1820 matches found
CVE-2025-24816
Nokia MantaRay is subject to an Improper Access Control vulnerability due to insufficient authorization within the API. Successful exploitation could allow an authenticated attacker to retrieve confidential information beyond their assigned privileges...
CVE-2025-24816 An Improper Access Control vulnerability in Nokia MantaRay NM
Nokia MantaRay is subject to an Improper Access Control vulnerability due to insufficient authorization within the API. Successful exploitation could allow an authenticated attacker to retrieve confidential information beyond their assigned privileges...
CVE-2025-24816
Technical details about CVE-2025-24816 are not publicly available in the provided documents; monitor for updates from Nokia and vulnerability databases.
ROS-20260617-73-0021
The vulnerability of the console-based graphic editor ImageMagick is related to deficiencies in pathname restrictions for the directory. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data...
ROS-20260617-73-0022
The vulnerability of the console-based graphic editor ImageMagick is related to deficiencies in pathname restrictions for the directory. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data...
ROS-20260617-73-0027
The vulnerability of the msl.c component in the console-based image editing tool ImageMagick is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to gain access to confidential data or cause service interruptions...
CVE-2026-2401
CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause confidential information to be exposed when a Web Admin user executes a malicious file provided by an attacker...
CVE-2026-34296
Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain component: Product Quality Management. The supported version that is affected is 6.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...
CVE-2024-36315
Improper enforcement of the LFENCE serialization property may allow an attacker to bypass speculation barriers and potentially disclose sensitive information, potentially resulting in loss of confidentiality...
CVE-2026-45679
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI exports raw Redis error text as the span status message. Because Redis error replies can contain attacker-controlled or sensitive values, this behavior can exfiltrate...
ROS-20260529-73-0020
The vulnerability of the cURL command-line utility lies in the use of an uninitialized resource. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...
Astra Linux – Vulnerability in usbutils
The vulnerability of the readlinkrecursive function in the USBUtils utility is related to buffer overflow on the stack. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures...
The vulnerability of the console-based graphic editor ImageMagick, related to deficiencies in pathname restrictions for directories, allows attackers to gain access to confidential data.
The vulnerability of the console-based graphic editor ImageMagick is related to deficiencies in pathname restrictions for the directory. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data...
The vulnerability of the msl.c component in the console-based image editing tool ImageMagick allows a hacker to gain access to confidential data or cause a service failure.
The vulnerability of the msl.c component in the console-based image editing tool ImageMagick is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to gain access to confidential data or cause service interruptions...
CVE-2026-44874 Authenticated Arbitrary File Download via AOS-10 Web-Based Management Interface
A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacker to access sensitive files on the underlying operating system. Successful exploitation of this vulnerability could result in the disclosure of confidential system...
CVE-2026-44874
A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacker to access sensitive files on the underlying operating system. Successful exploitation of this vulnerability could result in the disclosure of confidential system...
ROS-20260505-73-0013
A vulnerability in the http.cookies library of the Python programming language interpreter CPython is related to improper encoding or escaping of output data. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality and integrity of protected information...
ConnectWise ScreenConnect Path Traversal Vulnerability
ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and critical systems...
EUVD-2026-24447
Vulnerability in the PeopleSoft Enterprise CS Student Records product of Oracle PeopleSoft component: Research Tracking. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise ...
CVE-2026-34299
Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft component: Work Order Management. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft...