CVE-2025-8850 - Insecure API Design in danny-avila/librechat
CVE ID : CVE-2025-8850
Published : Oct. 30, 2025, 8:15 p.m. | 58 minutes ago
Description : In danny-avila/librechat version 0.7.9, there is an insecure API design issue in the 2-Factor Authentication (2FA) flow. The system allows users to disable 2FA without requiring a valid OTP or backup code, bypassing the intended verification process. This vulnerability occurs because the backend does not properly validate the OTP or backup code when the API endpoint '/api/auth/2fa/disable' is directly accessed. This flaw can be exploited by authenticated users to weaken the security of their own accounts, although it does not lead to full account compromise.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8850
Published : Oct. 30, 2025, 8:15 p.m. | 58 minutes ago
Description : In danny-avila/librechat version 0.7.9, there is an insecure API design issue in the 2-Factor Authentication (2FA) flow. The system allows users to disable 2FA without requiring a valid OTP or backup code, bypassing the intended verification process. This vulnerability occurs because the backend does not properly validate the OTP or backup code when the API endpoint '/api/auth/2fa/disable' is directly accessed. This flaw can be exploited by authenticated users to weaken the security of their own accounts, although it does not lead to full account compromise.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34249 - Nagios Fusion < 2024R2.1 2FA Brute Force Bypass
CVE ID : CVE-2025-34249
Published : Oct. 30, 2025, 10:15 p.m. | 3 hours, 1 minute ago
Description : Nagios Fusion versions prior to 2024R2.1 contain a brute-force bypass in the Two-Factor Authentication (2FA) implementation. The application did not properly enforce rate limiting or account lockout for repeated failed 2FA verification attempts, allowing a remote attacker to repeatedly try second-factor codes for a targeted account. By abusing the lack of enforcement, an attacker could eventually successfully authenticate to accounts protected by 2FA.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34249
Published : Oct. 30, 2025, 10:15 p.m. | 3 hours, 1 minute ago
Description : Nagios Fusion versions prior to 2024R2.1 contain a brute-force bypass in the Two-Factor Authentication (2FA) implementation. The application did not properly enforce rate limiting or account lockout for repeated failed 2FA verification attempts, allowing a remote attacker to repeatedly try second-factor codes for a targeted account. By abusing the lack of enforcement, an attacker could eventually successfully authenticate to accounts protected by 2FA.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34269 - Nagios Fusion < R2.1 2FA Lack of Re-Authentication or Session Rotation
CVE ID : CVE-2025-34269
Published : Oct. 30, 2025, 10:15 p.m. | 3 hours, 1 minute ago
Description : Nagios Fusion versions prior to R2.1 contain a vulnerability due to the application not requiring re-authentication or session rotation when a user has enabled two-factor authentication (2FA). As a result, an adversary who has obtained a valid session could continue using the active session after the target user enabled 2FA, potentially preventing the legitimate user from locking the attacker out and enabling persistent account takeover.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34269
Published : Oct. 30, 2025, 10:15 p.m. | 3 hours, 1 minute ago
Description : Nagios Fusion versions prior to R2.1 contain a vulnerability due to the application not requiring re-authentication or session rotation when a user has enabled two-factor authentication (2FA). As a result, an adversary who has obtained a valid session could continue using the active session after the target user enabled 2FA, potentially preventing the legitimate user from locking the attacker out and enabling persistent account takeover.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34270 - Nagios Log Server < 2024R2.0.2 AD/LDAP Import Password Not Obfuscated
CVE ID : CVE-2025-34270
Published : Oct. 30, 2025, 10:15 p.m. | 3 hours, 1 minute ago
Description : Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the AD/LDAP user import functionality as it fails to obfuscate the password field during import. As a result, the plaintext password supplied for imported accounts may be exposed in the user interface, logs, or other diagnostic output. This can leak sensitive credentials to administrators or anyone with access to import results.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34270
Published : Oct. 30, 2025, 10:15 p.m. | 3 hours, 1 minute ago
Description : Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the AD/LDAP user import functionality as it fails to obfuscate the password field during import. As a result, the plaintext password supplied for imported accounts may be exposed in the user interface, logs, or other diagnostic output. This can leak sensitive credentials to administrators or anyone with access to import results.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34271 - Nagios Log Server < 2024R2.0.2 Cluster Manager Credential Requests Sent Over Plaintext
CVE ID : CVE-2025-34271
Published : Oct. 30, 2025, 10:15 p.m. | 3 hours, 1 minute ago
Description : Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes over an unencrypted channel even when SSL/TLS is enabled in the product configuration. As a result, an attacker positioned on the network path can intercept credentials in transit. Captured credentials could allow the attacker to authenticate as a cluster node or service account, enabling further unauthorized access, lateral movement, or system compromise.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34271
Published : Oct. 30, 2025, 10:15 p.m. | 3 hours, 1 minute ago
Description : Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes over an unencrypted channel even when SSL/TLS is enabled in the product configuration. As a result, an attacker positioned on the network path can intercept credentials in transit. Captured credentials could allow the attacker to authenticate as a cluster node or service account, enabling further unauthorized access, lateral movement, or system compromise.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34272 - Nagios Log Server < 2024R2.0.3 Non-Empty Default Dashboard Fallback
CVE ID : CVE-2025-34272
Published : Oct. 30, 2025, 10:15 p.m. | 3 hours, 1 minute ago
Description : In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is deleted, the application does not reliably fall back to an empty, default dashboard. In some implementations this can result in an unexpected dashboard being presented as the user's default view. Depending on the product's dashboard sharing and access policies, this behavior may cause information exposure or unexpected privilege exposure.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34272
Published : Oct. 30, 2025, 10:15 p.m. | 3 hours, 1 minute ago
Description : In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is deleted, the application does not reliably fall back to an empty, default dashboard. In some implementations this can result in an unexpected dashboard being presented as the user's default view. Depending on the product's dashboard sharing and access policies, this behavior may cause information exposure or unexpected privilege exposure.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34273 - Nagios Log Server < 2024R2.0.3 Non-Admin Dashboard Deletion
CVE ID : CVE-2025-34273
Published : Oct. 30, 2025, 10:15 p.m. | 3 hours, 1 minute ago
Description : Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect authorization vulnerability that allows non-administrator users to delete global dashboards. The application did not correctly enforce authorization checks for the global dashboard deletion workflow, enabling lower-privileged users to remove dashboards that affect other users or the overall monitoring UI.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34273
Published : Oct. 30, 2025, 10:15 p.m. | 3 hours, 1 minute ago
Description : Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect authorization vulnerability that allows non-administrator users to delete global dashboards. The application did not correctly enforce authorization checks for the global dashboard deletion workflow, enabling lower-privileged users to remove dashboards that affect other users or the overall monitoring UI.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34274 - Nagios Log Server < 2024R2.0.3 Logstash Process Root Privileges
CVE ID : CVE-2025-34274
Published : Oct. 30, 2025, 10:15 p.m. | 3 hours, 1 minute ago
Description : Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration injection, or a vulnerability in input parsing - the attacker could execute code with root privileges, resulting in full system compromise. The Logstash service has been altered to run as the lower-privileged 'nagios' user to reduce this risk associated with a network-facing service that can accept untrusted input or load third-party components.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34274
Published : Oct. 30, 2025, 10:15 p.m. | 3 hours, 1 minute ago
Description : Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration injection, or a vulnerability in input parsing - the attacker could execute code with root privileges, resulting in full system compromise. The Logstash service has been altered to run as the lower-privileged 'nagios' user to reduce this risk associated with a network-facing service that can accept untrusted input or load third-party components.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34277 - Nagios Log Server < 2024R1.3.1 RCE via Malformed Dashboard ID
CVE ID : CVE-2025-34277
Published : Oct. 30, 2025, 10:15 p.m. | 3 hours, 1 minute ago
Description : Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before being forwarded to an internal API. An attacker able to supply crafted dashboard ID values can cause the system to execute attacker-controlled data, leading to arbitrary code execution in the context of the Log Server process.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34277
Published : Oct. 30, 2025, 10:15 p.m. | 3 hours, 1 minute ago
Description : Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before being forwarded to an internal API. An attacker able to supply crafted dashboard ID values can cause the system to execute attacker-controlled data, leading to arbitrary code execution in the context of the Log Server process.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34278 - Nagios Network Analyzer < 2024R1 Source Groups / Percentile Calculator Menu Stored XSS
CVE ID : CVE-2025-34278
Published : Oct. 30, 2025, 10:15 p.m. | 3 hours, 1 minute ago
Description : Nagios Network Analyzer versions prior to 2024R1 contain a stored cross-site scripting (XSS) vulnerability in the Source Groups page (percentile calculator menu). An attacker can supply a malicious payload which is stored by the application and later rendered in the context of other users. When a victim views the affected page the injected script executes in the victim's browser context.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34278
Published : Oct. 30, 2025, 10:15 p.m. | 3 hours, 1 minute ago
Description : Nagios Network Analyzer versions prior to 2024R1 contain a stored cross-site scripting (XSS) vulnerability in the Source Groups page (percentile calculator menu). An attacker can supply a malicious payload which is stored by the application and later rendered in the context of other users. When a victim views the affected page the injected script executes in the victim's browser context.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34280 - Nagios Network Analyzer < 2024R2.0.1 RCE in LDAP Certificate Removal Function
CVE ID : CVE-2025-34280
Published : Oct. 30, 2025, 10:15 p.m. | 3 hours, 1 minute ago
Description : Nagios Network Analyzer versions prior to 2024R2.0.1 contain a vulnerability in the LDAP certificate management functionality whereby the certificate removal operation fails to apply adequate input sanitation. An authenticated administrator can trigger command execution on the underlying host in the context of the web application service, resulting in remote code execution with the service's privileges.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34280
Published : Oct. 30, 2025, 10:15 p.m. | 3 hours, 1 minute ago
Description : Nagios Network Analyzer versions prior to 2024R2.0.1 contain a vulnerability in the LDAP certificate management functionality whereby the certificate removal operation fails to apply adequate input sanitation. An authenticated administrator can trigger command execution on the underlying host in the context of the web application service, resulting in remote code execution with the service's privileges.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34283 - Nagios XI < 2024R1.4.2 API Key Disclosure via Neptune Themes
CVE ID : CVE-2025-34283
Published : Oct. 30, 2025, 10:15 p.m. | 3 hours, 1 minute ago
Description : Nagios XI versions prior to 2024R1.4.2 revealed API keys to users who were not authorized for API access when using Neptune themes. An authenticated user without API privileges could view another user's or their own API key value.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34283
Published : Oct. 30, 2025, 10:15 p.m. | 3 hours, 1 minute ago
Description : Nagios XI versions prior to 2024R1.4.2 revealed API keys to users who were not authorized for API access when using Neptune themes. An authenticated user without API privileges could view another user's or their own API key value.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34284 - Nagios XI < 2024R2 Authenticated Command Injection via WinRM Plugin
CVE ID : CVE-2025-34284
Published : Oct. 30, 2025, 10:15 p.m. | 3 hours, 1 minute ago
Description : Nagios XI versions prior to 2024R2 contain a command injection vulnerability in the WinRM plugin. Insufficient validation of user-supplied parameters allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful exploitation enables arbitrary command execution with the privileges of the Nagios XI web application user and can be leveraged to modify configuration, exfiltrate data, disrupt monitoring operations, or execute commands on the underlying host operating system.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34284
Published : Oct. 30, 2025, 10:15 p.m. | 3 hours, 1 minute ago
Description : Nagios XI versions prior to 2024R2 contain a command injection vulnerability in the WinRM plugin. Insufficient validation of user-supplied parameters allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful exploitation enables arbitrary command execution with the privileges of the Nagios XI web application user and can be leveraged to modify configuration, exfiltrate data, disrupt monitoring operations, or execute commands on the underlying host operating system.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34286 - Nagios XI < 2026R1 RCE via Run Check Command in CCM
CVE ID : CVE-2025-34286
Published : Oct. 30, 2025, 10:15 p.m. | 3 hours, 1 minute ago
Description : Nagios XI versions prior to 2026R1 contain a remote code execution vulnerability in the Core Config Manager (CCM) Run Check command. Insufficient validation/escaping of parameters used to build backend command lines allows an authenticated administrator to inject shell metacharacters that are executed on the server. Successful exploitation results in arbitrary command execution with the privileges of the Nagios XI web application user and can be leveraged to gain control of the underlying host operating system.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34286
Published : Oct. 30, 2025, 10:15 p.m. | 3 hours, 1 minute ago
Description : Nagios XI versions prior to 2026R1 contain a remote code execution vulnerability in the Core Config Manager (CCM) Run Check command. Insufficient validation/escaping of parameters used to build backend command lines allows an authenticated administrator to inject shell metacharacters that are executed on the server. Successful exploitation results in arbitrary command execution with the privileges of the Nagios XI web application user and can be leveraged to gain control of the underlying host operating system.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34287 - Nagios XI < 2024R2 Privilege Escalation via process_perfdata.pl
CVE ID : CVE-2025-34287
Published : Oct. 30, 2025, 10:15 p.m. | 3 hours, 1 minute ago
Description : Nagios XI versions prior to 2024R2 contain an improperly owned script, process_perfdata.pl, which is executed periodically as the nagios user but owned by www-data. Because the file was writable by www-data, an attacker with web server privileges could modify its contents, leading to arbitrary code execution as the nagios user when the script is next run. This improper ownership and permission configuration enables local privilege escalation.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34287
Published : Oct. 30, 2025, 10:15 p.m. | 3 hours, 1 minute ago
Description : Nagios XI versions prior to 2024R2 contain an improperly owned script, process_perfdata.pl, which is executed periodically as the nagios user but owned by www-data. Because the file was writable by www-data, an attacker with web server privileges could modify its contents, leading to arbitrary code execution as the nagios user when the script is next run. This improper ownership and permission configuration enables local privilege escalation.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34298 - Nagios Log Server < 2024R1.3.2 Set Email Privilege Escalation
CVE ID : CVE-2025-34298
Published : Oct. 30, 2025, 10:15 p.m. | 3 hours, 1 minute ago
Description : Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own email to an invalid value and, due to insufficient validation and authorization checks tied to email identity state, trigger inconsistent account state that granted elevated privileges or bypassed intended access controls.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34298
Published : Oct. 30, 2025, 10:15 p.m. | 3 hours, 1 minute ago
Description : Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own email to an invalid value and, due to insufficient validation and authorization checks tied to email identity state, trigger inconsistent account state that granted elevated privileges or bypassed intended access controls.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27208 - Revive Adserver Reflected Cross-Site Scripting (XSS)
CVE ID : CVE-2025-27208
Published : Oct. 31, 2025, 12:15 a.m. | 1 hour, 1 minute ago
Description : A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Revive Adserver version 5.5.2. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code in the context of the victim's browser. The session cookie cannot be accessed, but a number of other operations could be performed. The vulnerability is present in the admin-search.php file and can be exploited via the compact parameter.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27208
Published : Oct. 31, 2025, 12:15 a.m. | 1 hour, 1 minute ago
Description : A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Revive Adserver version 5.5.2. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code in the context of the victim's browser. The session cookie cannot be accessed, but a number of other operations could be performed. The vulnerability is present in the admin-search.php file and can be exploited via the compact parameter.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48980 - Brave Browser SameSite Cookie Insecure Navigation
CVE ID : CVE-2025-48980
Published : Oct. 31, 2025, 12:15 a.m. | 1 hour, 1 minute ago
Description : In Brave Browser Desktop versions prior to 1.83.10 that have the split view feature enabled, the "Open Link in Split View" context menu item did not respect the SameSite cookie attribute. Therefore SameSite=Strict cookies would be sent on a cross-site navigation using this method.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48980
Published : Oct. 31, 2025, 12:15 a.m. | 1 hour, 1 minute ago
Description : In Brave Browser Desktop versions prior to 1.83.10 that have the split view feature enabled, the "Open Link in Split View" context menu item did not respect the SameSite cookie attribute. Therefore SameSite=Strict cookies would be sent on a cross-site navigation using this method.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48982 - Veeam Agent for Microsoft Windows Local Privilege Escalation
CVE ID : CVE-2025-48982
Published : Oct. 31, 2025, 12:15 a.m. | 1 hour, 1 minute ago
Description : This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation if a system administrator is tricked into restoring a malicious file.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48982
Published : Oct. 31, 2025, 12:15 a.m. | 1 hour, 1 minute ago
Description : This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation if a system administrator is tricked into restoring a malicious file.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48983 - Veeam Backup & Replication Mount Service Authenticated RCE Vulnerability
CVE ID : CVE-2025-48983
Published : Oct. 31, 2025, 12:15 a.m. | 1 hour, 1 minute ago
Description : A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code execution (RCE) on the Backup infrastructure hosts by an authenticated domain user.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48983
Published : Oct. 31, 2025, 12:15 a.m. | 1 hour, 1 minute ago
Description : A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code execution (RCE) on the Backup infrastructure hosts by an authenticated domain user.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48984 - VMware vSphere Backup Server Remote Code Execution Vulnerability
CVE ID : CVE-2025-48984
Published : Oct. 31, 2025, 12:15 a.m. | 1 hour, 1 minute ago
Description : A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48984
Published : Oct. 31, 2025, 12:15 a.m. | 1 hour, 1 minute ago
Description : A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...