5.5
CVE-2025-46716 - Sandboxie Arbitrary Kernel Read in SbieDrv.sys API (API_SET_SECURE_PARAM)
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_SetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to read froβ¦
8.5
CVE-2025-43596 - MSP360 Backup (for Windows) insecure filesystem permissions
An insecure file system permissions vulnerability in MSP360 Backup 8.0 allows a low privileged user to execute commands with SYSTEM level privileges using a specially crafted file with an arbitrary file backup target. Upgrade to MSP360 Backup 8.1.1.19 (released on 2025-05-15).
7.8
CVE-2025-46715 - Sandboxie Arbitrary Kernel Write in SbieDrv.sys API (API_GET_SECURE_PARAM)
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_GetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to write toβ¦
7.5
CVE-2024-48850 - Authenticated Absolute Path Traversal
Absolute File Traversal vulnerabilities in ASPECT allows access and modification of unintended resources. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
9.5
CVE-2024-48853 - Authenticated Escalation to guest to root
An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as a "non" root ASPECT user.Β This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
5.4
CVE-2025-33138 - IBM Aspera Faspex HTML injection
IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
7.1
CVE-2025-33137 - IBM Aspera Faspex data modification
IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security.
7.1
CVE-2025-33136 - IBM Aspera Faspex data modification
IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data.
7.4
CVE-2025-4366 - Request Smuggling Vulnerability in Pingora
A request smuggling vulnerability identified within Pingoraβs proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning. Fixed in:Β https://github.com/cloudfβ¦
6.1
CVE-2025-23183 - UBtech β CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CWE-601: URL Redirection to Untrusted Site ('Open Redirect')