Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-0411 | 2 7-zip, Netapp | 2 7-zip, Active Iq Unified Manager | 2025-10-27 | N/A | 7.0 HIGH |
|
7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the ...
Show More |
|||||
| CVE-2021-35247 | 1 Solarwinds | 1 Serv-u | 2025-10-27 | 5.0 MEDIUM | 4.3 MEDIUM |
|
Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper characters. To insure proper input validation is completed in all environments. SolarWinds recommends scheduling an update to the latest version of Serv-U.
|
|||||
| CVE-2022-1040 | 1 Sophos | 1 Sfos | 2025-10-27 | 7.5 HIGH | 9.8 CRITICAL |
|
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.
|
|||||
| CVE-2021-22506 | 1 Microfocus | 1 Access Manager | 2025-10-27 | 5.0 MEDIUM | 7.5 HIGH |
|
Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage.
|
|||||
| CVE-2025-55336 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2025-10-27 | N/A | 5.5 MEDIUM |
|
Exposure of sensitive information to an unauthorized actor in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally.
|
|||||
| CVE-2025-53070 | 1 Oracle | 1 Solaris | 2025-10-27 | N/A | 5.5 MEDIUM |
|
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Succ ...
Show More |
|||||
| CVE-2025-22175 | 1 Atlassian | 1 Jira Align | 2025-10-27 | N/A | 5.4 MEDIUM |
|
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to modify the steps of another user's private checklist.
|
|||||
| CVE-2025-55683 | 1 Microsoft | 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more | 2025-10-27 | N/A | 5.5 MEDIUM |
|
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.
|
|||||
| CVE-2025-53782 | 1 Microsoft | 1 Exchange Server | 2025-10-27 | N/A | 8.4 HIGH |
|
Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.
|
|||||
| CVE-2019-1003030 | 2 Jenkins, Redhat | 2 Pipeline\, Openshift Container Platform | 2025-10-24 | 6.5 MEDIUM | 9.9 CRITICAL |
|
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM.
|
|||||
| CVE-2025-52630 | 1 Hcltech | 1 Aion | 2025-10-24 | N/A | 3.7 LOW |
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue affects AION: 2.0.
|
|||||
| CVE-2025-52634 | 1 Hcltech | 1 Aion | 2025-10-24 | N/A | 3.7 LOW |
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0.
|
|||||
| CVE-2025-52650 | 1 Hcltech | 1 Aion | 2025-10-24 | N/A | 8.2 HIGH |
|
Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0
|
|||||
| CVE-2025-52635 | 1 Hcltech | 1 Aion | 2025-10-24 | N/A | 3.7 LOW |
|
A
rusted types in scripts not enforced in CSP vulnerability has been identified
in HCL AION.This issue affects AION: 2.0.
|
|||||
| CVE-2022-49698 | 1 Linux | 1 Linux Kernel | 2025-10-24 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
netfilter: use get_random_u32 instead of prandom
bh might occur while updating per-cpu rnd_state from user context,
ie. local_out path.
BUG: using smp_processor_id() in preemptible [00000000] code: nginx/2725
caller is nft_ng_random_eval+0x24/0x54 [nft_numgen]
Call Trace:
check_preemption_disabled+0xde/0xe0
nft_ng_random_eval+0x24/0x54 [nft_numgen]
Use the random driver instead, this also avoids need for local prandom
stat ...
Show More |
|||||
| CVE-2022-49723 | 1 Linux | 1 Linux Kernel | 2025-10-24 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/reset: Fix error_state_read ptr + offset use
Fix our pointer offset usage in error_state_read
when there is no i915_gpu_coredump but buf offset
is non-zero.
This fixes a kernel page fault can happen when
multiple tests are running concurrently in a loop
and one is producing engine resets and consuming
the i915 error_state dump while the other is
forcing full GT resets. (takes a while to trigger).
The dmesg call trac ...
Show More |
|||||
| CVE-2022-49725 | 1 Linux | 1 Linux Kernel | 2025-10-24 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
i40e: Fix call trace in setup_tx_descriptors
After PF reset and ethtool -t there was call trace in dmesg
sometimes leading to panic. When there was some time, around 5
seconds, between reset and test there were no errors.
Problem was that pf reset calls i40e_vsi_close in prep_for_reset
and ethtool -t calls i40e_vsi_close in diag_test. If there was not
enough time between those commands the second i40e_vsi_close starts
before ...
Show More |
|||||
| CVE-2022-49732 | 1 Linux | 1 Linux Kernel | 2025-10-24 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
sock: redo the psock vs ULP protection check
Commit 8a59f9d1e3d4 ("sock: Introduce sk->sk_prot->psock_update_sk_prot()")
has moved the inet_csk_has_ulp(sk) check from sk_psock_init() to
the new tcp_bpf_update_proto() function. I'm guessing that this
was done to allow creating psocks for non-inet sockets.
Unfortunately the destruction path for psock includes the ULP
unwind, so we need to fail the sk_psock_init() itself.
Otherw ...
Show More |
|||||
| CVE-2025-9068 | 1 Rockwellautomation | 1 Factorytalk Linx | 2025-10-24 | N/A | 7.8 HIGH |
|
A security issue exists within the Rockwell Automation Driver Package x64 Microsoft Installer File (MSI) repair functionality, installed with FTLinx. Authenticated attackers with valid Windows Users credentials can initiate a repair and hijack the resulting console window for vbpinstall.exe. This allows the launching of a command prompt running with SYSTEM-level privileges, allowing full access to all files, processes, and system resources.
|
|||||
| CVE-2022-49709 | 1 Linux | 1 Linux Kernel | 2025-10-24 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
cfi: Fix __cfi_slowpath_diag RCU usage with cpuidle
RCU_NONIDLE usage during __cfi_slowpath_diag can result in an invalid
RCU state in the cpuidle code path:
WARNING: CPU: 1 PID: 0 at kernel/rcu/tree.c:613 rcu_eqs_enter+0xe4/0x138
...
Call trace:
rcu_eqs_enter+0xe4/0x138
rcu_idle_enter+0xa8/0x100
cpuidle_enter_state+0x154/0x3a8
cpuidle_enter+0x3c/0x58
do_idle.llvm.6590768638138871020+0x1f4/0x2ec
...
Show More |
|||||
| CVE-2022-49710 | 1 Linux | 1 Linux Kernel | 2025-10-24 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
dm mirror log: round up region bitmap size to BITS_PER_LONG
The code in dm-log rounds up bitset_size to 32 bits. It then uses
find_next_zero_bit_le on the allocated region. find_next_zero_bit_le
accesses the bitmap using unsigned long pointers. So, on 64-bit
architectures, it may access 4 bytes beyond the allocated size.
Fix this bug by rounding up bitset_size to BITS_PER_LONG.
This bug was found by running the lvm2 testsuit ...
Show More |
|||||
| CVE-2022-49721 | 1 Linux | 1 Linux Kernel | 2025-10-24 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
arm64: ftrace: consistently handle PLTs.
Sometimes it is necessary to use a PLT entry to call an ftrace
trampoline. This is handled by ftrace_make_call() and ftrace_make_nop(),
with each having *almost* identical logic, but this is not handled by
ftrace_modify_call() since its introduction in commit:
3b23e4991fb66f6d ("arm64: implement ftrace with regs")
Due to this, if we ever were to call ftrace_modify_call() for a calls ...
Show More |
|||||
| CVE-2022-49663 | 1 Linux | 1 Linux Kernel | 2025-10-24 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
tunnels: do not assume mac header is set in skb_tunnel_check_pmtu()
Recently added debug in commit f9aefd6b2aa3 ("net: warn if mac header
was not set") caught a bug in skb_tunnel_check_pmtu(), as shown
in this syzbot report [1].
In ndo_start_xmit() paths, there is really no need to use skb->mac_header,
because skb->data is supposed to point at it.
[1] WARNING: CPU: 1 PID: 8604 at include/linux/skbuff.h:2784 skb_mac_header_le ...
Show More |
|||||
| CVE-2022-49672 | 1 Linux | 1 Linux Kernel | 2025-10-24 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
net: tun: unlink NAPI from device on destruction
Syzbot found a race between tun file and device destruction.
NAPIs live in struct tun_file which can get destroyed before
the netdev so we have to del them explicitly. The current
code is missing deleting the NAPI if the queue was detached
first.
|
|||||
| CVE-2022-49673 | 1 Linux | 1 Linux Kernel | 2025-10-24 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
dm raid: fix KASAN warning in raid5_add_disks
There's a KASAN warning in raid5_add_disk when running the LVM testsuite.
The warning happens in the test
lvconvert-raid-reshape-linear_to_raid6-single-type.sh. We fix the warning
by verifying that rdev->saved_raid_disk is within limits.
|
|||||
| CVE-2022-49691 | 1 Linux | 1 Linux Kernel | 2025-10-24 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
erspan: do not assume transport header is always set
Rewrite tests in ip6erspan_tunnel_xmit() and
erspan_fb_xmit() to not assume transport header is set.
syzbot reported:
WARNING: CPU: 0 PID: 1350 at include/linux/skbuff.h:2911 skb_transport_header include/linux/skbuff.h:2911 [inline]
WARNING: CPU: 0 PID: 1350 at include/linux/skbuff.h:2911 ip6erspan_tunnel_xmit+0x15af/0x2eb0 net/ipv6/ip6_gre.c:963
Modules linked in:
CPU: 0 ...
Show More |
|||||
| CVE-2022-49561 | 1 Linux | 1 Linux Kernel | 2025-10-24 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
netfilter: conntrack: re-fetch conntrack after insertion
In case the conntrack is clashing, insertion can free skb->_nfct and
set skb->_nfct to the already-confirmed entry.
This wasn't found before because the conntrack entry and the extension
space used to free'd after an rcu grace period, plus the race needs
events enabled to trigger.
|
|||||
| CVE-2025-22168 | 1 Atlassian | 1 Jira Align | 2025-10-24 | N/A | 4.3 MEDIUM |
|
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to read the steps of another user's private checklist.
|
|||||
| CVE-2025-55679 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2025-10-24 | N/A | 5.1 MEDIUM |
|
Improper input validation in Windows Kernel allows an unauthorized attacker to disclose information locally.
|
|||||
| CVE-2019-1003029 | 2 Jenkins, Redhat | 2 Script Security, Openshift Container Platform | 2025-10-24 | 6.5 MEDIUM | 9.9 CRITICAL |
|
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM.
|
|||||
| CVE-2023-28432 | 1 Minio | 1 Minio | 2025-10-24 | N/A | 7.5 HIGH |
|
Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY`
and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
|
|||||
| CVE-2022-43939 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2025-10-24 | N/A | 8.6 HIGH |
|
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented.
|
|||||
| CVE-2025-54290 | 2 Canonical, Linux | 2 Lxd, Linux Kernel | 2025-10-24 | N/A | 5.3 MEDIUM |
|
Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints.
|
|||||
| CVE-2018-17463 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2025-10-24 | 6.8 MEDIUM | 8.8 HIGH |
|
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
|
|||||
| CVE-2022-2856 | 5 Apple, Fedoraproject, Google and 2 more | 6 Macos, Fedora, Android and 3 more | 2025-10-24 | N/A | 6.5 MEDIUM |
|
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.
|
|||||
| CVE-2025-2783 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-10-24 | N/A | 8.3 HIGH |
|
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)
|
|||||
| CVE-2024-24919 | 1 Checkpoint | 5 Cloudguard Network Security, Quantum Security Gateway, Quantum Security Gateway Firmware and 2 more | 2025-10-24 | N/A | 8.6 HIGH |
|
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.
|
|||||
| CVE-2023-4966 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2025-10-24 | N/A | 9.4 CRITICAL |
|
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
|
|||||
| CVE-2019-11580 | 1 Atlassian | 1 Crowd | 2025-10-24 | 7.5 HIGH | 9.8 CRITICAL |
|
Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before ...
Show More |
|||||
| CVE-2023-22515 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2025-10-24 | N/A | 9.8 CRITICAL |
|
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.
Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this ...
Show More |
|||||