6.5
CVE-2025-56648 - parcel: Parcel Origin Validation Error
npm parcel 2.0.0-alpha and before has an Origin Validation Error vulnerability. Malicious websites can send XMLHTTPRequests to the application's development server and read the response to steal source code when developers visit them.
5.5
CVE-2022-50356 - net: sched: sfb: fix null pointer access issue when sfb_init() fails
In the Linux kernel, the following vulnerability has been resolved: net: sched: sfb: fix null pointer access issue when sfb_init() fails When the default qdisc is sfb, if the qdisc of dev_queue fails to be inited during mqprio_init(), sfb_reset() is invoked to clear resources. In this case, the qβ¦
7.5
CVE-2025-37125 - Broken access control vulnerability in Firewall Configuration Leads to Unauthorized Access to Inteβ¦
A broken access control vulnerability exists in HPE Aruba Networking EdgeConnect OS (ECOS). Successful exploitation could allow an attacker to bypass firewall protections, potentially leading to unauthorized traffic being handled improperly
8.8
CVE-2025-37123 - Authenticated Command Injection leads to Unauthorized Actions in CLI Interface
A vulnerability in the command-line interface of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to escalate privileges. Successful exploitation of this vulnerability may enable the attacker to execute arbitrary system commands with root privileges on tβ¦
8.6
CVE-2025-37124 - Unauthenticated Access Vulnerability allows Transit Traffic Misrouting in SD-WAN Edge Interface
A vulnerability in the HPE Aruba Networking SD-WAN Gateways could allow an unauthenticated remote attacker to bypass firewall protections. Successful exploitation could allow an attacker to route potentially harmful traffic through the internal network, leading to unauthorized access or disruption β¦
5.1
CVE-2025-43804 -
Cross-site scripting (XSS) vulnerability in Search widget in Liferay Portal 7.4.3.93 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_portal_search_web_portlet_SearchPortlet_userId parameter.
6.8
CVE-2025-37128 - Authenticated Arbitrary Process Termination allows potential System Disruption in ECOS
A vulnerability in the web API of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to terminate arbitrary running processes. Successful exploitation could allow an attacker to disrupt system operations, potentially resulting in an unstable system state.
6.7
CVE-2025-37129 - Authenticated Remote Code Execution allows Exploit in Scripts Feature
A vulnerable feature in the command line interface of EdgeConnect SD-WAN could allow an authenticated attacker to exploit built-in script execution capabilities. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system if the feature is enableβ¦
7.2
CVE-2025-37127 - Authenticated Replay Attack contains Cryptographic Vulnerability
A vulnerability in the cryptographic logic used by HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to gain shell access. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system, potentially leadinβ¦
6.5
CVE-2025-37130 - Unrestricted Binary allows File Enumeration in Underlying Operating System
A vulnerability in the command-line interface of EdgeConnect SD-WAN could allow an authenticated attacker to read arbitrary files within the system. Successful exploitation could allow an attacker to read sensitive data from the underlying file system.