Search
Search Results (16 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3303 | 1 Gitlab | 1 Gitlab | 2025-08-06 | 6.4 Medium |
| An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.6.5, starting from 17.7 prior to 17.7.4, and starting from 17.8 prior to 17.8.2, which allows an attacker to exfiltrate contents of a private issue using prompt injection. | ||||
| CVE-2024-10929 | 1 Arm | 3 Cortex-a72, Cortex-a73, Cortex-a75 | 2025-07-22 | 5.1 Medium |
| In certain circumstances, an issue in Arm Cortex-A57, Cortex-A72 (revisions before r1p0), Cortex-A73 and Cortex-A75 may allow an adversary to gain a weak form of control over the victim's branch history. | ||||
| CVE-2025-23269 | 2025-07-17 | 4.7 Medium | ||
| NVIDIA Jetson Linux contains a vulnerability in the kernel where an attacker may cause an exposure of sensitive information due to a shared microarchitectural predictor state that influences transient execution. A successful exploit of this vulnerability may lead to information disclosure. | ||||
| CVE-2024-36350 | 2025-07-10 | 5.6 Medium | ||
| A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. | ||||
| CVE-2024-36357 | 2025-07-10 | 5.6 Medium | ||
| A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries. | ||||
| CVE-2024-36348 | 2025-07-10 | 3.8 Low | ||
| A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, potentially resulting in information leakage. | ||||
| CVE-2024-36349 | 2025-07-10 | 3.8 Low | ||
| A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage. | ||||
| CVE-2024-43420 | 1 Redhat | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2025-05-16 | 5.6 Medium |
| Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom(R) processors may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2025-20623 | 1 Redhat | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2025-05-16 | 5.6 Medium |
| Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Core™ processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2024-28956 | 1 Redhat | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2025-05-16 | 5.6 Medium |
| Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2024-45332 | 1 Redhat | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2025-05-16 | 5.6 Medium |
| Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2025-31363 | 2025-04-16 | 3 Low | ||
| Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.9 fail to restrict domains the LLM can request to contact upstream which allows an authenticated user to exfiltrate data from an arbitrary server accessible to the victim via performing a prompt injection in the AI plugin's Jira tool. | ||||
| CVE-2025-1774 | 2025-03-17 | N/A | ||
| Incorrect string encoding vulnerability in NASK - PIB BotSense allows injection of an additional field separator character or value in the content of some fields of the generated event. A field with additional field separator characters or values can be included in the "extraData" field.This issue affects BotSense in versions before 2.8.0. | ||||
| CVE-2024-7881 | 2025-02-06 | 5.1 Medium | ||
| An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced. | ||||
| CVE-2024-38296 | 1 Dell | 4 Edge Gateway 3200, Edge Gateway 5200, Edge Gateway 5200 Firmware and 1 more | 2025-02-04 | 6.7 Medium |
| Dell Edge Gateway 3200, versions prior to 15.40.30.2879, and Edge Gateway 5200, versions prior to 12.0.94.2380, contain an Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure. | ||||
| CVE-2024-2201 | 1 Redhat | 4 Enterprise Linux, Rhel Els, Rhel Eus and 1 more | 2025-01-09 | 4.7 Medium |
| A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems. | ||||
Page 1 of 1.