5.5

CVSS3.1

CVE-2025-23055 - Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in HPE Aruba Networking Fabric Compos…

A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the …

πŸ“… Published: Jan. 28, 2025, 5:11 p.m. πŸ”„ Last Modified: March 28, 2025, 7 p.m.

6.2

CVSS3.1

CVE-2018-9378 -

In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

πŸ“… Published: Jan. 28, 2025, 4:53 p.m. πŸ”„ Last Modified: July 10, 2025, 8:31 p.m.

8.8

CVSS3.1

CVE-2018-9373 -

In TdlsexRxFrameHandle of the MTK WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

πŸ“… Published: Jan. 28, 2025, 4:52 p.m. πŸ”„ Last Modified: July 10, 2025, 8:35 p.m.

5.7

CVSS3.1

CVE-2017-13318 -

In HeifDataSource::readAt of HeifDecoderImpl.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

πŸ“… Published: Jan. 28, 2025, 4:51 p.m. πŸ”„ Last Modified: July 10, 2025, 8:41 p.m.

5.7

CVSS3.1

CVE-2017-13317 -

In HeifDecoderImpl::getScanline of HeifDecoderImpl.cpp, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

πŸ“… Published: Jan. 28, 2025, 4:50 p.m. πŸ”„ Last Modified: July 10, 2025, 8:41 p.m.

5.4

CVSS3.1

CVE-2024-8401 -

CWE-79: Improper Neutralization of Input During Web Page Generation (β€˜Cross-site Scripting’) vulnerability exists when an authenticated attacker modifies folder names within the context of the product.

πŸ“… Published: Jan. 28, 2025, 4:35 p.m. πŸ”„ Last Modified: Jan. 28, 2025, 6:58 p.m.

8.6

CVSS3.1

CVE-2025-0781 - Incorrect Authorization in SimGear

An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.

πŸ“… Published: Jan. 28, 2025, 4:34 p.m. πŸ”„ Last Modified: Aug. 6, 2025, 7:25 p.m.

7.8

CVSS3.1

CVE-2025-23385 -

In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible

πŸ“… Published: Jan. 28, 2025, 4:01 p.m. πŸ”„ Last Modified: Jan. 12, 2026, 6:53 p.m.

6.9

CVSS4.0

CVE-2025-0432 - HMS Networks Ewon Flexy 202 Cleartext Transmission of Sensitive Information

EWON Flexy 202 transmits user credentials in clear text with no encryption when a user is added, or user credentials are changed via its webpage.

πŸ“… Published: Jan. 28, 2025, 3:56 p.m. πŸ”„ Last Modified: Jan. 28, 2025, 4:32 p.m.

9.3

CVSS4.0

CVE-2025-24800 - Critical vulnerability in `ismp-grandpa` <v15.0.1

Hyperbridge is a hyper-scalable coprocessor for verifiable, cross-chain interoperability. A critical vulnerability was discovered in the ismp-grandpa crate, that allowed a malicious prover easily convince the verifier of the finality of arbitrary headers. This could be used to steal funds or compro…

πŸ“… Published: Jan. 28, 2025, 3:41 p.m. πŸ”„ Last Modified: Jan. 28, 2025, 4:15 p.m.
Total resulsts: 343968
Page 6405 of 34,397
Β« previous page Β» next page
Filters