4.8
CVE-2025-3841 - wix-incubator jam Jinja2 Template jam.py special elements used in a template engine
A vulnerability, which was classified as problematic, was found in wix-incubator jam up to e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9. This affects an unknown part of the file jam.py of the component Jinja2 Template Handler. The manipulation of the argument config['template'] leads to improper neutraโฆ
8.1
CVE-2025-27086 -
A vulnerability in the HPE Performance Cluster Manager (HPCM) GUI could allow an attacker to bypass authentication.
7.5
CVE-2025-23174 - Yoel Geva - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
4
CVE-2025-32793 - Cilium packets from terminating endpoints may not be encrypted in Wireguard-enabled clusters
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0 to 1.16.8, and 1.17.0 to 1.17.2, are vulnerable when using Wireguard transparent encryption in a Cilium cluster, packets that originate from a terminating endpoint can leaveโฆ
8.8
CVE-2025-32431 - Traefik has a possible vulnerability with the path matchers
Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. In versions prior to 2.11.24, 3.3.6, and 3.4.0-rc2. There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backeโฆ
5.9
CVE-2024-12543 - A user enumeration and subsequent data integrity vulnerability affecting barcode functionality
User Enumeration and Data Integrity in Barcode functionality in OpenText Content Management versions 24.3-25.1on Windows and Linux allows a malicous authenticated attacker to potentially alter barcode attributes.
8.7
CVE-2025-3857 - Infinite loop condition in Amazon.IonDotnet
When reading binary Ion data through Amazon.IonDotnet using the RawBinaryReader class, Amazon.IonDotnet does not check the number of bytes read from the underlying stream while deserializing the binary format. If the Ion data is malformed or truncated, this triggers an infinite loop condition that โฆ
5.6
CVE-2024-12863 - Stored XSS in Discussions functionality
Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux allows authenticated malicious users to inject code into the system.
8.4
CVE-2025-2298 - Authenticated API Endpoint Allows Arbitrary File Deletion in Dremio Software
An improper authorization vulnerability in Dremio Software allows authenticated users to delete arbitrary files that the system has access to, including system files and files stored in remote locations such as S3, Azure Blob Storage, and local filesystems. This vulnerability exists due to insufficโฆ
2.3
CVE-2025-2517 - Reference to Expired Domain Vulnerability in OpenTextโข ArcSight Enterprise Security Manager
Reference to Expired Domain Vulnerability in OpenTextโข ArcSight Enterprise Security Manager.