Lucene search
+L

1862 matches found

Vulnrichment
Vulnrichment
added 2025/12/24 7:27 p.m.4 views

CVE-2018-25142 NovaRad NovaPACS Diagnostics Viewer 8.5 XML External Entity Injection

NovaRad NovaPACS Diagnostics Viewer 8.5.19.75 contains an unauthenticated XML External Entity XXE injection vulnerability in XML preference import settings. Attackers can craft malicious XML files with DTD parameter entities to retrieve arbitrary system files through an out-of-band channel attack...

9.8CVSS7.3AI score0.00371EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/24 7:27 p.m.33 views

CVE-2018-25142 NovaRad NovaPACS Diagnostics Viewer 8.5 XML External Entity Injection

NovaRad NovaPACS Diagnostics Viewer 8.5.19.75 contains an unauthenticated XML External Entity XXE injection vulnerability in XML preference import settings. Attackers can craft malicious XML files with DTD parameter entities to retrieve arbitrary system files through an out-of-band channel attack...

9.8CVSS0.00371EPSS
Exploits1References3
CVE
CVE
added 2025/12/24 7:27 p.m.15 views

CVE-2018-25142

NovaRad NovaPACS Diagnostics Viewer 8.5.19.75 is affected by an unauthenticated XML External Entity (XXE) injection in XML preference import settings. The root cause is an XXE vulnerability that allows crafted XML files with DTD parameter entities to retrieve arbitrary system files via an out-of-...

9.8CVSS7.3AI score0.00371EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.5 views

NovaRad NovaPACS Diagnostics Viewer 安全漏洞

NovaRad NovaPACS Diagnostics Viewer is a medical imaging diagnostics viewer from NovaRad Philippines. A security vulnerability exists in NovaRad NovaPACS Diagnostics Viewer version 8.5.19.75, which stems from an XML preferences import that has XML external entity injection, which could lead to...

9.8CVSS6.9AI score0.00371EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/12/17 12:0 a.m.7 views

Docker Desktop < 4.54.0 Sensitive Data Leakage

The version of Docker Desktop is prior to 4.54.0. It is therefore affected by a data leakage vulnerability. Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported...

7.5CVSS5.4AI score0.00188EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/16 10:47 a.m.5 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server and WebSphere Application Server Liberty and are affected by cross-site scripting.

Summary The security issue described in CVE-2025-12635 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

5.4CVSS6.5AI score0.00141EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/11 8:2 a.m.10 views

CVE-2025-13743

Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred...

2.4CVSS6.5AI score0.00188EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/10 2:32 a.m.6 views

CVE-2025-42878

SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access diagnostics, send crafted requests, or disrupt services. This vulnerability has a high impact on confidentiality, availability...

8.2CVSS6.7AI score0.00306EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/09 9:31 p.m.7 views

EUVD-2025-202325

Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred...

2.4CVSS6.1AI score0.00188EPSS
Exploits0References2
NVD
NVD
added 2025/12/09 9:15 p.m.6 views

CVE-2025-13743

Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred...

7.5CVSS0.00188EPSS
Exploits0References1
OSV
OSV
added 2025/12/09 9:15 p.m.6 views

CVE-2025-13743

Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred...

7.5CVSS5.8AI score0.00188EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 8:39 p.m.28 views

CVE-2025-13743 Expired Personal Access Tokens (PATs) are recorded in Docker Desktop diagnostic logs

Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred...

2.4CVSS0.00188EPSS
Exploits0References1
CVE
CVE
added 2025/12/09 8:39 p.m.23 views

CVE-2025-13743

Docker Desktop

7.5CVSS6.2AI score0.00188EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/12/09 6:30 p.m.6 views

EUVD-2025-201849

SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access diagnostics, send crafted requests, or disrupt services. This vulnerability has a high impact on confidentiality, availability...

8.2CVSS6.3AI score0.00306EPSS
Exploits0References3
NVD
NVD
added 2025/12/09 4:17 p.m.5 views

CVE-2025-42878

SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access diagnostics, send crafted requests, or disrupt services. This vulnerability has a high impact on confidentiality, availability...

8.2CVSS0.00306EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/09 2:14 a.m.2 views

CVE-2025-42878 Sensitive Data Exposure in SAP Web Dispatcher and Internet Communication Manager (ICM)

SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access diagnostics, send crafted requests, or disrupt services. This vulnerability has a high impact on confidentiality, availability...

8.2CVSS6.5AI score0.00306EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/09 2:14 a.m.36 views

CVE-2025-42878 Sensitive Data Exposure in SAP Web Dispatcher and Internet Communication Manager (ICM)

SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access diagnostics, send crafted requests, or disrupt services. This vulnerability has a high impact on confidentiality, availability...

8.2CVSS0.00306EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.6 views

PT-2025-50250

Name of the Vulnerable Software and Affected Versions Docker Desktop affected versions not specified Description Docker Desktop diagnostics bundles include expired Hub PATs Personal Access Tokens in log output because of error object serialization. This can lead to the leakage of sensitive...

2.4CVSS6.3AI score0.00188EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.8 views

PT-2025-49768

SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access diagnostics, send crafted requests, or disrupt services. This vulnerability has a high impact on confidentiality, availability...

8.2CVSS6.8AI score0.00306EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2025/12/03 12:0 a.m.221 views

📄 Microsoft Windows 11 Build 10.0.22631.6199 Advanced Admin Protection Bypass

This enhanced proof of concept exploit demonstrates an advanced method for bypassing Windows Administrator Protection by manipulating registry hives using both WinAPI and NTAPI. The code implements safe smart‑pointer wrappers for handles, secure SID management, deep registry enumeration, privileg...

7.2AI score
Exploits0
Rows per page
Query Builder