CVE-2024-41195 |
Description: An issue in Ocuco Innovation - INNOVASERVICEINTF.EXE v2.10.24.17 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.
CVSS: CRITICAL (9.8) EPSS Score: 0.02%
May 22nd, 2025 (16 days ago)
|
CVE-2024-6914 |
Description: An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A malicious actor can exploit this vulnerability to reset the password of any user account, leading to a complete account takeover, including accounts with elevated privileges.
This vulnerability is exploitable only through the account recovery SOAP admin services exposed via the "/services" context path in affected products. The impact may be reduced if access to these endpoints has been restricted based on the "Security Guidelines for Production Deployment" by disabling exposure to untrusted networks.
CVSS: CRITICAL (9.8) EPSS Score: 0.04% SSVC Exploitation: none
May 22nd, 2025 (16 days ago)
|
CVE-2024-23687 |
Description: Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines.
CVSS: CRITICAL (9.1) EPSS Score: 0.31% SSVC Exploitation: none
May 22nd, 2025 (16 days ago)
|
CVE-2025-2410 |
Description: Port manipulation vulnerabilities in ASPECT provide attackers with the ability to con-trol TCP/IP port access if session administrator credentials become compromised.
This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
CVSS: CRITICAL (9.1) EPSS Score: 0.06%
May 22nd, 2025 (16 days ago)
|
CVE-2025-2409 |
Description: File corruption vulnerabilities in ASPECT provide attackers access to overwrite sys-tem files if session administrator credentials become compromised
This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
May 22nd, 2025 (16 days ago)
|
CVE-2024-48853 |
Description: An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as a "non" root ASPECT user. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
CVSS: CRITICAL (9.0) EPSS Score: 0.05%
May 22nd, 2025 (16 days ago)
|
CVE-2025-4632 |
Description: Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write arbitrary file as system authority.
CVSS: CRITICAL (9.8) EPSS Score: 57.86%
May 22nd, 2025 (16 days ago)
|
CVE-2025-32814 |
Description: An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthenticated SQL Injection can occur.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
May 22nd, 2025 (16 days ago)
|
CVE-2025-3484 |
Description: MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the parsing of DICOM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-25853.
CVSS: CRITICAL (9.8) EPSS Score: 0.46% SSVC Exploitation: none
May 22nd, 2025 (16 days ago)
|
CVE-2025-3483 |
Description: MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the parsing of DICOM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-25825.
CVSS: CRITICAL (9.8) EPSS Score: 0.46% SSVC Exploitation: none
May 22nd, 2025 (16 days ago)
|