Common Vulnerabilities and Exposures (CVEs)

CVE ID : CVE-2025-4692

Published : May 23, 2025, 12:15 a.m. | 35 minutes ago

Description : Actors can use a maliciously crafted JavaScript object notation (JSON) web token (JWT) to perform privilege escalation by submitting the malicious JWT to a vulnerable method exposed on the cloud platform. If the exploit is successful, the user can escalate privileges to access any device managed by the

ABUP Cloud Update Platform.

Severity: 6.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-48372

Published : May 22, 2025, 9:15 p.m. | 1 hour, 36 minutes ago

Description : Schule is open-source school management system software. The generateOTP() function generates a 4-digit numeric One-Time Password (OTP). Prior to version 1.0.1, even if a secure random number generator is used, the short length and limited range (1000–9999) results in only 9000 possible combinations. This small keyspace makes the OTP highly vulnerable to brute-force attacks, especially in the absence of strong rate-limiting or lockout mechanisms. Version 1.0.1 fixes the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-48373

Published : May 22, 2025, 9:15 p.m. | 1 hour, 36 minutes ago

Description : Schule is open-source school management system software. The application relies on client-side JavaScript (index.js) to redirect users to different panels based on their role. Prior to version 1.0.1, this implementation poses a serious security risk because it assumes that the value of data.role is trustworthy on the client side. Attackers can manipulate JavaScript in the browser (e.g., via browser dev tools or intercepting API responses) and set data.role to any arbitrary value (e.g., “admin”), gaining unauthorized access to restricted areas of the application.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-48374

Published : May 22, 2025, 9:15 p.m. | 1 hour, 36 minutes ago

Description : zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. Prior to version 2.1.3 (corresponding to pseudoversion 1.4.4-0.20250522160828-8a99a3ed231f), when using Keycloak as an oidc provider, the clientsecret gets printed into the container stdout logs for an example at container startup. Version 2.1.3 (corresponding to pseudoversion 1.4.4-0.20250522160828-8a99a3ed231f) fixes the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47181

Published : May 22, 2025, 10:15 p.m. | 36 minutes ago

Description : Improper link resolution before file access (‘link following’) in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4975

Published : May 22, 2025, 10:15 p.m. | 36 minutes ago

Description : When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-13953

Published : May 22, 2025, 7:15 p.m. | 1 hour, 30 minutes ago

Description : Sensitive device logger information in ASPECT may be exposed if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

Severity: 4.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-13954

Published : May 22, 2025, 7:15 p.m. | 1 hour, 30 minutes ago

Description : Serialized configuration information may be disclosed during device commissioning while using ASPECT’s configuration toolsetThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-13956

Published : May 22, 2025, 7:15 p.m. | 1 hour, 30 minutes ago

Description : SSL Verification Bypass vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

Severity: 6.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-13957

Published : May 22, 2025, 7:15 p.m. | 1 hour, 30 minutes ago

Description : SSRF Server Side Request Forgery vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

Severity: 7.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-13958

Published : May 22, 2025, 7:15 p.m. | 1 hour, 30 minutes ago

Description : Stored Cross Site Scripting vulnerabilities exist in ASPECT if administrator creden-tials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-40458

Published : May 22, 2025, 7:15 p.m. | 1 hour, 30 minutes ago

Description : An issue in Ocuco Innovation Tracking.exe v.2.10.24.51 allows a local attacker to escalate privileges via the modification of TCP packets.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-40459

Published : May 22, 2025, 7:15 p.m. | 1 hour, 30 minutes ago

Description : An issue in Ocuco Innovation APPMANAGER.EXE v.2.10.24.51 allows a local attacker to escalate privileges via the application manager function

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-40460

Published : May 22, 2025, 7:15 p.m. | 1 hour, 30 minutes ago

Description : An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the JOBENTRY.EXE

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-40461

Published : May 22, 2025, 7:15 p.m. | 1 hour, 30 minutes ago

Description : An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the STOCKORDERENTRY.EXE component

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-41196

Published : May 22, 2025, 7:15 p.m. | 1 hour, 30 minutes ago

Description : An issue in Ocuco Innovation – REPORTSERVER.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-41197

Published : May 22, 2025, 7:15 p.m. | 1 hour, 30 minutes ago

Description : An issue in Ocuco Innovation – INVCLIENT.EXE v2.10.24.5 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-41198

Published : May 22, 2025, 7:15 p.m. | 1 hour, 30 minutes ago

Description : An issue in Ocuco Innovation – REPORTS.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-41199

Published : May 22, 2025, 7:15 p.m. | 1 hour, 30 minutes ago

Description : An issue in Ocuco Innovation – JOBMANAGER.EXE v2.10.24.16 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-41195

Published : May 22, 2025, 7:15 p.m. | 1 hour, 30 minutes ago

Description : An issue in Ocuco Innovation – INNOVASERVICEINTF.EXE v2.10.24.17 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…