8.8

CVSS3.1

CVE-2025-1095 - IBM Personal Communications command execution

IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE). The vulnerability allows any interactively logged in users on the target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a l…

πŸ“… Published: April 8, 2025, 3:11 p.m. πŸ”„ Last Modified: Feb. 26, 2026, 6:28 p.m.

6.9

CVSS4.0

CVE-2025-32024 - bep/imagemeta allows excessively large EXIF data structures

bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The EXIF data format allows for defining excessively large data structures in relatively small payloads. Before v0.10.0, If you didn't trust the input images, this could be abused to c…

πŸ“… Published: April 8, 2025, 3:10 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

9.3

CVSS4.0

CVE-2025-32020 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in crud-query-…

The crud-query-parser library parses query parameters from HTTP requests and converts them to database queries. Improper neutralization of the order/sort parameter in the TypeORM adapter, which allows SQL injection. You are impacted by this vulnerability if you are using the TypeORM adapter, orderi…

πŸ“… Published: April 8, 2025, 3:05 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.2

CVSS3.1

CVE-2025-22466 -

Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

πŸ“… Published: April 8, 2025, 2:27 p.m. πŸ”„ Last Modified: May 16, 2025, 2 p.m.

6.1

CVSS3.1

CVE-2025-22465 -

Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to execute arbitrary javascript in a victim's browser. Unlikely user interaction is required.

πŸ“… Published: April 8, 2025, 2:27 p.m. πŸ”„ Last Modified: May 16, 2025, 2 p.m.

6.1

CVSS3.1

CVE-2025-22464 -

An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data into memory causing a denial-of-service condition.

πŸ“… Published: April 8, 2025, 2:27 p.m. πŸ”„ Last Modified: May 16, 2025, 2 p.m.

7.2

CVSS3.1

CVE-2025-22461 -

SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote authenticated attacker with admin privileges to achieve code execution.

πŸ“… Published: April 8, 2025, 2:26 p.m. πŸ”„ Last Modified: Feb. 26, 2026, 6:28 p.m.

4.8

CVSS3.1

CVE-2025-22459 -

Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers.

πŸ“… Published: April 8, 2025, 2:25 p.m. πŸ”„ Last Modified: May 16, 2025, 2 p.m.

7.8

CVSS3.1

CVE-2025-22458 -

DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System.

πŸ“… Published: April 8, 2025, 2:25 p.m. πŸ”„ Last Modified: Feb. 26, 2026, 6:28 p.m.

3

CVSS3.1

CVE-2024-50565 -

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15 and 6.2.0 through 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2…

πŸ“… Published: April 8, 2025, 2:03 p.m. πŸ”„ Last Modified: July 25, 2025, 3:22 p.m.
Total resulsts: 345192
Page 5569 of 34,520
Β« previous page Β» next page
Filters