Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network. Assigner : secure@microsoft.com More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30392
Improper input validation in Microsoft Dynamics allows an unauthorized attacker to disclose information over a network. Assigner : secure@microsoft.com More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30391
Improper authorization in Azure allows an authorized attacker to elevate privileges over a network. Assigner : secure@microsoft.com More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30390
Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network. Assigner : secure@microsoft.com More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30389
An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.3. An app may be able to cause a denial-of-service. Assigner...
Missing authorization in Azure Virtual Desktop allows an authorized attacker to elevate privileges over a network. Assigner : secure@microsoft.com More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21416
Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage This vulnerability...
Symantec Endpoint Protection Windows Agent, running an ERASER Engine prior to 119.1.7.8, may be susceptible to an Elevation of Privilege vulnerability, which may allow an attacker to delete resources that are normally protected from...
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.13.5 and 1.14.0, it may happen that policy rules using namespace selector(s) in their match statements are mistakenly not...
A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been rated as critical. Affected by this issue is the function sub_435E04. The manipulation of the argument host leads to command injection. The attack...
XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.8 and from 16.0.0-rc-1 to before 16.2.0, the required rights analysis doesn’t consider TextAreas with default content type. When editing a...
XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, when a user with programming rights edits a document...
XWiki is a generic wiki platform. In versions starting from 6.1-milestone-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the script API of the LESS compiler in XWiki...
XWiki is a generic wiki platform. In versions starting from 4.5.1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the Solr script service doesn’t take dropped programming rights...