VYPR

CVEs

1,630 total · page 6 of 33

  • CVE-2025-0108KEVFeb 12, 2025
    risk 0.20cvss epss 0.98

    An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While…

  • CVE-2025-21418KEVFeb 11, 2025
    risk 0.13cvss epss 0.01

    Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

  • CVE-2025-21391KEVFeb 11, 2025
    risk 0.12cvss epss 0.02

    Windows Storage Elevation of Privilege Vulnerability

  • CVE-2025-24472KEVFeb 11, 2025
    risk 0.19cvss epss 0.03

    An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote unauthenticated attacker with prior knowledge of upstream and downstream…

  • CVE-2025-24200MedKEVFeb 10, 2025
    risk 0.56cvss 6.1epss 0.05

    An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.1 and iPadOS 18.3.1, iPadOS 17.7.5. A physical attack may disable USB Restricted Mode on a locked device. Apple is…

  • CVE-2025-24016KEVFeb 10, 2025
    risk 0.23cvss epss 0.93

    Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are a…

  • CVE-2025-0994KEVFeb 6, 2025
    risk 0.18cvss epss 0.27

    Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet…

  • CVE-2024-40891KEVFeb 4, 2025
    risk 0.16cvss epss 0.19

    **UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on…

  • CVE-2024-40890KEVFeb 4, 2025
    risk 0.16cvss epss 0.19

    **UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected…

  • CVE-2023-52163KEVFeb 3, 2025
    risk 0.18cvss epss 0.96

    Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

  • CVE-2024-57968KEVFeb 3, 2025
    risk 0.15cvss epss 0.30

    Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.

  • CVE-2025-25181KEVFeb 3, 2025
    risk 0.18cvss epss 0.50

    A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter.

  • CVE-2025-24085CriKEVJan 27, 2025
    risk 0.81cvss 10.0epss 0.19

    A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3, watchOS 11.3. A malicious application may be able to…

  • CVE-2025-0411KEVJan 25, 2025
    risk 0.16cvss epss 0.67

    7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page…

  • CVE-2025-23006KEVJan 23, 2025
    risk 0.22cvss epss 0.22

    Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute…

  • CVE-2025-23209KEVJan 18, 2025
    risk 0.05cvss epss 0.05

    Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution (RCE) vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. Anyone running an unpatched…

  • CVE-2024-57728HigKEVJan 15, 2025
    risk 0.69cvss 7.2epss 0.08

    SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.

  • CVE-2024-57726CriKEVJan 15, 2025
    risk 0.85cvss 9.9epss 0.09

    SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.

  • CVE-2024-57727KEVJan 15, 2025
    risk 0.29cvss epss 0.95

    SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration…

  • CVE-2025-21334KEVJan 14, 2025
    risk 0.12cvss epss 0.02

    Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

  • CVE-2025-21333KEVJan 14, 2025
    risk 0.21cvss epss 0.10

    Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

  • CVE-2025-21335KEVJan 14, 2025
    risk 0.13cvss epss 0.01

    Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

  • CVE-2024-13159KEVJan 14, 2025
    risk 0.20cvss epss 1.00

    Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

  • CVE-2024-13160KEVJan 14, 2025
    risk 0.20cvss epss 0.90

    Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

  • CVE-2024-13161KEVJan 14, 2025
    risk 0.19cvss epss 0.89

    Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

  • CVE-2024-55591KEVJan 14, 2025
    risk 0.26cvss epss 0.98

    An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests…

  • CVE-2024-53704KEVJan 9, 2025
    risk 0.26cvss epss 0.95

    An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.

  • CVE-2025-0282KEVJan 8, 2025
    risk 0.29cvss epss 1.00

    A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

  • CVE-2024-50603KEVJan 8, 2025
    risk 0.20cvss epss 0.99

    An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in…

  • CVE-2024-12987KEVDec 27, 2024
    risk 0.18cvss epss 0.98

    A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component Web Management Interface. The manipulation of the argument session leads…

  • CVE-2024-53197KEVDec 27, 2024
    risk 0.12cvss epss 0.04

    In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices A bogus device can provide a bNumConfigurations value that exceeds the initial value used in usb_get_configuration for…

  • CVE-2024-3393KEVDec 27, 2024
    risk 0.18cvss epss 0.27

    A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will…

  • CVE-2024-53150KEVDec 24, 2024
    risk 0.12cvss epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device…

  • CVE-2024-56145KEVDec 18, 2024
    risk 0.16cvss epss 0.97

    Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has `register_argc_argv` enabled. For these users an unspecified remote code…

  • CVE-2024-12686KEVDec 18, 2024
    risk 0.15cvss epss 0.14

    A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.

  • CVE-2024-12356KEVDec 17, 2024
    risk 0.23cvss epss 0.88

    A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.

  • CVE-2024-55956KEVDec 13, 2024
    risk 0.28cvss epss 0.94

    In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory.

  • CVE-2024-49138KEVDec 10, 2024
    risk 0.22cvss epss 0.25

    Windows Common Log File System Driver Elevation of Privilege Vulnerability

  • CVE-2024-55550KEVDec 10, 2024
    risk 0.19cvss epss 0.38

    Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to…

  • CVE-2024-53104KEVDec 2, 2024
    risk 0.13cvss epss 0.03

    In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the…

  • CVE-2024-11667KEVNov 27, 2024
    risk 0.20cvss epss 0.03

    A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series…

  • CVE-2024-49035KEVNov 26, 2024
    risk 0.12cvss epss 0.01

    An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network.

  • CVE-2024-11680KEVNov 26, 2024
    risk 0.22cvss epss 0.92

    ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration.…

  • CVE-2024-44309MedKEVNov 20, 2024
    risk 0.53cvss 6.3epss 0.21

    A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site…

  • CVE-2024-44308HigKEVNov 20, 2024
    risk 0.69cvss 8.8epss 0.09

    The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware…

  • CVE-2024-50302MedKEVNov 19, 2024
    risk 0.48cvss 5.5epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak…

  • CVE-2024-21287KEVNov 18, 2024
    risk 0.18cvss epss 0.01

    Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2024-9474KEVNov 18, 2024
    risk 0.29cvss epss 0.95

    A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability.

  • CVE-2024-0012KEVNov 18, 2024
    risk 0.29cvss epss 1.00

    An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other…

  • CVE-2024-11182KEVNov 15, 2024
    risk 0.13cvss epss 0.17

    An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window.