5.5
CVE-2023-40108 -
In multiple locations, there is a possible way to access media content belonging to another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
8.6
CVE-2023-50733 - A Server-Side Request Forgery (SSRF) vulnerability exists in newer Lexmark devices.
A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Web Services feature of newer Lexmark devices.
9.1
CVE-2024-45479 - Apache Ranger: SSRF in Edit Service page - Add logic to filter requests to localhost
SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.
4.8
CVE-2024-45478 - Apache Ranger: Stored XSS in Edit Service page - Add logic to validate user input
Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.
8.8
CVE-2024-51941 - Apache Ambari: Remote Code Injection in Ambari Metrics and AMS Alerts
A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature, allowing authenticated users to inject and execute arbitrary code. The vulnerability occurs when processing alert definitions, where malicious input can be injected into the alert script execution path. Aβ¦
8.8
CVE-2025-23196 - Apache Ambari: Code Injection Vulnerability in Ambari Alert Definition
A code injection vulnerability exists in the Ambari Alert Definition feature, allowing authenticated users to inject and execute arbitrary shell commands. The vulnerability arises when defining alert scripts, where the script filename field is executed using `sh -c`. An attacker with authenticaβ¦
7.5
CVE-2025-23195 - Apache Ambari: XML External Entity (XXE) Vulnerability in Ambari/Oozie
An XML External Entity (XXE) vulnerability exists in the Ambari/Oozie project, allowing an attacker to inject malicious XML entities. This vulnerability occurs due to insecure parsing of XML input using the `DocumentBuilderFactory` class without disabling external entity resolution. An attackerβ¦
7.3
CVE-2025-21571 -
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.24 and prior to 7.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox eβ¦
6.1
CVE-2025-21570 -
Vulnerability in the Oracle Life Sciences Argus Safety product of Oracle Health Sciences Applications (component: Login). The supported version that is affected is 8.2.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life Sciencβ¦
6.6
CVE-2025-21569 -
Vulnerability in the Oracle Hyperion Data Relationship Management product of Oracle Hyperion (component: Web Services). The supported version that is affected is 11.2.19.0.000. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hypβ¦