| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-26176 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Heap-based buffer overflow in Windows Client Side Caching driver (csc.sys) allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26174 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Update Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26173 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26172 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26171 | Hig | 0.42 | 7.5 | 0.02 | Apr 14, 2026 | Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network. | ||
| CVE-2026-26170 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26168 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26167 | Hig | 0.57 | 8.8 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26166 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Double free in Windows Shell allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26165 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Use after free in Windows Shell allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26163 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Double free in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26162 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Access of resource using incompatible type ('type confusion') in Windows OLE allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26161 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26160 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26159 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26156 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-26154 | Hig | 0.49 | 7.5 | 0.01 | Apr 14, 2026 | Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network. | ||
| CVE-2026-26153 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26152 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26151 | Hig | 0.46 | 7.1 | 0.01 | Apr 14, 2026 | Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2026-26143 | Hig | 0.51 | 7.8 | 0.01 | Apr 14, 2026 | Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally. | ||
| CVE-2026-25184 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Applocker Filter Driver (applockerfltr.sys) allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-23666 | Hig | 0.49 | 7.5 | 0.01 | Apr 14, 2026 | Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network. | ||
| CVE-2026-23657 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-20930 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-0207 | — | Hig | 0.55 | — | 0.00 | Apr 14, 2026 | A vulnerability exists in FlashBlade whereby sensitive information may be logged under specific conditions. | |
| CVE-2026-34622 | Hig | 0.56 | 8.6 | 0.00 | Apr 14, 2026 | Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current… | ||
| CVE-2026-27291 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious… | ||
| CVE-2026-27284 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the… | ||
| CVE-2026-27283 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||
| CVE-2026-27238 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a… | ||
| CVE-2026-39815 | Hig | 0.57 | 8.8 | 0.00 | Apr 14, 2026 | A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiDDoS-F 7.2.1 through 7.2.2 may allow attacker to execute unauthorized code or commands via sending crafted HTTP requests | ||
| CVE-2026-38532 | Hig | 0.53 | 8.1 | 0.00 | Apr 14, 2026 | A Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any contact owned by other users via supplying a crafted GET request. | ||
| CVE-2026-38530 | Hig | 0.53 | 8.1 | 0.00 | Apr 14, 2026 | A Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any lead owned by other users via supplying a crafted GET request. | ||
| CVE-2026-38529 | Hig | 0.57 | 8.8 | 0.01 | Apr 14, 2026 | A Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily reset user passwords and perform a full account takeover via supplying a crafted HTTP request. | ||
| CVE-2026-38528 | Hig | 0.46 | 7.1 | 0.00 | Apr 14, 2026 | Krayin CRM v2.2.x was discovered to contain a SQL injection vulnerability via the rotten_lead parameter at /Lead/LeadDataGrid.php. | ||
| CVE-2026-38527 | Hig | 0.55 | 8.5 | 0.00 | Apr 14, 2026 | A Server-Side Request Forgery (SSRF) in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying a crafted POST request. | ||
| CVE-2026-23708 | Hig | 0.49 | 7.5 | 0.00 | Apr 14, 2026 | A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via… | ||
| CVE-2026-22828 | Hig | 0.53 | 8.1 | 0.01 | Apr 14, 2026 | A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Successful exploitation… | ||
| CVE-2025-61848 | Hig | 0.47 | 7.2 | 0.01 | Apr 14, 2026 | An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0… | ||
| CVE-2026-4369 | Hig | 0.46 | 7.1 | 0.00 | Apr 14, 2026 | A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage… | ||
| CVE-2026-4345 | Hig | 0.46 | 7.1 | 0.00 | Apr 14, 2026 | A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary… | ||
| CVE-2026-4344 | Hig | 0.46 | 7.1 | 0.00 | Apr 14, 2026 | A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this… | ||
| CVE-2025-7389 | — | Hig | 0.53 | — | 0.00 | Apr 14, 2026 | A vulnerability in the AdminServer component of OpenEdge on all supported platforms grants its authenticated users OS-level access to the server through the adopted authority of the AdminServer process itself. The delegated authority of the AdminServer could allow its users… | |
| CVE-2026-2450 | — | Hig | 0.48 | — | 0.00 | Apr 14, 2026 | .NET misconfiguration: use of impersonation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0. | |
| CVE-2026-2332 | Hig | 0.48 | 7.4 | 0.01 | Apr 14, 2026 | In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: * https://w4ke.info/2025/06/18/funky-chunks.html * https://w4ke.info/2025/10/29/funky-chunks-2.html Jetty… | ||
| CVE-2026-33892 | Hig | 0.46 | 7.1 | 0.00 | Apr 14, 2026 | A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions >= V1.7.6 < V1.15.17), Industrial Edge Management Pro V2 (All versions >= V2.0.0 < V2.1.1), Industrial Edge Management Virtual (All versions >= V2.2.0 < V2.8.0). Affected management systems do… | ||
| CVE-2026-31923 | Hig | 0.42 | 7.5 | 0.00 | Apr 14, 2026 | Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. This can occur due to `ssl_verify` in openid-connect plugin configuration being set to false by default. This issue affects Apache APISIX: from 0.7 through 3.15.0. Users are recommended to upgrade… | ||
| CVE-2026-27668 | Hig | 0.57 | 8.8 | 0.00 | Apr 14, 2026 | A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) (All versions < V5.8). User Administrators are allowed to administer groups they belong to. This could allow an authenticated User Administrator to escalate their own privileges and… | ||
| CVE-2026-25654 | — | Hig | 0.57 | 8.8 | 0.00 | Apr 14, 2026 | A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorization checks, leading to the… |
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Windows Client Side Caching driver (csc.sys) allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Update Service allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
- risk 0.42cvss 7.5epss 0.02
Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.
- risk 0.51cvss 7.8epss 0.00
Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.57cvss 8.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Double free in Windows Shell allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Shell allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Access of resource using incompatible type ('type confusion') in Windows OLE allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally.
- risk 0.49cvss 7.5epss 0.01
Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network.
- risk 0.51cvss 7.8epss 0.00
Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.1epss 0.01
Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network.
- risk 0.51cvss 7.8epss 0.01
Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Applocker Filter Driver (applockerfltr.sys) allows an authorized attacker to elevate privileges locally.
- risk 0.49cvss 7.5epss 0.01
Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network.
- risk 0.51cvss 7.8epss 0.00
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
- risk 0.55cvss —epss 0.00
A vulnerability exists in FlashBlade whereby sensitive information may be logged under specific conditions.
- risk 0.56cvss 8.6epss 0.00
Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current…
- risk 0.51cvss 7.8epss 0.00
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…
- risk 0.51cvss 7.8epss 0.00
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the…
- risk 0.51cvss 7.8epss 0.00
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
- risk 0.51cvss 7.8epss 0.00
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
- risk 0.57cvss 8.8epss 0.00
A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiDDoS-F 7.2.1 through 7.2.2 may allow attacker to execute unauthorized code or commands via sending crafted HTTP requests
- risk 0.53cvss 8.1epss 0.00
A Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any contact owned by other users via supplying a crafted GET request.
- risk 0.53cvss 8.1epss 0.00
A Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any lead owned by other users via supplying a crafted GET request.
- risk 0.57cvss 8.8epss 0.01
A Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily reset user passwords and perform a full account takeover via supplying a crafted HTTP request.
- risk 0.46cvss 7.1epss 0.00
Krayin CRM v2.2.x was discovered to contain a SQL injection vulnerability via the rotten_lead parameter at /Lead/LeadDataGrid.php.
- risk 0.55cvss 8.5epss 0.00
A Server-Side Request Forgery (SSRF) in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying a crafted POST request.
- risk 0.49cvss 7.5epss 0.00
A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via…
- risk 0.53cvss 8.1epss 0.01
A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Successful exploitation…
- risk 0.47cvss 7.2epss 0.01
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0…
- risk 0.46cvss 7.1epss 0.00
A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage…
- risk 0.46cvss 7.1epss 0.00
A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary…
- risk 0.46cvss 7.1epss 0.00
A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this…
- risk 0.53cvss —epss 0.00
A vulnerability in the AdminServer component of OpenEdge on all supported platforms grants its authenticated users OS-level access to the server through the adopted authority of the AdminServer process itself. The delegated authority of the AdminServer could allow its users…
- risk 0.48cvss —epss 0.00
.NET misconfiguration: use of impersonation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0.
- risk 0.48cvss 7.4epss 0.01
In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: * https://w4ke.info/2025/06/18/funky-chunks.html * https://w4ke.info/2025/10/29/funky-chunks-2.html Jetty…
- risk 0.46cvss 7.1epss 0.00
A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions >= V1.7.6 < V1.15.17), Industrial Edge Management Pro V2 (All versions >= V2.0.0 < V2.1.1), Industrial Edge Management Virtual (All versions >= V2.2.0 < V2.8.0). Affected management systems do…
- risk 0.42cvss 7.5epss 0.00
Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. This can occur due to `ssl_verify` in openid-connect plugin configuration being set to false by default. This issue affects Apache APISIX: from 0.7 through 3.15.0. Users are recommended to upgrade…
- risk 0.57cvss 8.8epss 0.00
A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) (All versions < V5.8). User Administrators are allowed to administer groups they belong to. This could allow an authenticated User Administrator to escalate their own privileges and…
- risk 0.57cvss 8.8epss 0.00
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorization checks, leading to the…