25211 matches found
CVE-2025-20358
A vulnerability in the Contact Center Express CCX Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative permissions pertaining to script creation and execution. This vulnerability is due to improper authenticatio...
CVE-2025-20374
Technical details about CVE-2025-20374 are not publicly provided in the connected documents. Please monitor for updates from Cisco and Red Hat advisories for affected products, impact scope, and remediation.
CVE-2025-10622
CVE-2025-10622 affects Red Hat Satellite (Foreman) and enables an authenticated user with edit_settings permissions to perform arbitrary OS command execution due to insufficient server-side command whitelisting validation. Connected advisories confirm OS command injection is addressed in RHSA-202...
CVE-2025-43380
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. Parsing a file may lead to an unexpected app termination...
CVE-2025-43434
A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash. Mitigation Do not process or load untrusted web content with WebKitGTK. In Red Hat Enterprise Linux 7, the following packag...
CVE-2025-43500
A privacy issue was addressed with improved handling of user preferences. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. An app may be able to access sensitive user data...
CVE-2025-43460
A logic issue was addressed with improved checks. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker with physical access to a locked device may be able to view sensitive user information...
CVE-2025-43507
A privacy issue was addressed by moving sensitive data. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. An app may be able to fingerprint the user...
CVE-2025-43479
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access sensitive user data...
CVE-2025-43336
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app with root privileges may be able to access private information...
CVE-2025-43323
This issue was addressed with additional entitlement checks. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to fingerprint the user...
CVE-2025-43398
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to cause unexpected system termination...
CVE-2025-43493
The issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1. Visiting a malicious website may lead to address bar spoofing...
CVE-2025-43439
A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, visionOS 26.1. An app may be able to fingerprint the user...
Dynatrace ActiveGate 安全漏洞
Dynatrace ActiveGate is a gateway component in a monitoring platform from Dynatrace USA. A security vulnerability exists in Dynatrace ActiveGate version 1.016 and earlier, which stems from improper handling of specially crafted ip addresses and could lead to an OS command injection attack...
PT-2025-45130
Name of the Vulnerable Software and Affected Versions Cisco Unified CCX versions affected versions not specified Description A flaw exists in the Contact Center Express CCX Editor application that could allow a remote attacker to circumvent authentication and gain administrative privileges relate...
Dell CloudLink 操作系统命令注入漏洞
Dell CloudLink is a data encryption and key management system from Dell USA. A command execution vulnerability exists in Dell CloudLink, which could be exploited by an attacker to execute arbitrary commands on the system...
PT-2025-45113
Name of the Vulnerable Software and Affected Versions Dynatrace ActiveGate versions up to 1.016 Description An OS command injection issue exists in the Dynatrace ActiveGate ping extension. This flaw allows for potential code execution through the use of specially crafted IP addresses. The ping...
Cisco Nexus 3000 9000 Series Switches Protocol Independent Multicast Version 6 DoS (cisco-sa-nxospc-pim6-vG4jFPh)
According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability. - A vulnerability in the Protocol Independent Multicast Version 6 PIM6 feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticate...
PT-2025-48742
Name of the Vulnerable Software and Affected Versions Apptainer versions prior to 1.4.5 Description Apptainer is a container platform. Versions of Apptainer prior to 1.4.5 allow a container to disable certain forms of the --security option, specifically --security=apparmor: and --security=selinux...