5.6
CVE-2024-42189 - HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack
HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack, due to a potentially weak validation of an API parameter.
4.8
CVE-2024-42200 - HCL BigFix Web Reports is potentially susceptible to a Stored Cross-Site Scripting (XSS) attack
HCL BigFix Web Reports might be subject to a Stored Cross-Site Scripting (XSS) attack, due to a potentially weak validation of user input.
8.5
CVE-2025-3618 - Local Privilege Escalation Vulnerability
A denial-of-service vulnerability exists in the Rockwell Automation ThinManager. The software fails to adequately verify the outcome of memory allocation while processing Type 18 messages. If exploited, a threat actor could cause a denial-of-service on the target software.
8.5
CVE-2025-3617 - Local Privilege Escalation in ThinManagerยฎ
A privilege escalation vulnerability exists in the Rockwell Automation ThinManager. When the software starts up, files are deleted in the temporary folder causing the Access Control Entry of the directory to inherit permissions from the parent directory. If exploited, a threat actor could inherit eโฆ
7.3
CVE-2025-32780 - BleachBit for Windows Has DLL Untrusted Path Vulnerability
BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.6.2 is vulnerable to a DLL Hijacking vulnerability. By placing a malicious DLL with the name uuid.dll in the folder C:\Users\<username>\AppData\Local\Microsoft\WindowsApps\, an attacker can execโฆ
6.5
CVE-2025-32779 - labsai/eddi Vulnerable to Path Traversal (Zip Slip) in ZIP Import Function
E.D.D.I (Enhanced Dialog Driven Interface) is a middleware to connect and manage LLM API bots. In versions before 5.5.0, an attacker with access to the `/backup/import` API endpoint can write arbitrary files to locations outside the intended extraction directory due to a Zip Slip vulnerability. Altโฆ
5.5
CVE-2025-32776 - OpenRazer Vulnerable to Out of Bounds Read
OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. By writing specially crafted data to the `matrix_custom_frame` file, an attacker can cause the custom kernel driver to read more bytes than provided by user space. This data wiโฆ
5.7
CVE-2025-29817 - Microsoft Power Automate Desktop Information Disclosure Vulnerability
Uncontrolled search path element in Power Automate allows an authorized attacker to disclose information over a network.
6.3
CVE-2024-11084 - Potential Username Enumeration in Helix ALM
Helix ALM prior to 2025.1 returns distinct error responses during authentication, allowing an attacker to determine whether a username exists.
5.2
CVE-2024-13177 - Symlink Following in Netskope Client Postinstall Script
Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the path of the file โnsinstallationโ. A standard user could potentially create a symlink of the file โnsinstallationโ to escalate the privileges of a different file on the system. Tโฆ