CVE-2025-0555 |
Description: A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions.
CVSS: HIGH (7.7) EPSS Score: 0.07%
March 3rd, 2025 (4 months ago)
|
CVE-2025-0289 |
Description: Paragon Partition Manager version 17, both community and Business versions, contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise the service.
EPSS Score: 0.05%
March 3rd, 2025 (4 months ago)
|
CVE-2025-0288 |
Description: Paragon Partition Manager version 7.9.1 contains an arbitrary kernel memory vulnerability facilitated by the memmove function, which does not validate or sanitize user controlled input, allowing an attacker the ability to write arbitrary kernel memory and perform privilege escalation.
EPSS Score: 0.05%
March 3rd, 2025 (4 months ago)
|
CVE-2025-0287 |
Description: Paragon Partition Manager version 7.9.1 contains a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an attacker to execute arbitrary code in the kernel, facilitating privilege escalation.
EPSS Score: 0.02%
March 3rd, 2025 (4 months ago)
|
CVE-2025-0286 |
Description: Paragon Partition Manager version 7.9.1 contains an arbitrary kernel memory write vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to execute arbitrary code on the victim machine.
EPSS Score: 0.08%
March 3rd, 2025 (4 months ago)
|
CVE-2025-0285 |
Description: Paragon Partition Manager version 7.9.1 contains an arbitrary kernel memory mapping vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to perform privilege escalation exploits.
EPSS Score: 0.05%
March 3rd, 2025 (4 months ago)
|
CVE-2024-57240 |
Description: A Cross-Site Scripting (XSS) vulnerability in the Rendering Engine component in Apryse WebViewer v11.1 and earlier allows attackers to execute arbitrary code via a crafted PDF file.
EPSS Score: 0.03%
March 3rd, 2025 (4 months ago)
|
CVE-2024-55570 |
Description: /api/user/users in the web GUI for the Cubro EXA48200 network packet broker (build 20231025055018) fixed in V5.0R14.5P4-V3.3R1 allows remote authenticated users of the application to increase their privileges by sending a single HTTP PUT request with rolename=Administrator, aka incorrect access control.
EPSS Score: 0.03%
March 3rd, 2025 (4 months ago)
|
CVE-2024-55532 |
Description: Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version < 2.6.0.
Users are recommended to upgrade to version 2.6.0, which fixes this issue.
EPSS Score: 0.07%
March 3rd, 2025 (4 months ago)
|
CVE-2024-53388 |
Description: A DOM Clobbering vulnerability in mavo v0.3.2 allows attackers to execute arbitrary code via supplying a crafted HTML element.
EPSS Score: 0.06%
March 3rd, 2025 (4 months ago)
|