| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| YugabyteDB Anywhere web server does not properly enforce authentication for the /metamaster/universe API endpoint. An unauthenticated attacker could exploit this flaw to obtain server networking configuration details, including private and public IP addresses and DNS records. |
| Shared Access Signature token is not masked in the backup configuration response and is also exposed in the yb_backup logs |
| YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data during transmission |
| YugabyteDB has been collecting diagnostics information from YugabyteDB servers, which may include sensitive gflag configurations. To mitigate this, we recommend upgrading the database to a version where this information is properly redacted. |
| Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. A malicious actor may be able to gain access to sensitive information by sending crafted GET requests (read-only) to restricted API endpoints. |
| Affected devices do not properly validate the length of inputs when performing certain configuration changes in the web interface allowing an authenticated attacker to cause a denial of service condition. The device needs to be restarted for the web interface to become available again. |
| Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that obtains a configuration backup to extract configuration information from the exported file. |
| Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php. |
| Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 has Insufficiently Protected Credentials for requests to remote Excel resources. |
| Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php. |
| Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication configuration data. |
| Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func1.php via the username3 and password3 parameters. |
| Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 inserts Sensitive Information Into Sent Data to authenticated users. |
| Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func3.php via the username1 and password2 parameters. |
| Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows Static Code Injection. Authenticated users can obtain administrative access. |
| Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in contact.php via the txtname, txtphone, and txtmail parameters. |
| Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows SQL Injection. Authenticated users can exploit this. |
| Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication error data, a different vulnerability than CVE-2025-47189. |
| A vulnerability affecting the scanning module in Emsisoft Anti-Malware prior to 2024.12 allows attackers on a remote server to obtain Net-NTLMv2 hash information via a specially created A2S (Emsisoft Custom Scan) extension file. |
| The reconcile method in the AttachmentReconciler class of the Halo system v.2.20.18LTS and before is vulnerable to XSS attacks. |
