5.4
CVE-2024-48019 - Apache Doris: allows admin users to read arbitrary files through the REST API
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Files or Directories Accessible to External Parties vulnerability in Apache Doris. Application administrators can read arbitrary files from the server filesystem through path traversal. Users are recommended to upgrβ¦
4.7
CVE-2025-25039 - Authenticated Remote Command Injection in HPE Aruba Networking ClearPass Policy Manager Web-Based Mβ¦
A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on β¦
6.6
CVE-2025-23060 - Sensitive Data Exposure Vulnerability in HPE Aruba Networking ClearPass Policy Manager (CPPM)
A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to network resources as β¦
6.8
CVE-2025-23059 - Sensitive Information Disclosure in HPE Aruba Networking ClearPass Policy Manager
A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing sensitive information. If exploited successfully, this vulnerability allows an authenticated remote attacker with high privileges to access and retrieve sensitive daβ¦
8.8
CVE-2025-23058 - Authenticated Broken Access Control Vulnerability in ClearPass Policy Manager Web-Based Management β¦
A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to execute functions that should be restricted to administrators only with read/write privileges. Succβ¦
9.8
CVE-2025-0364 - BigAntSoft BigAnt Server Account Registration Bypass to File Upload RCE
BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the attβ¦
5.3
CVE-2024-45659 - IBM Security Verify Access information disclosure
IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
9.8
CVE-2024-9644 - Four-Faith F3x36 bapply.cgi Auth Bypass
The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead of the normal "apply.cgi" endpoint. A remote β¦
9.8
CVE-2024-9643 - Four-Faith F3x36 Hidden Debug Credentials
The Four-FaithΒ F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to CVE-2023-326β¦
7.2
CVE-2024-23690 - EOL Netgear FVS336v3 Telnet Configuration Backup Command Injection
The end-of-life Netgear FVS336Gv2 and FVS336Gv3 are affected by a command injection vulnerability in the Telnet interface. An authenticated and remote attacker can execute arbitrary OS commands as root over Telnet by sending crafted "util backup_configuration" commands.