8.7
CVE-2025-26473 - Outback Power Mojave Inverter Use of GET Request Method With Sensitive Query Strings
The Mojave Inverter uses the GET method for sensitive information.
9.3
CVE-2025-1283 - Dingtian DT-R0 Series Authentication Bypass Using an Alternate Path or Channel
The Dingtian DT-R0 Series is vulnerable to an exploit that allows attackers to bypass login requirements by directly navigating to the main page.
7.3
CVE-2024-11347 - Access of Resource Using Incompatible Type in Postscript interpreter
Integer Overflow or Wraparound vulnerability in Lexmark International CX, XC, CS, et. Al. (Postscript interpreter modules) allows Forced Integer Overflow.The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.
7.3
CVE-2024-11346 - Access of Resource Using Incompatible Type in Postscript interpreter
: Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Lexmark International CX, XC, CS, et. Al. (Postscript interpreter modules) allows Resource Injection.This issue affects CX, XC, CS, et. Al.: from 001.001:0 through 081.231, from *.*.P001 through *.*.P233, from *.*.P001β¦
7.3
CVE-2024-11344 - Type confusion vulnerability in the Postscript interpreter in various Lexmark devices
A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.
9.1
CVE-2025-1127 - Combination Path Traversal and Concurrent Execution vulnerability exists within the embedded web seβ¦
The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user and/or modify the contents of any data on the filesystem.
7.3
CVE-2024-11345 - Heap-based memory vulnerability in the Postscript interpreter in various Lexmark devices
A heap-based memory vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.
4.5
CVE-2025-24889 - Path traversal in sd-log Qubes virtual machine
The SecureDrop Client is a desktop application for journalists to communicate with sources and work with submissions on the SecureDrop Workstation. Prior to versions 0.14.1 and 1.0.1, an attacker who has already gained code execution in a virtual machine on the SecureDrop Workstation could gain codβ¦
8.1
CVE-2025-24888 - Path traversal in SecureDrop Client API.download_reply()
The SecureDrop Client is a desktop application for journalists to communicate with sources and work with submissions on the SecureDrop Workstation. Prior to version 0.14.1, a malicious SecureDrop Server could obtain code execution on the SecureDrop Client virtual machine (`sd-app`). SecureDrop Servβ¦
7
CVE-2025-22480 -
Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary file deletion and Elevation of Privileges.