CVE tracker
356 subscribers
4.8K links
News monitoring: @irnewsagency

Main channel: @orgsecuritygate

Site: SecurityGate.org
Download Telegram
CVE-2025-1329 - IBM CICS TX DNS Rebinding Vulnerability

CVE ID : CVE-2025-1329
Published : May 8, 2025, 10:15 p.m. | 36 minutes ago
Description : IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyaddr function.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1330 - IBM CICS TX DNS Code Injection

CVE ID : CVE-2025-1330
Published : May 8, 2025, 10:15 p.m. | 36 minutes ago
Description : IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1  could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyname function.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1331 - IBM CICS TX Buffer Overflow Vulnerability

CVE ID : CVE-2025-1331
Published : May 8, 2025, 10:15 p.m. | 36 minutes ago
Description : IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27578 - Pixmeo OsiriX MD Denial-of-Service Use-After-Free Vulnerability

CVE ID : CVE-2025-27578
Published : May 8, 2025, 11:15 p.m. | 3 hours, 35 minutes ago
Description : Pixmeo OsiriX MD is vulnerable to a use after free scenario, which could allow an attacker to upload a crafted DICOM file and cause memory corruption leading to a denial-of-service condition.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27720 - Pixmeo Osirix MD Unencrypted Credential Disclosure

CVE ID : CVE-2025-27720
Published : May 8, 2025, 11:15 p.m. | 3 hours, 35 minutes ago
Description : The Pixmeo Osirix MD Web Portal sends credential information without encryption, which could allow an attacker to steal credentials.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29813 - Microsoft Visual Studio Pipeline Job Token Elevation of Privilege Vulnerability

CVE ID : CVE-2025-29813
Published : May 8, 2025, 11:15 p.m. | 3 hours, 35 minutes ago
Description : An elevation of privilege vulnerability exists when Visual Studio improperly handles pipeline job tokens. An attacker who successfully exploited this vulnerability could extend their access to a project. To exploit this vulnerability, an attacker would first have to have access to the project and swap the short-term token for a long-term one. The update addresses the vulnerability by correcting how the Visual Studio updater handles these tokens.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29827 - Azure Automation Unprivileged Elevation of Privilege

CVE ID : CVE-2025-29827
Published : May 8, 2025, 11:15 p.m. | 3 hours, 35 minutes ago
Description : Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges over a network.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29972 - Azure SSRF Spoofing Vulnerability

CVE ID : CVE-2025-29972
Published : May 8, 2025, 11:15 p.m. | 3 hours, 35 minutes ago
Description : Server-Side Request Forgery (SSRF) in Azure allows an authorized attacker to perform spoofing over a network.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31946 - Pixmeo OsiriX MD Local Use After Free Vulnerability

CVE ID : CVE-2025-31946
Published : May 8, 2025, 11:15 p.m. | 3 hours, 35 minutes ago
Description : Pixmeo OsiriX MD is vulnerable to a local use after free scenario, which could allow an attacker to locally import a crafted DICOM file and cause memory corruption or a system crash.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-33072 - Azure Azure Network Information Disclosure

CVE ID : CVE-2025-33072
Published : May 8, 2025, 11:15 p.m. | 3 hours, 35 minutes ago
Description : Improper access control in Azure allows an unauthorized attacker to disclose information over a network.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47732 - Microsoft Dataverse Remote Code Execution (RCE)

CVE ID : CVE-2025-47732
Published : May 8, 2025, 11:15 p.m. | 3 hours, 35 minutes ago
Description : Microsoft Dataverse Remote Code Execution Vulnerability
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47733 - Microsoft Power Apps SSRF Vulnerability

CVE ID : CVE-2025-47733
Published : May 8, 2025, 11:15 p.m. | 3 hours, 35 minutes ago
Description : Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4107 - Microsoft Windows SMB Remote Code Execution Vulnerability

CVE ID : CVE-2025-4107
Published : May 8, 2025, 11:15 p.m. | 3 hours, 35 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4440 - H3C GR-1800AX Buffer Overflow Vulnerability

CVE ID : CVE-2025-4440
Published : May 8, 2025, 11:15 p.m. | 3 hours, 35 minutes ago
Description : A vulnerability was found in H3C GR-1800AX up to 100R008 and classified as critical. Affected by this issue is the function EnableIpv6 of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4441 - D-Link DIR-605L Remote Buffer Overflow Vulnerability

CVE ID : CVE-2025-4441
Published : May 8, 2025, 11:15 p.m. | 3 hours, 35 minutes ago
Description : A vulnerability was found in D-Link DIR-605L 2.13B01. It has been classified as critical. This affects the function formSetWAN_Wizard534. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4442 - D-Link DIR-605L Remote Buffer Overflow Vulnerability

CVE ID : CVE-2025-4442
Published : May 9, 2025, 12:15 a.m. | 2 hours, 36 minutes ago
Description : A vulnerability was found in D-Link DIR-605L 2.13B01. It has been declared as critical. This vulnerability affects the function formSetWAN_Wizard55. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4443 - D-Link DIR-605L Remote Command Injection Vulnerability

CVE ID : CVE-2025-4443
Published : May 9, 2025, 12:15 a.m. | 2 hours, 36 minutes ago
Description : A vulnerability was found in D-Link DIR-605L 2.13B01. It has been rated as critical. This issue affects the function sub_454F2C. The manipulation of the argument sysCmd leads to command injection. The attack may be initiated remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4445 - D-Link DIR-605L Wake-on-LAN Command Injection Vulnerability

CVE ID : CVE-2025-4445
Published : May 9, 2025, 12:15 a.m. | 2 hours, 36 minutes ago
Description : A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01. Affected is the function wake_on_lan. The manipulation of the argument mac leads to command injection. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4446 - H3C GR-5400AX Local Buffer Overflow Vulnerability

CVE ID : CVE-2025-4446
Published : May 9, 2025, 12:15 a.m. | 2 hours, 36 minutes ago
Description : A vulnerability has been found in H3C GR-5400AX up to 100R008 and classified as critical. This vulnerability affects the function Edit_List_SSID of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. The attack needs to be approached within the local network.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4448 - D-Link DIR-619L Remote Buffer Overflow Vulnerability

CVE ID : CVE-2025-4448
Published : May 9, 2025, 1:15 a.m. | 1 hour, 35 minutes ago
Description : A vulnerability classified as critical was found in D-Link DIR-619L 2.04B04. This vulnerability affects the function formEasySetupWizard. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4449 - D-Link DIR-619L Remote Buffer Overflow Vulnerability

CVE ID : CVE-2025-4449
Published : May 9, 2025, 1:15 a.m. | 1 hour, 35 minutes ago
Description : A vulnerability, which was classified as critical, has been found in D-Link DIR-619L 2.04B04. This issue affects the function formEasySetupWizard3. The manipulation of the argument wan_connected leads to buffer overflow. The attack may be initiated remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...