6.6

CVSS4.0

CVE-2025-24976 - Distribution's token authentication allows attacker to inject an untrusted signing key in a JWT

Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token authentication enabled may be vulnerable to an issue in which token authentication allows an attacker to inject an untrusted signing key in a J…

πŸ“… Published: Feb. 11, 2025, 3:48 p.m. πŸ”„ Last Modified: Jan. 23, 2026, 5:16 p.m.

9.4

CVSS3.1

CVE-2025-24973 - Concorde not removing authentication tokens after logging out

Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Prior to version 12.25Q1.1, due to an improper implementation of the logout process, authentication credentials remain in cookies even after a user has explicitly logged out, which may allow an attacker to…

πŸ“… Published: Feb. 11, 2025, 3:41 p.m. πŸ”„ Last Modified: June 17, 2025, 12:08 p.m.

8.6

CVSS3.1

CVE-2025-24900 - Concorde CSRF vulnerability due to insecure configuration of authentication cookie attributes

Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Due to a lack of CSRF countermeasures and improper settings of cookies for MediaProxy authentication, there is a vulnerability that allows MediaProxy authentication to be bypassed. In versions prior to 12.…

πŸ“… Published: Feb. 11, 2025, 3:36 p.m. πŸ”„ Last Modified: Feb. 11, 2025, 4:15 p.m.

4.5

CVSS4.0

CVE-2025-24807 - Fast DDS does not verify Permissions CA

eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.6.10, 2.10.7, 2.14.5, 3.0.2, 3.1.2, and 3.2.0, per design, PermissionsCA is not full chain validated, nor is the expiration date validated. Access cont…

πŸ“… Published: Feb. 11, 2025, 3:31 p.m. πŸ”„ Last Modified: Feb. 21, 2025, 3:26 p.m.

0.0

CVE-2025-1234 -

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

πŸ“… Published: Feb. 11, 2025, 3:30 p.m. πŸ”„ Last Modified: July 5, 2025, 11:15 p.m.

7.1

CVSS3.1

CVE-2024-13813 -

Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files.

πŸ“… Published: Feb. 11, 2025, 3:26 p.m. πŸ”„ Last Modified: Feb. 20, 2025, 3:56 p.m.

6

CVSS3.1

CVE-2024-13843 -

Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.

πŸ“… Published: Feb. 11, 2025, 3:26 p.m. πŸ”„ Last Modified: Feb. 20, 2025, 3:55 p.m.

6

CVSS3.1

CVE-2024-13842 -

A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.

πŸ“… Published: Feb. 11, 2025, 3:25 p.m. πŸ”„ Last Modified: Feb. 20, 2025, 3:55 p.m.

6.1

CVSS3.1

CVE-2024-13830 -

Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

πŸ“… Published: Feb. 11, 2025, 3:22 p.m. πŸ”„ Last Modified: Feb. 13, 2025, 5:09 p.m.

6.8

CVSS3.1

CVE-2024-12058 -

External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read arbitrary files.

πŸ“… Published: Feb. 11, 2025, 3:21 p.m. πŸ”„ Last Modified: July 16, 2025, 4 p.m.
Total resulsts: 343194
Page 6194 of 34,320
Β« previous page Β» next page
Filters