| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution. |
| EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution. |
| Vault Community and Vault Enterprise Key/Value (kv) Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability, identified as CVE-2025-4166, is fixed in Vault Community 1.19.3 and Vault Enterprise 1.19.3, 1.18.9, 1.17.16, 1.16.20. |
| A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to access sensitive information on an affected device.
The vulnerability exists because confidential information is being included in HTTP requests that are exchanged between the user and the device. An attacker could exploit this vulnerability by looking at the raw HTTP requests that are sent to the interface. A successful exploit could allow the attacker to obtain some of the passwords that are configured throughout the interface.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. |
| Issue of buffer overflow caused by insufficient data verification in the kernel gyroscope module.
Impact: Successful exploitation of this vulnerability may affect availability. |
| Issue of buffer overflow caused by insufficient data verification in the kernel acceleration module.
Impact: Successful exploitation of this vulnerability may affect availability. |
| Issue of buffer overflow caused by insufficient data verification in the kernel drop detection module.
Impact: Successful exploitation of this vulnerability may affect availability. |
| MantisBT is an open source bug tracker. Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs. This issue has been addressed in commit `65c44883f` which has been included in release `2.25.8`. Users are advised to upgrade. Users unable to upgrade should disable wiki integration ( `$g_wiki_enable = OFF;`). |
| Transient DOS in Multi-Mode Call Processor while processing UE policy container. |
| Memory corruption in Core Services while executing the command for removing a single event listener. |
| Memory corruption while taking snapshot when an offset variable is set by camera driver. |
| Transient DOS while decoding message of size that exceeds the available system memory. |
| Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network. |
| Transient DOS in Modem after RRC Setup message is received. |
| Memory corruption while triggering commands in the PlayReady Trusted application. |
| Memory Corruption in Core during syscall for Sectools Fuse comparison feature. |
| Information disclosure may occur due to improper permission and access controls to Video Analytics engine. |
| Transient DOS while processing PDU Release command with a parameter PDU ID out of range. |
| Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR. |
| The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.22.1 via a misconfigured capability check in the 'permissionsCheck' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including reports detailing donors and donation amounts. |
