX contains a username enumeration vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially leading to unauthorized access attempts. Impact: Username enumeration β facilitates unauthorized access. Attack Vector: Remote, unβ¦
8.1
CVE-2025-41251 - Weak password recovery vulnerability
VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks. Impact:Β Username enumeration β credential brute force risk. Attack Vector:Β Remote, unauthenticated. Seveβ¦