150 matches found
CVE-2025-24847
Improper input validation for some IntelR CIP software before version WINDCA2.4.0.11001 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary with a privileged user combined with a low complexity attack may enable data exposure. This result may...
CVE-2025-24834
Protection mechanism failure for some IntelR CIP software before version WINDCA2.4.0.11001 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable data exposure. This result...
CVE-2025-24834
Intel CIP software prior to WIN_DCA_2.4.0.11001 contains a protection mechanism failure in Ring 3: User Applications, which may allow information disclosure. An unprivileged, unauthenticated user with low-complexity attack could exposure data via adjacent access. Affected products: Intel CIP soft...
CVE-2025-24516
Improper access control for some IntelR CIP software before version WINDCA2.4.0.11001 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary with a privileged user combined with a low complexity attack may enable data exposure. This result may...
CVE-2025-20614
External control of file name or path for some IntelR CIP software before version WINDCA2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with a privileged user combined with a low complexity attack may enable escalation of privileg...
PT-2025-46436
Name of the Vulnerable Software and Affected Versions IntelR PROSet/Wireless WiFi Software for Windows versions prior to 23.160 Description An out-of-bounds read issue exists in some IntelR PROSet/Wireless WiFi Software for Windows. This flaw, located within Ring 2: Device Drivers, could allow fo...
CVE-2025-54088
CVE-2025-54088 is an open-redirect vulnerability in Secure Access prior to version 14.10. Attackers with access to the console can redirect victims to an arbitrary URL. The attack complexity is low, attack requirements are present, no privileges are required, and users must actively participate i...
CVE-2025-54086
CVE-2025-54086 is an excess permissions vulnerability in the Warehouse component of Absolute Secure Access prior to version 14.10. Attackers with access to the local file system can read the Java keystore file. The attack complexity is low, there are no attack requirements, the privileges require...
EUVD-2025-32210
Malicious code in bioql PyPI...
EUVD-2025-23215
Malicious code in bioql PyPI...
EUVD-2025-23218
Malicious code in bioql PyPI...
EUVD-2025-25817
Malicious code in bioql PyPI...
CVE-2025-54088
CVE-2025-54088 is an open-redirect vulnerability in Secure Access prior to version 14.10. Attackers with access to the console can redirect victims to an arbitrary URL. The attack complexity is low, attack requirements are present, no privileges are required, and users must actively participate i...
CVE-2025-54089
CVE-2025-54089 affects Ivanti Secure Access Client prior to version 14.10. The issue is described as a cross-site scripting vulnerability that allows attackers with console administrative access to interfere with another administrator’s access. The attack has low complexity, requires high privile...
CVE-2025-54088 Open Redirect in Secure Access prior to 14.10
CVE-2025-54088 is an open-redirect vulnerability in Secure Access prior to version 14.10. Attackers with access to the console can redirect victims to an arbitrary URL. The attack complexity is low, attack requirements are present, no privileges are required, and users must actively participate i...
CVE-2025-54088 Open Redirect in Secure Access prior to 14.10
CVE-2025-54088 is an open-redirect vulnerability in Secure Access prior to version 14.10. Attackers with access to the console can redirect victims to an arbitrary URL. The attack complexity is low, attack requirements are present, no privileges are required, and users must actively participate i...
CVE-2025-54086
CVE-2025-54086 affects Absolute Secure Access, Warehouse component, prior to version 14.10. The vulnerability is an excess-permissions issue enabling attackers with local file-system access to read the Java keystore file. Severity: CVSS 3.1 Base 3.3 (LOW) to CVSS 4.0 Base 5.3 (MEDIUM) depending o...
PT-2025-40423
Name of the Vulnerable Software and Affected Versions secure access versions prior to 14.10 Description This issue is a cross-site scripting condition. An attacker with administrative access to the console can disrupt another administrator's access. The attack complexity is low, and no specific...
PT-2025-40420
Name of the Vulnerable Software and Affected Versions Absolute Secure Access versions prior to 14.10 Description An excess permissions issue exists within the Warehouse component. An attacker who has access to the local file system can read the Java keystore file. The attack complexity is low, an...
CVE-2025-50975
IPFire 2.29 web-based firewall interface firewall.cgi fails to sanitize several rule parameters such as PROT, SRCPORT, TGTPORT, dnatport, key, ruleremark, srcaddr, stdnettgt, and tgtaddr, allowing an authenticated administrator to inject persistent JavaScript. This stored XSS payload is executed...