207 matches found
MINI-PR33-6JM9-34WX
Bulletin has no description...
CVE-2025-48913
If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8...
Introducing Wiz for Exposure Management: Unify, Prioritize, and Remediate Exposures Everywhere
Stop chasing CVEs with new UVM and Sensor Workload Scanner capabilities. Remove silos to effectively prioritize and reduce exposures across cloud, code, and on-prem...
CVE-2025-4425
The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/productsecurity/home...
PT-2025-31366 · Lenovo +1 · Lenovo +1
Name of the Vulnerable Software and Affected Versions: InsydeH2O firmware for Lenovo affected versions not specified Description: A high-severity stack overflow exists in InsydeH2O firmware used in Lenovo products. Local attackers with privileges could potentially gain deep system control...
PT-2025-31365 · Lenovo · Lenovo
Name of the Vulnerable Software and Affected Versions: Lenovo affected versions not specified Description: The issue was identified in code developed specifically for Lenovo. For more information, refer to the "Lenovo Product Security Advisories and Announcements" webpage. Recommendations: At the...
PT-2025-31367 · Lenovo · Lenovo
Name of the Vulnerable Software and Affected Versions: Lenovo affected versions not specified Description: The issue was identified in custom firmware developed for Lenovo devices. Additional information is available on the Lenovo Product Security Advisories and Announcements webpage...
CVE-2025-54439
CVE-2025-54439 affects Samsung Electronics MagicINFO 9 Server. The vulnerability is an Unrestricted Upload of File with Dangerous Type that enables remote code execution by uploading arbitrarily crafted files. Public details indicate impact on MagicINFO 9 Server versions prior to 21.1080.0. A rem...
Security Bulletin: AIX/VIOS is vulnerable to arbitrary code execution (CVE-2025-3277, CVE-2025-29087) and denial of service (CVE-2025-29088) due to RPM
Summary Vulnerabilities in RPM could allow an attacker to execute arbitrary code CVE-2025-3277, CVE-2025-29087 or cause a denial of service CVE-2025-29088. RPM is used by AIX for package management. Vulnerability Details CVEID:CVE-2025-3277 DESCRIPTION: An integer overflow can be triggered in...
CVE-2025-48809
Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally...
Windows Kernel Information Disclosure Vulnerability
Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally...
MAL-2025-5050 Malicious code in react-card-security-code (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c1ee206260c832fcc9736dc58bdd69c339579082e7216fd531b76689c04730e5 Any computer that has this package installed or running should be considered...
CVE-2024-36250
Mattermost versions 9.11.x = 9.11.2, and 9.5.x = 9.5.10 fail to protect the mfa code against replay attacks, which allows an attacker to reuse the MFA code within 30 seconds...
CVE-2023-31763
Weak security in the transmitter of AGShome Smart Alarm v1.0 allows attackers to gain full access to the system via a code replay attack...
CVE-2023-42787
A client-side enforcement of server-side security CWE-602 vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution...
CVE-2020-11177
User can overwrite Security Code NV item without knowing current SPC due to improper validation of SPC code setting and device lock in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon...
PT-2025-20074 · Lemesconsultoria · Lemesconsultoria Hcm Galera.App
Name of the Vulnerable Software and Affected Versions: lemesconsultoria HCM galera.app version 4.58.0 Description: The issue allows an attacker to execute arbitrary code via multiple API endpoints, including "/ted/solicitacao treinamento/", "/rh/metas/perspectiva estrategica/edicao/",...
CGA-7HV3-6GVW-JFJ8
Bulletin has no description...
MAL-2025-2823 Malicious code in @uniqa/security-code-ms-api (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2024-23970 ChargePoint Home Flex Improper Certificate Validation
This vulnerability allows network-adjacent attackers to compromise transport security on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CURLOPTSSLVERIFYHOST setting. The issue...