9.1
CVE-2025-53795 - Microsoft PC Manager Elevation of Privilege Vulnerability
Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network.
9.8
CVE-2025-53763 - Azure Databricks Elevation of Privilege Vulnerability
Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.
5.3
CVE-2025-24489 - INFINITT Healthcare INFINITT PACS Unrestricted Upload of File with Dangerous Type
An attacker could exploit this vulnerability by uploading arbitrary files via a specific service, which could lead to system compromise.
5.3
CVE-2025-27714 - INFINITT Healthcare INFINITT PACS Unrestricted Upload of File with Dangerous Type
An attacker could exploit this vulnerability by uploading arbitrary files via the a specific endpoint, leading to unauthorized remote code execution or system compromise.
9.3
CVE-2025-3128 - Mitsubishi Electric Europe smartRTU OS Command Injection
A remote unauthenticated attacker who has bypassed authentication could execute arbitrary OS commands to disclose, tamper with, destroy or delete information in Mitsubishi Electric smartRTU, or cause a denial-of service condition on the product.
8.7
CVE-2025-27721 - INFINITT Healthcare INFINITT PACS Exposure of Sensitive System Information to an Unauthorized Contrβ¦
Unauthorized users can access INFINITT PACS System ManagerΒ without proper authorization, which could lead to unauthorized access to system resources.
4.8
CVE-2025-55107 - BUG-000177335 ArcGIS Enterprise Sites has a stored Cross-site Scripting vulnerability.
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 β 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript codeβ¦
4.8
CVE-2025-55106 - BUG-000173171 ArcGIS Enterprise Sites has a Cross-site Scripting vulnerability.
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 β 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in the β¦
4.8
CVE-2025-55105 - BUG-000177336 - ArcGIS Enterprise Sites has a stored Cross-site Scripting vulnerability.
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 β 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in the β¦
4.8
CVE-2025-55104 - BUG-000173918 - ArcGIS Enterprise Sites has a security vulnerability.
A stored cross-site scripting (XSS) vulnerability exists ArcGIS HUB and ArcGIS Enterprise Sites which allows an authenticated user with the ability to create or edit a site to add and store an XSS payload. If this stored XSS payload is triggered by any user attacker supplied JavaScript may execute β¦