CVE-2025-35033

Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a remote, authenticated attacker to inject macros in downloadable CSV files. This issue is fixed as of 2025-03-14...

VulnCheck KEV: CVE-2022-37932

A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in...

CVE-2025-20312

A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper error handling when parsing a specific SNMP...

CVE-2025-43810

CVE-2025-43810 affects Liferay Portal and Liferay DXP, where an insecure direct object reference via the parameter _com_liferay_commerce_order_web_internal_portlet_CommerceOrderPortlet_commerceOrderId allows a remote authenticated user to add a note to an order in a different virtual instance. Af...

CVE-2025-10772 huggingface LeRobot ZeroMQ Socket lekiwi_remote.py missing authentication

A vulnerability was identified in huggingface LeRobot up to 0.3.3. Affected by this vulnerability is an unknown functionality of the file lerobot/common/robotdevices/robots/lekiwiremote.py of the component ZeroMQ Socket Handler. The manipulation leads to missing authentication. The attack can onl...

CVE-2025-34188

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 macOS/Linux client deployments contain a vulnerability in the local logging mechanism. Authentication session tokens, including PHPSESSID, XSRF-TOKEN, and laravelsession, are...

CVE-2025-34188

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 macOS/Linux client deployments contain a vulnerability in the local logging mechanism. Authentication session tokens, including PHPSESSID, XSRF-TOKEN, and laravelsession, are...

CVE-2025-37126

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN Gateways Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as...

CVE-2025-43778

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.11, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.20 allows an...

CVE-2025-55145

CVE-2025-55145 describes a missing authorization flaw in Ivanti Connect Secure (ICS), Ivanti Policy Secure, Ivanti ZTA Gateway, and Ivanti Neurons for Secure Access that allows a remote authenticated attacker to hijack existing HTML5 connections. Affected versions include ICS <= 22.7R2.9 and &...

CVE-2025-8712

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote authenticated attacker with read-only admin...

PT-2025-36747

Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions prior to 22.7R2.9 Ivanti Policy Secure versions prior to 22.7R1.6 Ivanti ZTA Gateway versions prior to 2.8R2.3-723 Ivanti Neurons for Secure Access versions prior to 22.8R1.4 Description: A missing authorization...

Linux Distros Unpatched Vulnerability : CVE-2014-8088

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 1 ZendLdap class in Zend before 1.12.9 and 2 Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass...

Linux Distros Unpatched Vulnerability : CVE-2015-0501

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknow...

Linux Distros Unpatched Vulnerability : CVE-2011-2907

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Terascale Open-Source Resource and Queue Manager aka TORQUE Resource Manager 3.0.1 and earlier allows remote attackers to bypass host-based authentication and...

PT-2025-34875 · Totolink · Totolink T10

Name of the Vulnerable Software and Affected Versions: TOTOLINK T10 version 4.1.8cu.5241 B20210927 Description: A vulnerability exists in TOTOLINK T10 version 4.1.8cu.5241 B20210927 related to improper authentication. The issue is located in the /formLoginAuth.htm file and involves the manipulati...

Linux Distros Unpatched Vulnerability : CVE-2009-3582

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the ...

CVE-2025-3128

A remote unauthenticated attacker who has bypassed authentication could execute arbitrary OS commands to disclose, tamper with, destroy or delete information in Mitsubishi Electric smartRTU, or cause a denial-of service condition on the product...

ROS-20250822-09

The vulnerability of the package designed to work with JSON Web Tokens jwt-go is related to incorrect checking of the data when processing data transmitted via m"aud". Exploitation of the vulnerability could allow an attacker, acting remotely, to bypass the authentication process...

GHSA-VJWR-CQWF-6Q96 Liferay Portal Vulnerable to Cross-Site Scripting via backURL Paramter

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8 and 2025.Q1.0 through 2025.Q1.15 allows a remote authenticated user to inject JavaScript code via comliferayjournalwebportletJournalPortletbackURL parameter...