Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21247 | 2025-03-23 | 4.3 Medium | ||
| Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2024-6839 | 2025-03-20 | N/A | ||
| corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being applied to sensitive endpoints. This mismatch in regex pattern priority allows unauthorized cross-origin access to sensitive data or functionality, potentially exposing confidential information and increasing the risk of unauthorized actions by malicious actors. | ||||
| CVE-2024-8765 | 2025-03-20 | N/A | ||
| In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. This allows unauthenticated attackers to access sensitive endpoints by including '/auth/' in the path. As a result, attackers can obtain and modify sensitive data and utilize other organizations' resources without proper authentication. | ||||
| CVE-2025-0115 | 1 Paloaltonetworks | 1 Pan-os | 2025-03-17 | N/A |
| A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files. The attacker must have network access to the management interface (web, SSH, console, or telnet) and successfully authenticate to exploit this issue. You can greatly reduce the risk of this issue by restricting access to the management interface to only trusted users and internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access. | ||||
| CVE-2023-46169 | 1 Ibm | 2 Ds8900f, Ds8900f Firmware | 2025-03-11 | 6.5 Medium |
| IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow an authenticated user to arbitrarily delete a file. IBM X-Force ID: 269406. | ||||
| CVE-2025-21332 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-02-21 | 4.3 Medium |
| MapUrlToZone Security Feature Bypass Vulnerability | ||||
| CVE-2025-21189 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-02-21 | 4.3 Medium |
| MapUrlToZone Security Feature Bypass Vulnerability | ||||
| CVE-2025-21328 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-02-21 | 4.3 Medium |
| MapUrlToZone Security Feature Bypass Vulnerability | ||||
| CVE-2025-21329 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-02-21 | 4.3 Medium |
| MapUrlToZone Security Feature Bypass Vulnerability | ||||
| CVE-2025-21219 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-02-21 | 4.3 Medium |
| MapUrlToZone Security Feature Bypass Vulnerability | ||||
| CVE-2025-21269 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-02-21 | 4.3 Medium |
| Windows HTML Platforms Security Feature Bypass Vulnerability | ||||
| CVE-2025-21268 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-02-21 | 4.3 Medium |
| MapUrlToZone Security Feature Bypass Vulnerability | ||||
| CVE-2025-24470 | 2025-02-11 | 8.1 High | ||
| AnĀ Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve source code via crafted HTTP requests. | ||||
| CVE-2024-30036 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2025-01-08 | 6.5 Medium |
| Windows Deployment Services Information Disclosure Vulnerability | ||||
| CVE-2023-36396 | 1 Microsoft | 2 Windows 11 22h2, Windows 11 23h2 | 2025-01-01 | 7.8 High |
| Windows Compressed Folder Remote Code Execution Vulnerability | ||||
| CVE-2024-30073 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-12-31 | 7.8 High |
| Windows Security Zone Mapping Security Feature Bypass Vulnerability | ||||
| CVE-2023-27561 | 3 Debian, Linuxfoundation, Redhat | 5 Debian Linux, Runc, Enterprise Linux and 2 more | 2024-12-06 | 7 High |
| runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression. | ||||
| CVE-2022-0855 | 1 Microweber | 1 Whmcs | 2024-11-21 | 6.1 Medium |
| Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcs_plugin prior to 0.0.4. | ||||
| CVE-2019-19921 | 5 Canonical, Debian, Linuxfoundation and 2 more | 8 Ubuntu Linux, Debian Linux, Runc and 5 more | 2024-11-21 | 7.0 High |
| runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.) | ||||
| CVE-2019-16884 | 6 Canonical, Docker, Fedoraproject and 3 more | 12 Ubuntu Linux, Docker, Fedora and 9 more | 2024-11-21 | 7.5 High |
| runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. | ||||