Total
348 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-38213 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-10-28 | N/A | 6.5 MEDIUM |
| Windows Mark of the Web Security Feature Bypass Vulnerability | |||||
| CVE-2024-38217 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-10-28 | N/A | 5.4 MEDIUM |
| Windows Mark of the Web Security Feature Bypass Vulnerability | |||||
| CVE-2025-0411 | 2 7-zip, Netapp | 2 7-zip, Active Iq Unified Manager | 2025-10-27 | N/A | 7.0 HIGH |
| 7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456. | |||||
| CVE-2019-1003030 | 2 Jenkins, Redhat | 2 Pipeline\, Openshift Container Platform | 2025-10-24 | 6.5 MEDIUM | 9.9 CRITICAL |
| A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM. | |||||
| CVE-2013-2465 | 3 Oracle, Sun, Suse | 6 Jre, Jre, Linux Enterprise Desktop and 3 more | 2025-10-22 | 10.0 HIGH | 9.8 CRITICAL |
| Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D. | |||||
| CVE-2013-0431 | 1 Oracle | 2 Jre, Openjdk | 2025-10-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490. | |||||
| CVE-2025-0277 | 1 Hcltech | 2 Bigfix Mobile, Bigfix Modern Client Management | 2025-10-21 | N/A | 6.5 MEDIUM |
| HCL BigFix Mobile 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of scripts and other content. | |||||
| CVE-2025-0276 | 1 Hcltech | 2 Bigfix Mobile, Bigfix Modern Client Management | 2025-10-21 | N/A | 6.5 MEDIUM |
| HCL BigFix Modern Client Management (MCM) 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of scripts and other content. | |||||
| CVE-2025-43296 | 1 Apple | 1 Macos | 2025-10-20 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26. An app may bypass Gatekeeper checks. | |||||
| CVE-2025-52615 | 1 Hcltech | 1 Unica | 2025-10-20 | N/A | 3.5 LOW |
| HCL Unica Platform is impacted by misconfigured security related HTTP headers. This can lead to less secure browser default treatment for the policies controlled by these headers. | |||||
| CVE-2025-50897 | 1 Boom-core | 1 Boomv | 2025-10-17 | N/A | 4.3 MEDIUM |
| A vulnerability exists in riscv-boom SonicBOOM 1.2 (BOOMv1.2) processor implementation, where valid virtual-to-physical address translations configured with write permissions (PTE_W) in SV39 mode may incorrectly trigger a Store/AMO access fault during store instructions (sd). This occurs despite the presence of proper page table entries and valid memory access modes. The fault is reproducible when transitioning into virtual memory and attempting store operations in mapped kernel memory, indicating a potential flaw in the MMU, PMP, or memory access enforcement logic. This may cause unexpected kernel panics or denial of service in systems using BOOMv1.2. | |||||
| CVE-2024-34144 | 1 Jenkins | 1 Script Security | 2025-10-10 | N/A | 9.8 CRITICAL |
| A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | |||||
| CVE-2025-54917 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-10-02 | N/A | 4.3 MEDIUM |
| Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. | |||||
| CVE-2025-37124 | 2025-09-17 | N/A | 8.6 HIGH | ||
| A vulnerability in the HPE Aruba Networking SD-WAN Gateways could allow an unauthenticated remote attacker to bypass firewall protections. Successful exploitation could allow an attacker to route potentially harmful traffic through the internal network, leading to unauthorized access or disruption of services. | |||||
| CVE-2025-0089 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible way to hijack the Launcher app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48522 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In setDisplayName of AssociationRequest.java, there is a possible way for an app to retain CDM association due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48546 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In checkPermissions of SafeActivityOptions.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-20347 | 1 Cisco | 1 Nexus Dashboard | 2025-09-08 | N/A | 5.4 MEDIUM |
| A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit th vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited Administrator functions, such as accessing sensitive information regarding HTTP Proxy and NTP configurations, uploading images, and damaging image files on an affected device. | |||||
| CVE-2025-26443 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.3 HIGH |
| In parseHtml of HtmlToSpannedParser.java, there is a possible way to install apps without allowing installation from unknown sources due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2025-26444 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In onHandleForceStop of VoiceInteractionManagerService.java, there is a bug that could cause the system to incorrectly revert to the default assistant application when a user-selected assistant is forcibly stopped due to a logic error in the code. This could lead to local escalation of privilege where the default assistant app is automatically granted ROLE_ASSISTANT with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||