The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local adversary may be able to execute code with SYSTEM...
7.8CVSS
7.7AI Score
0.001EPSS
Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation. A local adversary may be able to delete folders in an elevated...
5.5CVSS
7.1AI Score
0.0004EPSS
The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. A local adversary without sufficient privileges may be able to shutdown the Zscaler tunnel by exploiting a race...
4.7CVSS
7AI Score
0.0004EPSS
Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. A local adversary may be able to execute code with SYSTEM...
7.8CVSS
7.8AI Score
0.0004EPSS
Lack of TLS certificate verification in log transmission of a financial module within LINE Client for iOS prior to...
9.8CVSS
7AI Score
0.001EPSS
e-Gov Client Application (Windows version) versions prior to 2.1.1.0 and e-Gov Client Application (macOS version) versions prior to 1.1.1.0 are vulnerable to improper authorization in handler for custom URL scheme. A crafted URL may direct the product to access an arbitrary website. As a result,...
4.3CVSS
6.8AI Score
0.0005EPSS
All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and.....
9.8CVSS
9.6AI Score
0.001EPSS
An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process. Note: Software versions which have reached End of Technical Support (EoTS) are not...
7.8CVSS
6.6AI Score
0.001EPSS
The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. This vulnerability is due to an incomplete fix for CVE-2023-38418. Note: Software versions which have reached End of Technical Support (EoTS) are not...
7.8CVSS
7.5AI Score
0.0004EPSS
SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP...
7.5CVSS
7.3AI Score
0.0005EPSS
IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: ...
7.8CVSS
7.1AI Score
0.0004EPSS
In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client's temporary directory is now locked....
8.8CVSS
6.6AI Score
0.001EPSS
1E Client installer can perform arbitrary file deletion on protected files. A non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup. A hotfix is available from the 1E...
8.4CVSS
6.8AI Score
0.001EPSS
BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not...
8.2CVSS
8.1AI Score
0.001EPSS
BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not...
7.1CVSS
6.9AI Score
0.001EPSS
IBM Storage Protect 8.1.0.0 through 8.1.19.0 could allow a privileged user to obtain sensitive information from the administrative command line client. IBM X-Force ID: ...
4.4CVSS
4.3AI Score
0.0004EPSS
Improper Restriction of XML External Entity Reference vulnerability in MIM Assistant and Client DICOM RTst Loading modules allows XML Entity Linking / XML External Entities Blowup. In order to take advantage of this vulnerability, an attacker must craft a malicious XML document, embed this...
7.4CVSS
6.8AI Score
0.0004EPSS
Improper input validation in Zoom Desktop Client for Linux before version 5.15.10 may allow an unauthenticated user to conduct a denial of service via network...
7.5CVSS
7.4AI Score
0.001EPSS
The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of service condition by...
7.5AI Score
0.001EPSS
SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or prompt users before...
6.3CVSS
6.5AI Score
0.001EPSS
An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected. This vulnerability affects Mozilla VPN client for Linux <...
5.5CVSS
5.5AI Score
0.0004EPSS
An insertion of sensitive information into Log file vulnerability has been reported to affect product. If exploited, the vulnerability possibly provides local authenticated administrators with an additional, less-protected path to acquiring the information via unspecified vectors. We have already.....
4.4CVSS
4.5AI Score
0.0004EPSS
Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Override codes can also be created by the Administrators to allow a device to temporarily be disconnected from WARP, however, due to lack of server side validation, an attacker with local access.....
5.5CVSS
5.4AI Score
0.002EPSS
Reflected cross-site scripting vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to inject an arbitrary...
6.1CVSS
6AI Score
0.001EPSS
Stored cross-site scripting vulnerability in View setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary...
5.4CVSS
5.1AI Score
0.0005EPSS
Stored cross-site scripting vulnerability in Map setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary...
5.4CVSS
5.1AI Score
0.0005EPSS
Open redirect vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted...
6.1CVSS
6.2AI Score
0.001EPSS
@dcl/single-sign-on-client is an open source npm library which deals with single sign on authentication flows. Improper input validation in the init function allows arbitrary javascript to be executed using the javascript: prefix. This vulnerability has been patched on version 0.1.0. Users are...
6.1CVSS
6.4AI Score
0.0005EPSS
Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app show...
3.7CVSS
4.2AI Score
0.0004EPSS
Due to lack of a security policy, the WARP Mobile Client (<=6.29) for Android was susceptible to this vulnerability which allowed a malicious app installed on a victim's device to exploit a peculiarity in an Android function, wherein under certain conditions, the malicious app could dictate the....
5.5CVSS
5.2AI Score
0.0004EPSS
An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated...
7.8CVSS
7.6AI Score
0.0004EPSS
Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit...
5.5CVSS
5.2AI Score
0.0004EPSS
The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration......
5.3CVSS
5.5AI Score
0.001EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Catalyst Connect Catalyst Connect Zoho CRM Client Portal plugin <= 2.0.0...
4.8CVSS
4.8AI Score
0.0004EPSS
Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local...
7.8CVSS
7.2AI Score
0.0004EPSS
Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an information disclosure via local...
5.5CVSS
5.1AI Score
0.0004EPSS
Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network...
9.8CVSS
9.6AI Score
0.001EPSS
Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network...
6.5CVSS
6.1AI Score
0.0005EPSS
Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network...
9.8CVSS
9.6AI Score
0.001EPSS
Insufficient verification of data authenticity in Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via network...
8.8CVSS
8.8AI Score
0.001EPSS
Untrusted search path in the installer for Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via local...
7.8CVSS
7.8AI Score
0.0004EPSS
Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network...
9.8CVSS
9.6AI Score
0.001EPSS
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a...
4.9CVSS
6.8AI Score
0.001EPSS
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's...
9.6CVSS
9.1AI Score
0.003EPSS
The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 some of the messages received from the server contain Java objects that the client deserializes when it encounters them...
9.8CVSS
9.7AI Score
0.002EPSS
The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. Note: Software versions which have reached End of Technical Support (EoTS) are not...
7.8CVSS
7.5AI Score
0.0004EPSS
An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list. Note: Software versions which have reached End of Technical Support (EoTS) are not...
5.5CVSS
5.2AI Score
0.0004EPSS
Dell Hybrid Client version 2.0 contains a Sensitive Data Exposure vulnerability. An unauthenticated malicious user on the device can access hard coded secrets in javascript...
5.5CVSS
5.6AI Score
0.0004EPSS
Improper Authentication vulnerability in miniOrange OAuth Single Sign On – SSO (OAuth Client) plugin allows Authentication Bypass.This issue affects OAuth Single Sign On – SSO (OAuth Client): from n/a through...
8.8CVSS
8.7AI Score
0.001EPSS
A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further...
8.8CVSS
8.7AI Score
0.002EPSS