CVE-2024-48903 |
Description: An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVSS: HIGH (7.8) EPSS Score: 0.03% SSVC Exploitation: none
March 13th, 2025 (4 months ago)
|
CVE-2024-36358 |
Description: A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVSS: HIGH (7.8) EPSS Score: 0.05% SSVC Exploitation: none
March 13th, 2025 (4 months ago)
|
CVE-2024-21059 |
Description: Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).
CVSS: HIGH (7.8) EPSS Score: 0.07% SSVC Exploitation: none
March 13th, 2025 (4 months ago)
|
CVE-2024-10942 |
Description: The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.89 via deserialization of untrusted input in the 'replace_serialized_values' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must export and restore a backup in order to trigger the exploit.
CVSS: HIGH (7.5) EPSS Score: 0.13%
March 13th, 2025 (4 months ago)
|
CVE-2025-29998 |
Description: This vulnerability exists in the CAP back office application due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint which could lead to the OTP bombing/flooding on the targeted system.
CVSS: HIGH (8.2) EPSS Score: 0.12%
March 13th, 2025 (4 months ago)
|
CVE-2025-29997 |
Description: This vulnerability exists in the CAP back office application due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API request URL to gain unauthorized access to other user accounts.
CVSS: HIGH (8.2) EPSS Score: 0.14%
March 13th, 2025 (4 months ago)
|
CVE-2025-29996 |
Description: This vulnerability exists in the CAP back office application due to improper implementation of OTP verification mechanism in its API based login. A remote attacker with valid credentials could exploit this vulnerability by manipulating API request URL/payload. Successful exploitation of this vulnerability could allow the attacker to bypass Two-Factor Authentication (2FA) for other user accounts.
CVSS: HIGH (8.2) EPSS Score: 0.11%
March 13th, 2025 (4 months ago)
|
CVE-2025-29995 |
Description: This vulnerability exists in the CAP back office application due to a weak password-reset mechanism implemented at API endpoints. An authenticated remote attacker with a valid login ID could exploit this vulnerability through vulnerable API endpoint which could lead to account takeover of targeted users.
CVSS: HIGH (8.3) EPSS Score: 0.12%
March 13th, 2025 (4 months ago)
|
CVE-2025-29994 |
Description: This vulnerability exists in the CAP back office application due to improper authentication check at the API endpoint. An unauthenticated remote attacker with a valid login ID could exploit this vulnerability by manipulating API input parameters through API request URL/payload leading to unauthorized access to other user accounts.
CVSS: HIGH (8.2) EPSS Score: 0.14%
March 13th, 2025 (4 months ago)
|
CVE-2025-25175 |
Description: A vulnerability has been identified in Simcenter Femap V2401 (All versions < V2401.0003), Simcenter Femap V2406 (All versions < V2406.0002). The affected application contains a memory corruption vulnerability while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25443)
CVSS: HIGH (7.8) EPSS Score: 0.02%
March 13th, 2025 (4 months ago)
|