EUVD-2025-208329

An issue in Aranda Service Desk Web Edition ASDK API 8.6 allows authenticated attackers to achieve remote code execution due to improper validation of uploaded files. An authenticated user can upload a crafted web.config file by sending a crafted POST request to /ASDKAPI/api/v8.6/item/addfile,...

CVE-2025-34224

Vasion Print (formerly PrinterLogic) Virtual Appliance Host (VA) and Application (VA/SaaS deployments) are affected. Prior to versions 22.0.1049 (Host) and 20.0.2786 (Application) expose PHP scripts under the console_release directory without authentication. An unauthenticated attacker can invoke...

CVE-2025-34204 Vasion Print (formerly PrinterLogic) Processes Running as Root Inside Docker Instances

Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA and SaaS deployments contains multiple Docker containers that run primary application processes for example PHP workers, Node.js servers and custom binaries as the root user. This increases the blast radius of a containe...

Update Rollup 8 for System Center 2016 Virtual Machine Manager

Update Rollup 8 for System Center 2016 Virtual Machine Manager Introduction This article describes the issues that are fixed in Update Rollup 8 for Microsoft System Center 2016 Virtual Machine Manager. Two updates are available for Virtual Machine Manager, one for the Virtual Machine Manager serv...

Information Disclosure

puppet-swift is vulnerable to information-disclosure. The vulnerability is possible as it has a flaw in the service deployment and leaves the proxy-server.conf file with world-readable permissions...