Lucene search
K
RedhatcveRecent

206406 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.8 views

CVE-2025-31974

HCL BigFix Service Management SM is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow unintended modifications to critical system components, potentially increasing the risk of system compromise or unauthorized changes...

7.2CVSS5.5AI score0.00178EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.9 views

CVE-2025-31975

HCL BigFix Service Management SM is affected by an Information Disclosure – Server Banner issue was identified. Exposed server banners may reveal software versions and system details, potentially aiding attackers in targeting known vulnerabilities...

5.3CVSS5.5AI score0.00172EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.10 views

CVE-2025-31957

HHCL BigFix Service Management SM is affected by a Cross‑Site Request Forgery CSRF vulnerability. This could lead to unauthorized changes or exposure of sensitive data...

5.7CVSS5.5AI score0.00095EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.10 views

CVE-2025-31984

HCL BigFix Service Management SM is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly...

5.4CVSS5.4AI score0.00135EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.9 views

CVE-2025-15609

The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc...

7.5CVSS5.5AI score0.00404EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.12 views

CVE-2025-31982

HCL BigFix Service Management SM had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of information disclosure or misuse of sensitive functionality...

6.5CVSS5.4AI score0.00153EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.11 views

CVE-2025-15638

Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt. Net::Dropbear versions before 0.14 includes versions of Dropbear 2019.78 or earlier. These include versions of libtomcrypt v1.18.1 or earlier, which is affected by CVE-2016-6129 and CVE-2018-12437...

10CVSS7.2AI score0.0057EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.11 views

CVE-2025-13030

All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint lacks authentication protection and proper sanitisation of file...

9.8CVSS6.2AI score0.00308EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.13 views

CVE-2025-66769

A NULL pointer dereference in Nitro PDF Pro for Windows v14.41.1.4 allows attackers to cause a Denial of Service DoS via a crafted XFA packet...

7.5CVSS5.5AI score0.00442EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.9 views

CVE-2025-59308

In Mahara before 24.04.10 and 25 before 25.04.1, an institution administrator or institution support administrator on a multi-tenanted site can masquerade as an institution member in an institution for which they are not an administrator, if they also have the 'Site staff' role...

4.7CVSS5.4AI score0.00177EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.9 views

CVE-2025-48648

In isSameApp of NotificationManagerService.java, there is a possible persistent dos due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.6AI score0.00068EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.9 views

CVE-2025-66170

The CloudStack Backup plugin has an improper authorization logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and has access to specific APIs can list backups from any account in the environment...

6.5CVSS5.4AI score0.00486EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.8 views

CVE-2025-62338

HCL BigFix Cloud Lifecycle Management is affected by lack of input validation. This low-level flaw allows unauthorized access and may lead to information exposure...

3.3CVSS5.4AI score0.001EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.8 views

CVE-2025-66954

A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames and their associated privilege roles. The issue is triggered by modifying a parameter within requests sent to the /nasapi endpoint...

6.5CVSS5.5AI score0.00321EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.10 views

CVE-2025-48616

In multiple functions of KeyguardViewMediator.java , there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitatio...

3.3CVSS5.7AI score0.00072EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.10 views

CVE-2025-66171

The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and have access to specific APIs can create new VMs using backups of any other user of the...

6.5CVSS5.5AI score0.0053EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.12 views

CVE-2025-62345

HCL BigFix RunBookAI is affected by a Continued availability of Less-Secure “Input Text” Vulnerability . A component contains a security weakness in its input handling implementation, increasing the risk of misconfiguration and operational errors...

2.7CVSS5.4AI score0.00218EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.10 views

CVE-2025-62309

HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may allow sensitive information to be stored in the browser, potentially leading to unintended exposure under specific conditions...

2.6CVSS5.4AI score0.00115EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.8 views

CVE-2025-62312

HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication. Use of basic authorization mechanisms may expose credentials to potential interception or misuse, especially if not combined with secure transmission practices...

3CVSS5.5AI score0.00137EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.11 views

CVE-2025-62316

HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions...

2.3CVSS5.5AI score0.00106EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.9 views

CVE-2025-31959

HCL BigFix Service Management SM application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sensitive location information is unintentionally shared...

3.5CVSS5.4AI score0.00143EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.9 views

CVE-2025-57735

When user logged out, the JWT token the user had authtenticated with was not invalidated, which could lead to reuse of that token in case it was intercepted. In Airflow 3.2 we implemented the mechanism that implements token invalidation at logout. Users who are concerned about the logout scenario...

9.1CVSS5.4AI score0.00667EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.10 views

CVE-2025-66335

Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version...

5.3CVSS5.8AI score0.00655EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.11 views

CVE-2025-66660

Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRVSOCCMDIDSRIOVCHECKTACOMPAT to cause incorrect shared memory mapping, potentially resulting in unexpected behavior...

1.8CVSS5.5AI score0.00101EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.11 views

CVE-2025-62233

Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module. This issue affects Apache DolphinScheduler: Version = 3.2.0 and 3.3.1. Attackers who can access the Master or Worker nodes can compromise the system by creating a StandardRpcRequest, injecting a malicious class...

6.3CVSS5.4AI score0.00537EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.10 views

CVE-2025-71217

An origin validation error vulnerability in the Trend Micro Apex One mac agent self-protection mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in ord...

7.8CVSS7.5AI score0.00295EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.10 views

CVE-2025-57282

ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command Injection...

8.8CVSS5.4AI score0.00981EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.10 views

CVE-2025-71310

The GDPR cookies module for Backdrop CMS before 1.x-1.3.5 doesn't sufficiently protect visitors from Cross Site Scripting XSS if a malicious value has been provided for the optional 'Info content' field for the YouTube service. This is mitigated by the fact that an attacker must have a role with...

1.8CVSS5.3AI score0.00264EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.11 views

CVE-2025-71215

A time-of-check time-of-use vulnerability in the Trend Micro Apex One mac agent iCore service signature verification could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target...

7CVSS7.5AI score0.00301EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.9 views

CVE-2025-62317

HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary systems, potentially leading to unintended information disclosure under certain conditions...

2.6CVSS5.4AI score0.00115EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.8 views

CVE-2013-10075

Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DBFile will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted...

9.1CVSS5.4AI score0.00356EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.12 views

CVE-2022-26523

The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash due to a double fetch vulnerability at aswArPot+0xbb94...

5.3CVSS8.5AI score0.0025EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.9 views

CVE-2026-25680

A flaw was found in golang.org/x/net/html. A remote attacker could provide specially crafted HTML, which, when parsed by the affected component, would consume excessive CPU resources. This could lead to a Denial of Service DoS condition, making the system unavailable to legitimate users. Mitigati...

6.5CVSS6AI score0.00248EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.11 views

CVE-2025-48431

Mismatched Memory Management Routines vulnerability in Apache Thrift cglib language bindings. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. Description: Specially crafted requests can crash an cglib-based Thrift server...

7.5CVSS5.4AI score0.01051EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.8 views

CVE-2026-25219

The accesskey and connectionstring connection properties were not marked as sensitive names in secrets masker. This means that user with read permission could see the values in Connection UI, as well as when Connection was accidentaly logged to logs, those values could be seen in the logs. Azure...

6.5CVSS5.5AI score0.00552EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.8 views

CVE-2026-25110

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS...

3.3CVSS5.4AI score0.0012EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.11 views

CVE-2026-25681

A flaw was found in golang.org/x/net/html. A remote attacker could exploit this vulnerability by providing specially crafted HTML. When this arbitrary HTML is parsed and rendered, it can result in an unexpected HTML tree, bypassing input sanitization. This can be leveraged to execute Cross-Site...

8.1CVSS6.5AI score0.00178EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.10 views

CVE-2022-26522

The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash due to a double fetch vulnerability at aswArPot+0xc4a3...

7.8CVSS8.5AI score0.00217EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.10 views

CVE-2022-45899

Nokia Broadcast Message Center BMC before 13.1 allows an unauthenticated remote attacker to do OS command injection as root via shell metacharacters in the Log Scanner Search Pattern field...

6.5CVSS5.5AI score0.00826EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.12 views

CVE-2026-43680

A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operating system commands on the underlying host. This issue is fixed in FileMaker Cloud 2.22.0.5...

7.2CVSS6AI score0.00461EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.10 views

CVE-2026-43514

A flaw was found in Apache Tomcat. The AJP secret was comparable in non-constant time, allowing an attacker on the local network to mount a timing attack to determine the AJP secret, which may lead to unauthorized access or other security bypasses...

3.7CVSS5.4AI score0.00352EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.8 views

CVE-2026-25608

STER uses unencrypted TCP traffic to transmit data over the network. It allows an attacker to conduct a Man-In-The-Middle attack and obtain sensitive data such as passwords, personal data, or authentication tokens. This issue was fixed in version 9.5...

2.3CVSS5.5AI score0.00208EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.12 views

CVE-2025-62188

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, including database credentials. This issue affects Apache DolphinScheduler versions 3.1.. Users are...

7.5CVSS5.3AI score0.00521EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.9 views

CVE-2026-43826

The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

6.5CVSS5.5AI score0.0041EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.9 views

CVE-2022-23961

In Thruk Monitoring through 2.46.3, the login field of the login form is vulnerable to reflected XSS. This vulnerability can be exploited by unauthenticated remote attackers to target users of the monitoring interface...

6.1CVSS5.5AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.11 views

CVE-2026-43646

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...

7.5CVSS5.4AI score0.00394EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.14 views

CVE-2026-25199

Instances deployed via the Proxmox extension allow unauthorized access to instances belonging to other tenants. This issue affects Apache CloudStack: from 4.21.0.0 through 4.22.0.0. The Proxmox extension for CloudStack improperly uses a user-editable instance setting, proxmoxvmid, to associate...

9.1CVSS5.4AI score0.005EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.11 views

CVE-2022-23826

A TOCTOU Time-Of-Check to Time-Of-Use in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss of integrity...

1.8CVSS5.5AI score0.00082EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.9 views

CVE-2026-43975

FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName before constructing file paths, allowing an unauthenticated attacker to write arbitrary files outside the intended upload directory or read files from arbitrary locations on t...

6.5CVSS5.5AI score0.00732EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.8 views

CVE-2026-43661

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. Processing a maliciously crafted image may corrupt process memory...

7.5CVSS5.8AI score0.00417EPSS
Exploits0References1
Total number of security vulnerabilities206406