CVE-2024-5532 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Operations Agent.  The XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the ... read CVE-2024-5532
Published: October 28, 2024; 3:15:15 PM -0400

V3.1: 4.8 MEDIUM

CVE-2024-20906 - Vulnerability in the Integrated Lights Out Manager (ILOM) product of Oracle Systems (component: System Management). Supported versions that are affected are 3, 4 and 5. Easily exploitable vulnerability allows high privileged attacker with networ... read CVE-2024-20906
Published: January 16, 2024; 5:15:38 PM -0500

V3.1: 4.8 MEDIUM

CVE-2024-28804 - An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Stored Cross-site scripting (XSS) can occur via POST.
Published: July 29, 2024; 3:15:11 PM -0400

CVE-2024-28806 - An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Remote unauthenticated attackers can upload files at an arbitrary path.
Published: July 29, 2024; 3:15:12 PM -0400

CVE-2024-34399 - **UNSUPPORTED WHEN ASSIGNED** An issue was discovered in BMC Remedy Mid Tier 7.6.04. An unauthenticated remote attacker is able to access any user account without using any password. NOTE: This vulnerability only affects products that are no longe... read CVE-2024-34399
Published: September 18, 2024; 2:15:06 PM -0400

CVE-2024-34398 - An issue was discovered in BMC Remedy Mid Tier 7.6.04. The web application allows stored HTML Injection by authenticated remote attackers.
Published: March 12, 2025; 1:15:41 PM -0400

CVE-2024-0799 - An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin() function within wizardLogin.
Published: March 13, 2024; 3:15:46 PM -0400

CVE-2024-28805 - An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. There is Incorrect Access Control.
Published: July 29, 2024; 3:15:11 PM -0400

CVE-2025-23366 - A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authent... read CVE-2025-23366
Published: January 14, 2025; 1:16:06 PM -0500

V3.1: 4.8 MEDIUM

CVE-2024-28803 - Cross-site scripting (XSS) vulnerability in Italtel S.p.A. i-MCS NFV v.12.1.0-20211215 allows unauthenticated remote attackers to inject arbitrary web script or HTML into HTTP/POST parameter
Published: March 13, 2025; 10:15:24 AM -0400

CVE-2024-52949 - iptraf-ng 1.2.1 has a stack-based buffer overflow. In src/ifaces.c, the strcpy function consistently fails to control the size, and it is consequently possible to overflow memory on the stack.
Published: December 16, 2024; 5:15:06 PM -0500

CVE-2024-0800 - A path traversal vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.servlet.ImportNodeServlet.
Published: March 13, 2024; 3:15:46 PM -0400

CVE-2024-0801 - A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll.
Published: March 13, 2024; 3:15:46 PM -0400

CVE-2024-25651 - User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This allows a remote attacker to determine whether a user is valid because of a difference in responses from the /oauth2/token endpoint.
Published: March 13, 2024; 11:15:08 PM -0400

CVE-2025-1534 - CVE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Payara Platform Payara Server allows : Remote Code Inclusion.This issue affects Payara Server: from 4.1.2.1919.1 before 4.1.2.191.51, fro... read CVE-2025-1534
Published: April 01, 2025; 12:15:44 AM -0400

V3.1: 5.4 MEDIUM

CVE-2024-25653 - Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI.
Published: March 13, 2024; 11:15:09 PM -0400

CVE-2025-24949 - In JotUrl 2.0, is possible to bypass security requirements during the password change process.
Published: April 15, 2025; 12:16:05 PM -0400

CVE-2024-29026 - Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. In versions 0.1.2 and prior, a lenient CORS policy allows attackers to make a cross origin request, reading privileged information. This can b... read CVE-2024-29026
Published: March 20, 2024; 6:15:08 PM -0400

V3.1: 9.1 CRITICAL

CVE-2025-5459 - A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has been reso... read CVE-2025-5459
Published: June 26, 2025; 3:15:27 AM -0400

V3.1: 8.8 HIGH

CVE-2025-23368 - A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.
Published: March 04, 2025; 11:15:39 AM -0500

V3.1: 9.8 CRITICAL