PT-2025-30452 · Alertenterprise · Alertenterprise Guardian

Name of the Vulnerable Software and Affected Versions: AlertEnterprise Guardian version 4.1.14.2.2.1 Description: An issue allows bypassing manager approval via the isAddedByApprover parameter in a Request Building Access requestSubmit API call. Recommendations: Apply a fix to address the bypass ...

CVE-2025-24922

A stack-based buffer overflow vulnerability exists in the securebioidentify functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted malicious cvobject can lead to a arbitrary code execution. An attacker can issue an API call to...

CVE-2025-24311

An out-of-bounds read vulnerability exists in the cvsendblockdata functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an information leak. An attacker can issue an API call to trigger this...

CVE-2025-25215 Dell ControlVault3/ControlVault3 Plus cv_close arbitrary free vulnerability

An arbitrary free vulnerability exists in the cvclose functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an arbitrary free. An attacker can forge a fake session to trigger this vulnerability...

CVE-2025-24922

A stack-based buffer overflow vulnerability exists in the securebioidentify functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted malicious cvobject can lead to a arbitrary code execution. An attacker can issue an API call to...

CVE-2025-25050

An out-of-bounds write vulnerability exists in the cvupgradesensorfirmware functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault 3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an out-of-bounds write. An attacker can issue an API call to...

CVE-2025-25050

Dell ControlVault3/ControlVault3 Plus are affected by CVE-2025-25050: an out-of-bounds write in cv_upgrade_sensor_firmware. Talos confirms vulnerable versions (e.g., CV firmware prior to 5.15.10.14 / 6.2.26.36) and describes a locally exploitable path via a crafted ControlVault API call, with CVS...

CVE-2025-25050 Dell ControlVault3/ControlVault3 Plus cv_upgrade_sensor_firmware out-of-bounds write vulnerability

An out-of-bounds write vulnerability exists in the cvupgradesensorfirmware functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault 3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an out-of-bounds write. An attacker can issue an API call to...

CVE-2025-24922

CVE-2025-24922 is a stack-based buffer overflow in the Dell ControlVault3/ControlVault3 Plus securebio_identify path. TALOS and Red Hat/NVD references confirm vulnerability exists in ControlVault firmware prior to 5.15.10.14 (Dell CV3) or 6.2.26.36 (CV3 Plus). The flaw is triggered by a crafted c...

CVE-2025-24311

Affected software: Dell ControlVault3 and ControlVault3 Plus firmware and related Windows driver interactions (cvusbdrv.sys) with the CA/firmware stack. Vulnerability: An out-of-bounds read in cv_send_blockdata can be triggered by a crafted ControlVault API call, leading to information disclosure...

CVE-2025-24311 Dell ControlVault3/ControlVault3 Plus cv_send_blockdata out-of-bounds read vulnerability

An out-of-bounds read vulnerability exists in the cvsendblockdata functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an information leak. An attacker can issue an API call to trigger this...

CVE-2025-24311 Dell ControlVault3/ControlVault3 Plus cv_send_blockdata out-of-bounds read vulnerability

An out-of-bounds read vulnerability exists in the cvsendblockdata functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an information leak. An attacker can issue an API call to trigger this...

PT-2025-25447 · Dell · Dell Controlvault3 +1

Name of the Vulnerable Software and Affected Versions: Dell ControlVault3 versions prior to 5.15.10.14 Dell ControlVault 3 Plus versions prior to 6.2.26.36 Description: An out-of-bounds write vulnerability exists in the cv upgrade sensor firmware function of Dell ControlVault3 and Dell ControlVau...

GHSA-6QC9-V4R8-22XG vLLM DOS: Remotely kill vllm over http with invalid JSON schema

Summary Hitting the /v1/completions API with a invalid jsonschema as a Guided Param will kill the vllm server Details The following API call venv derekh@ip-172-31-15-108 $ curl -s http://localhost:8000/v1/completions -H "Content-Type: application/json" -d '"model":...

CVE-2024-45104

A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call...

CVE-2024-53007

Bentley Systems ProjectWise Integration Server before 10.00.03.288 allows unintended SQL query execution by an authenticated user via an API call...

CVE-2023-1777

Mattermost allows an attacker to request a preview of an existing message when creating a new message via the createPost API call, disclosing the contents of the linked message...

CVE-2023-42659

In WSFTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WSFTP Serve...

CVE-2023-0683

A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call...

CVE-2022-44016

An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can download arbitrary files from the web server by abusing an API call: /DS/LMAPI/api/ConfigurationService/GetImages with an '"ImagesPath":"C:\"' value...