Total
21 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-58290 | 1 Huawei | 1 Harmonyos | 2025-10-16 | N/A | 3.3 LOW |
| Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-54107 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-10-02 | N/A | 4.3 MEDIUM |
| Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. | |||||
| CVE-2025-43298 | 1 Apple | 1 Macos | 2025-09-17 | N/A | 7.8 HIGH |
| A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to gain root privileges. | |||||
| CVE-2024-6839 | 1 Flask-cors Project | 1 Flask-cors | 2025-08-01 | N/A | 5.3 MEDIUM |
| corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being applied to sensitive endpoints. This mismatch in regex pattern priority allows unauthorized cross-origin access to sensitive data or functionality, potentially exposing confidential information and increasing the risk of unauthorized actions by malicious actors. | |||||
| CVE-2025-24470 | 1 Fortinet | 1 Fortiportal | 2025-07-22 | N/A | 8.6 HIGH |
| An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve source code via crafted HTTP requests. | |||||
| CVE-2025-21247 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-03 | N/A | 4.3 MEDIUM |
| Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. | |||||
| CVE-2024-8765 | 1 Lunary | 1 Lunary | 2025-07-02 | N/A | 7.3 HIGH |
| In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. This allows unauthenticated attackers to access sensitive endpoints by including '/auth/' in the path. As a result, attackers can obtain and modify sensitive data and utilize other organizations' resources without proper authentication. | |||||
| CVE-2025-0115 | 2025-03-15 | N/A | N/A | ||
| A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files. The attacker must have network access to the management interface (web, SSH, console, or telnet) and successfully authenticate to exploit this issue. You can greatly reduce the risk of this issue by restricting access to the management interface to only trusted users and internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access. | |||||
| CVE-2023-46169 | 1 Ibm | 2 Ds8900f, Ds8900f Firmware | 2025-03-11 | N/A | 6.5 MEDIUM |
| IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow an authenticated user to arbitrarily delete a file. IBM X-Force ID: 269406. | |||||
| CVE-2025-21269 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-27 | N/A | 4.3 MEDIUM |
| Windows HTML Platforms Security Feature Bypass Vulnerability | |||||
| CVE-2025-21268 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-27 | N/A | 4.3 MEDIUM |
| MapUrlToZone Security Feature Bypass Vulnerability | |||||
| CVE-2025-21219 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-27 | N/A | 4.3 MEDIUM |
| MapUrlToZone Security Feature Bypass Vulnerability | |||||
| CVE-2025-21189 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-27 | N/A | 4.3 MEDIUM |
| MapUrlToZone Security Feature Bypass Vulnerability | |||||
| CVE-2025-21329 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-22 | N/A | 4.3 MEDIUM |
| MapUrlToZone Security Feature Bypass Vulnerability | |||||
| CVE-2025-21328 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-22 | N/A | 4.3 MEDIUM |
| MapUrlToZone Security Feature Bypass Vulnerability | |||||
| CVE-2025-21332 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-21 | N/A | 4.3 MEDIUM |
| MapUrlToZone Security Feature Bypass Vulnerability | |||||
| CVE-2024-30036 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2025-01-08 | N/A | 6.5 MEDIUM |
| Windows Deployment Services Information Disclosure Vulnerability | |||||
| CVE-2023-36396 | 1 Microsoft | 2 Windows 11 22h2, Windows 11 23h2 | 2024-11-21 | N/A | 7.8 HIGH |
| Windows Compressed Folder Remote Code Execution Vulnerability | |||||
| CVE-2022-0855 | 1 Microweber | 1 Whmcs | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcs_plugin prior to 0.0.4. | |||||
| CVE-2024-30073 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-09-23 | N/A | 7.8 HIGH |
| Windows Security Zone Mapping Security Feature Bypass Vulnerability | |||||