CVE-2025-54087 Server-side request forgery in Secure Access

CVE-2025-54087 is a server-side request forgery vulnerability in Secure Access prior to version 14.10. Attackers with administrative privileges can publish a crafted test HTTP request originating from the Secure Access server. The attack complexity is high, there are no attack requirements, and...

CVE-2025-54086 Excess Permissions in Warehouse

CVE-2025-54086 is an excess permissions vulnerability in the Warehouse component of Absolute Secure Access prior to version 14.10. Attackers with access to the local file system can read the Java keystore file. The attack complexity is low, there are no attack requirements, the privileges require...

Ivanti Secure Access Client 安全漏洞

Ivanti Secure Access Client is a security software client developed by Ivanti, Inc. to enable remote secure access, supporting enterprise-class VPN connections and encrypted access to resources. Ivanti Secure Access Client suffers from an open redirection vulnerability that originates from an...

Ivanti Secure Access Client 安全漏洞

Ivanti Secure Access Client is a security software client from Ivanti USA. A security vulnerability exists in Ivanti Secure Access Client versions prior to 14.10 that stems from vulnerability to cross-site scripting attacks...

Tuleap 安全漏洞

Tuleap is an open source application lifecycle management system that facilitates agile software development, design projects, V-modeling, requirements management and IT service management. A security vulnerability exists in Tuleap that stems from the presence of a privilege control error issue...