CVE-2025-22454 |
Description: Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
CVSS: HIGH (7.8) EPSS Score: 0.02% SSVC Exploitation: none
March 11th, 2025 (4 months ago)
|
CVE-2024-55590 |
Description: Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiIsolator version 2.4.0 through 2.4.5 allows an authenticated attacker with at least read-only admin permission and CLI access to execute unauthorized code via specifically crafted CLI commands.
CVSS: HIGH (8.6) EPSS Score: 0.21%
March 11th, 2025 (4 months ago)
|
CVE-2024-54084 |
Description: APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution.
CVSS: HIGH (7.5) EPSS Score: 0.02% SSVC Exploitation: none
March 11th, 2025 (4 months ago)
|
CVE-2024-52961 |
Description: An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.7, 4.2.0 through 4.2.7 and before 4.0.5 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests.
CVSS: HIGH (8.6) EPSS Score: 0.06%
March 11th, 2025 (4 months ago)
|
CVE-2024-45328 |
Description: An incorrect authorization vulnerability [CWE-863] in FortiSandbox 4.4.0 through 4.4.6 may allow a low priviledged administrator to execute elevated CLI commands via the GUI console menu.
CVSS: HIGH (7.1) EPSS Score: 0.01%
March 11th, 2025 (4 months ago)
|
CVE-2024-45324 |
Description: A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attacker to execute unauthorized code or commands via specially crafted HTTP or HTTPS commands.
CVSS: HIGH (7.0) EPSS Score: 0.15%
March 11th, 2025 (4 months ago)
|
CVE-2025-27363 |
🚨 Marked as known exploited on April 17th, 2025 (3 months ago).
Description: An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.
CVSS: HIGH (8.1) EPSS Score: 5.37% SSVC Exploitation: none
March 11th, 2025 (4 months ago)
|
CVE-2025-22369 |
Description: The ReadFile endpoint of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to read arbitrary files from the underlying OS.
CVSS: HIGH (7.1) EPSS Score: 0.04%
March 11th, 2025 (4 months ago)
|
CVE-2025-22368 |
Description: The authenticated SCU firmware command of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS commands are improperly neutralized when certain fields are passed to the underlying OS.
CVSS: HIGH (8.7) EPSS Score: 0.08%
March 11th, 2025 (4 months ago)
|
CVE-2025-22367 |
Description: The authenticated time setting capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS.
CVSS: HIGH (8.7) EPSS Score: 0.08%
March 11th, 2025 (4 months ago)
|