6
CVE-2025-48066 - wire-webapp has no database deletion on client logout
wire-webapp is the web application for the open-source messaging service Wire. A bug fix caused a regression causing an issue with function to delete local data. Instructing the client to delete its local database on user logout does not result in deletion. This is the case for both temporary clienβ¦
5.6
CVE-2025-48061 - wire-webapp Has Insufficient Session Invalidation after User Logout
wire-webapp is the web application for the open-source messaging service Wire. A change caused a regression resulting in sessions not being properly invalidated. A user that logged out of the Wire webapp, could have been automatically logged in again after re-opening the application. This does not β¦
4.8
CVE-2025-47780 - cli_permissions.conf: deny option does not work for disallowing shell commands
Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface (CLI) by configuring `cli_pβ¦
7.7
CVE-2025-47779 - Using malformed From header can forge identity with ";" or NULL in name portion
Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attackβ¦
5.5
CVE-2025-46716 - Sandboxie Arbitrary Kernel Read in SbieDrv.sys API (API_SET_SECURE_PARAM)
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_SetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to read froβ¦
8.5
CVE-2025-43596 - MSP360 Backup (for Windows) insecure filesystem permissions
An insecure file system permissions vulnerability in MSP360 Backup 8.0 allows a low privileged user to execute commands with SYSTEM level privileges using a specially crafted file with an arbitrary file backup target. Upgrade to MSP360 Backup 8.1.1.19 (released on 2025-05-15).
7.8
CVE-2025-46715 - Sandboxie Arbitrary Kernel Write in SbieDrv.sys API (API_GET_SECURE_PARAM)
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_GetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to write toβ¦
7.5
CVE-2024-48850 - Authenticated Absolute Path Traversal
Absolute File Traversal vulnerabilities in ASPECT allows access and modification of unintended resources. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
9.5
CVE-2024-48853 - Authenticated Escalation to guest to root
An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as a "non" root ASPECT user.Β This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
5.4
CVE-2025-33138 - IBM Aspera Faspex HTML injection
IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.