6.5
CVE-2024-52980 - Elasticsearch Uncontrolled Resource Consumption vulnerability
A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious user to have read_pipeline Elasticsearch cluster privilege assigned to theβ¦
5.4
CVE-2025-27084 - Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal (CP) of an AOS-10 GW and AOS-8β¦
A vulnerability in the Captive Portal of an AOS-10 GW and AOS-8 Controller/Mobility Conductor could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack. Successful exploitation could enable the attacker to execute arbitrary script code in the victim's browser within theβ¦
4.9
CVE-2025-27085 - Arbitrary File Download Vulnerabilities in Web-Based Management Interface of AOS-10 GW and AOS-8 Coβ¦
Multiple vulnerabilities exist in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device.
7.2
CVE-2025-27083 - Authenticated Command Injection Vulnerabilities in AOS-10 GW and AOS-8 Controller/Mobility Conductoβ¦
Authenticated command injection vulnerabilities exist in the AOS-10 GW and AOS-8 Controller/Mobility Conductor web-based management interface. Successful exploitation of these vulnerabilities allows an Authenticated attacker to execute arbitrary commands as a privileged user on the underlying operaβ¦
9.8
CVE-2025-25226 - [20250401] - Joomla Framework - SQL injection vulnerability in quoteNameStr method of Database packβ¦
Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in question β¦
7.5
CVE-2025-25227 - [20250402] - Joomla Core - MFA Authentication Bypass
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
7.2
CVE-2025-27082 - Authenticated Remote Code Execution Vulnerabilities in AOS-10 GW and AOS-8 Controller/Mobility Condβ¦
Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated attacker to upload arbitrary files and execute arbitrary commands on the underlying β¦
6.5
CVE-2025-30671 - Zoom Workplace Apps for Windows - Null Pointer
Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
6.5
CVE-2025-30670 - Zoom Workplace Apps for Windows - Null Pointer
Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
2.8
CVE-2025-27443 - Zoom Workplace Apps for Windows - Insecure Default Variable Initialization
Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss of integrity via local access.