8.4
CVE-2025-2298 - Authenticated API Endpoint Allows Arbitrary File Deletion in Dremio Software
An improper authorization vulnerability in Dremio Software allows authenticated users to delete arbitrary files that the system has access to, including system files and files stored in remote locations such as S3, Azure Blob Storage, and local filesystems. This vulnerability exists due to insufficโฆ
2.3
CVE-2025-2517 - Reference to Expired Domain Vulnerability in OpenTextโข ArcSight Enterprise Security Manager
Reference to Expired Domain Vulnerability in OpenTextโข ArcSight Enterprise Security Manager.
5.5
CVE-2024-12862 - REST API allows users without permissions to remove external collaborators
Incorrect Authorization vulnerability in the OpenText Content Server REST API on Windows, Linux allows users without the appropriate permissions to remove external collaborators.This issue affects Content Server: 20.2-24.4.
2.1
CVE-2025-3840 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
An improper neutralization of input vulnerability was identified in the End of Life (EOL) OVA based connect installer component which is deployed for installation purposes in a customer network. This EOL component was deprecated in September 2023 with end of support extended till January 2024. An aโฆ
6.1
CVE-2025-3838 - Improper Authorization in the installer for the EOL OVA based connect component
An Improper Authorization vulnerability was identified in the EOL OVA based connect component which is deployed for installation purposes in the customer internal network. Under certain conditions, this could allow a bad actor to gain unauthorized access to the local db containing weakly hashed creโฆ
6.1
CVE-2025-3837 - Improper Input Validation vulnerability in the End of Life (EOL) OVA based connect component
An improper input validation vulnerability is identified in the End of Life (EOL) OVA based connect component which is deployed for installation purposes in the customer internal network. This EOL component was deprecated in September 2023 with end of support extended till January 2024. Under certaโฆ
3.8
CVE-2025-25228 - Extension - virtuemart.net - SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla
A SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the product management area in backend.
9.2
CVE-2025-0632 - Local File Inclusion (LFI) leading to sensitive data exposure
Local File Inclusion (LFI) vulnerability in a Render function of Formulatrix Rock Maker Web (RMW) allows a remote attacker to obtain sensitive data via arbitrary code execution.ย A malicious actor could execute malicious scripts to automatically download configuration files in known locations to exfโฆ
6.5
CVE-2025-28367 -
mojoPortal <=2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API Controller - ImageHandler Action. An attacker can exploit this vulnerability to access the Web.Config file and obtain the MachineKey.
6.8
CVE-2025-43972 -
An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context.