| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This allows a remote attacker to determine whether a user is valid because of a difference in responses from the /oauth2/token endpoint. |
| CVE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Payara Platform Payara Server allows : Remote Code Inclusion.This issue affects Payara Server: from 4.1.2.1919.1 before 4.1.2.191.51, from 5.20.0 before 5.68.0, from 6.0.0 before 6.23.0, from 6.2022.1 before 6.2025.2. |
| Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Commands Connectors configuration modules) allows Stored
XSS by users with elevated privileges.
This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28. |
| Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network. |
| Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally. |
| Improper access control in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network. |
| Exposure of sensitive information to an unauthorized actor in Windows Taskbar Live allows an unauthorized attacker to disclose information with a physical attack. |
| External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally. |
| External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. |
| Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. |
| Improper verification of cryptographic signature in GitHub allows an unauthorized attacker to perform spoofing over an adjacent network. |
| Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network. |
| Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code locally. |
| Improper link resolution before file access ('link following') in XBox Gaming Services allows an authorized attacker to elevate privileges locally. |
| Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network. |
| Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. |
