CVE ID : CVE-2025-26847
Published : May 8, 2025, 5:16 p.m. | 2 hours, 21 minutes ago
Description : An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-13009
Published : May 8, 2025, 6:15 p.m. | 1 hour, 22 minutes ago
Description : In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request
body. This can result in corrupted and/or inadvertent sharing of data between requests.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-1948
Published : May 8, 2025, 6:15 p.m. | 1 hour, 22 minutes ago
Description : In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGS_MAX_HEADER_LIST_SIZE.
The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to encode HTTP responses, likely resulting in OutOfMemoryError being thrown, or even the JVM process exiting.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4098
Published : May 8, 2025, 6:15 p.m. | 1 hour, 22 minutes ago
Description : Horner Automation Cscape version 10.0 (10.0.415.2) SP1 is vulnerable to an out-of-bounds read vulnerability that could allow an attacker to disclose information and execute arbitrary code on affected installations of Cscape.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-30101
Published : May 8, 2025, 6:15 p.m. | 1 hour, 22 minutes ago
Description : Dell PowerScale OneFS, versions 9.8.0.0 through 9.10.1.0, contain a time-of-check time-of-use (TOCTOU) race condition vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to denial of service and information tampering.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-30102
Published : May 8, 2025, 6:15 p.m. | 1 hour, 22 minutes ago
Description : Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.1.0, contains an out-of-bounds write vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to denial of service.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-12378
Published : May 8, 2025, 7:15 p.m. | 56 minutes ago
Description : On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-11186
Published : May 8, 2025, 7:15 p.m. | 56 minutes ago
Description : On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory impacts the Arista CloudVision Portal products when run on-premise. It does not impact CloudVision as-a-Service.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-0505
Published : May 8, 2025, 7:16 p.m. | 56 minutes ago
Description : On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that CloudVision as-a-Service is not affected.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-8100
Published : May 8, 2025, 7:16 p.m. | 21 minutes ago
Description : On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-27695
Published : May 8, 2025, 7:16 p.m. | 21 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.1 contain an Authentication Bypass by Spoofing vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
SonicWall urges admins to patch VPN flaw exploited in attacks
SonicWall has urged its customers to patch three security vulnerabilities affecting its Secure Mobile Access (SMA) appliances, one of them tagged as exploited in attacks.
Discovered and reported by Ra …
Read more
Published Date:
May 08, 2025 (4 hours, 29 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32821
CVE-2025-32820
CVE-2025-32819
CVE-2024-38475
CVE-2023-44221
CVE-2021-20035
Samsung MagicINFO 9-servers doelwit van botnet, update niet beschikbaar
Aanvallers maken actief misbruik van een kwetsbaarheid in Samsung MagicINFO 9 en een beveiligingsupdate is niet beschikbaar. Organisaties die van de oplossing gebruikmaken wordt aangeraden hun systeem …
Read more
Published Date:
May 08, 2025 (4 hours, 5 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-7399
SonicWall-lek dat voor fabrieksreset zorgt mogelijk misbruikt bij aanvallen
Een kwetsbaarheid in SonicWall SMA 100-gateways die voor een fabrieksreset kan zorgen is mogelijk misbruikt bij aanvallen, zo laat securitybedrijf Rapid7 weten. SonicWall heeft gisteren updates uitgeb …
Read more
Published Date:
May 08, 2025 (3 hours, 30 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32820
CVE-2025-32819
CVE-2025-3282
Yet another SonicWall SMA100 vulnerability exploited in the wild (CVE-2025-32819)
SonicWall has fixed multiple vulnerabilities affecting its SMA100 Series devices, one of which (CVE-2025-32819) appears to be a patch bypass for an arbitrary file delete vulnerability that was exploit …
Read more
Published Date:
May 08, 2025 (3 hours, 21 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32821
CVE-2025-32820
CVE-2025-32819
CVE-2025-27363
CVE-2024-38475
CVE-2023-44221
CVE-2021-20035
Researchers Details macOS Remote Code Execution Vulnerability – CVE-2024-44236
A critical remote code execution vulnerability identified in Apple’s macOS operating system, tracked as CVE-2024-44236. The vulnerability, which carries a high CVSS score of 7.8, could allow attackers …
Read more
Published Date:
May 08, 2025 (3 hours, 17 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-44236
CISA Adds GeoVision Vulnerabilities to KEV Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) has added two critical vulnerabilities affecting GeoVision surveillance devices to its Known Exploited Vulnerabilities (KEV) Catalog, citing …
Read more
Published Date:
May 08, 2025 (3 hours, 1 minute ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-27363
CVE-2024-11120
CVE-2024-6047
Radware Cloud Web App Firewall Vulnerability Let Attackers Bypass Filters
Security researchers have uncovered critical vulnerabilities in Radware’s Cloud Web Application Firewall (WAF) that could allow attackers to completely bypass security filters, potentially exposing un …
Read more
Published Date:
May 08, 2025 (2 hours, 20 minutes ago)
Vulnerabilities has been mentioned in this article.
Ubiquiti UniFi Protect Camera Vulnerability Allows Remote Code Execution
A critical security vulnerability in Ubiquiti UniFi Protect Cameras could allow attackers to execute arbitrary code remotely.
The flaw, which received the highest possible CVSS score of 10.0, affects …
Read more
Published Date:
May 08, 2025 (2 hours, 6 minutes ago)
Vulnerabilities has been mentioned in this article.
IXON VPN Client Vulnerability Let Attackers Escalate Privileges
Significant vulnerabilities in the IXON VPN Client allow local attackers to gain system-level privileges on Windows, Linux, and macOS systems.
The flaws, tracked as CVE-2025-26168 and CVE-2025-26169, …
Read more
Published Date:
May 08, 2025 (2 hours, 4 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-26169
CVE-2025-26168
CVE-2024-44236