A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests...
OpenCTI is an open-source cyber threat intelligence platform. In versions starting from 6.4.8 to before 6.4.10, the allow/deny lists can be bypassed, allowing a user to change attributes that are intended to be unmodifiable...
Volcano is a Kubernetes-native batch scheduling system. Prior to versions 1.11.2, 1.10.2, 1.9.1, 1.11.0-network-topology-preview.3, and 1.12.0-alpha.2, attacker compromise of either the Elastic service or the extender plugin can cause denial of service of the...
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.10 to v1.3.6 (Helm chart
XWiki is a generic wiki platform. In versions starting from 1.8.1 to before 14.10.22, from 15.0-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.7.0, anyone can access the...
XWiki is a generic wiki platform. In versions starting from 15.3-rc-1 to before 15.10.14, from 16.0.0-rc-1 to before 16.4.6, and from 16.5.0-rc-1 to before 16.10.0-rc-1, a user who can access pages located in the...
XWiki Contrib’s Syntax Markdown allows importing Markdown content into wiki pages and creating wiki content in Markdown. In versions starting from 8.2 to before 8.9, the Markdown syntax is vulnerable to cross-site scripting (XSS)...
Missing authorization in Azure Virtual Desktop allows an authorized attacker to elevate privileges over a network. Assigner : secure@microsoft.com More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21416
An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.3. An app may be able to cause a denial-of-service. Assigner...
Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network. Assigner : secure@microsoft.com More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30389
Improper authorization in Azure allows an authorized attacker to elevate privileges over a network. Assigner : secure@microsoft.com More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30390
Improper input validation in Microsoft Dynamics allows an unauthorized attacker to disclose information over a network. Assigner : secure@microsoft.com More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30391
Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network. Assigner : secure@microsoft.com More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30392
Improper verification of cryptographic signature in Microsoft Azure Functions allows an authorized attacker to execute code over a network. Assigner : secure@microsoft.com More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33074