8.7
CVE-2025-3857 - Infinite loop condition in Amazon.IonDotnet
When reading binary Ion data through Amazon.IonDotnet using the RawBinaryReader class, Amazon.IonDotnet does not check the number of bytes read from the underlying stream while deserializing the binary format. If the Ion data is malformed or truncated, this triggers an infinite loop condition that โฆ
5.6
CVE-2024-12863 - Stored XSS in Discussions functionality
Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux allows authenticated malicious users to inject code into the system.
8.4
CVE-2025-2298 - Authenticated API Endpoint Allows Arbitrary File Deletion in Dremio Software
An improper authorization vulnerability in Dremio Software allows authenticated users to delete arbitrary files that the system has access to, including system files and files stored in remote locations such as S3, Azure Blob Storage, and local filesystems. This vulnerability exists due to insufficโฆ
2.3
CVE-2025-2517 - Reference to Expired Domain Vulnerability in OpenTextโข ArcSight Enterprise Security Manager
Reference to Expired Domain Vulnerability in OpenTextโข ArcSight Enterprise Security Manager.
5.5
CVE-2024-12862 - REST API allows users without permissions to remove external collaborators
Incorrect Authorization vulnerability in the OpenText Content Server REST API on Windows, Linux allows users without the appropriate permissions to remove external collaborators.This issue affects Content Server: 20.2-24.4.
2.1
CVE-2025-3840 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
An improper neutralization of input vulnerability was identified in the End of Life (EOL) OVA based connect installer component which is deployed for installation purposes in a customer network. This EOL component was deprecated in September 2023 with end of support extended till January 2024. An aโฆ
6.1
CVE-2025-3838 - Improper Authorization in the installer for the EOL OVA based connect component
An Improper Authorization vulnerability was identified in the EOL OVA based connect component which is deployed for installation purposes in the customer internal network. Under certain conditions, this could allow a bad actor to gain unauthorized access to the local db containing weakly hashed creโฆ
6.1
CVE-2025-3837 - Improper Input Validation vulnerability in the End of Life (EOL) OVA based connect component
An improper input validation vulnerability is identified in the End of Life (EOL) OVA based connect component which is deployed for installation purposes in the customer internal network. This EOL component was deprecated in September 2023 with end of support extended till January 2024. Under certaโฆ
3.8
CVE-2025-25228 - Extension - virtuemart.net - SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla
A SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the product management area in backend.
9.2
CVE-2025-0632 - Local File Inclusion (LFI) leading to sensitive data exposure
Local File Inclusion (LFI) vulnerability in a Render function of Formulatrix Rock Maker Web (RMW) allows a remote attacker to obtain sensitive data via arbitrary code execution.ย A malicious actor could execute malicious scripts to automatically download configuration files in known locations to exfโฆ