Total
10 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-46655 | 2025-04-29 | N/A | 4.9 MEDIUM | ||
| CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed in certain cases of different-origin file storage, such as AWS S3. NOTE: it can be considered a user error if AWS is employed for hosting untrusted JavaScript content, but the selected architecture within AWS does not have components that are able to insert Content-Security-Policy headers. | |||||
| CVE-2025-46654 | 2025-04-29 | N/A | 4.9 MEDIUM | ||
| CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file. | |||||
| CVE-2024-58136 | 1 Yiiframework | 1 Yii | 2025-04-28 | N/A | 9.0 CRITICAL |
| Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025. | |||||
| CVE-2022-1742 | 1 Dominionvoting | 2 Democracy Suite, Imagecast X | 2025-04-17 | 7.2 HIGH | 6.8 MEDIUM |
| The tested version of Dominion Voting Systems ImageCast X allows for rebooting into Android Safe Mode, which allows an attacker to directly access the operating system. An attacker could leverage this vulnerability to escalate privileges on a device and/or install malicious code. | |||||
| CVE-2025-0113 | 2025-04-09 | N/A | N/A | ||
| A problem with the network isolation mechanism of the Palo Alto Networks Cortex XDR Broker VM allows attackers unauthorized access to Docker containers from the host network used by Broker VM. This may allow access to read files sent for analysis and logs transmitted by the Cortex XDR Agent to the Cortex XDR server. | |||||
| CVE-2024-3460 | 1 Kioware | 1 Kioware | 2025-02-12 | N/A | 7.4 HIGH |
| In KioWare for Windows (versions all through 8.34) it is possible to exit this software and use other already opened applications utilizing a short time window before the forced automatic logout occurs. Then, by using some built-in function of these applications, one may launch any other programs. In order to exploit this vulnerability external applications must be left running when the KioWare software is launched. Additionally, an attacker must know the PIN set for this Kioware instance and also slow down the application with some specific task which extends the usable time window. | |||||
| CVE-2024-3459 | 1 Kioware | 1 Kioware | 2025-02-12 | N/A | 8.4 HIGH |
| KioWare for Windows (versions all through 8.34) allows to escape the environment by downloading PDF files, which then by default are opened in an external PDF viewer. By using built-in functions of that viewer it is possible to launch a web browser, search through local files and, subsequently, launch any program with user privileges. | |||||
| CVE-2024-8311 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 6.5 MEDIUM |
| An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template. | |||||
| CVE-2024-8781 | 2024-11-18 | N/A | N/A | ||
| Execution with Unnecessary Privileges, : Improper Protection of Alternate Path vulnerability in TR7 Application Security Platform (ASP) allows Privilege Escalation, -Privilege Abuse.This issue affects Application Security Platform (ASP): v1.4.25.188. | |||||
| CVE-2023-52952 | 2024-10-10 | N/A | 8.5 HIGH | ||
| A vulnerability has been identified in HiMed Cockpit 12 pro (J31032-K2017-H259) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 14 pro+ (J31032-K2017-H435) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 18 pro (J31032-K2017-H260) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 18 pro+ (J31032-K2017-H436) (All versions >= V11.5.1 < V11.6.2). The Kiosk Mode of the affected devices contains a restricted desktop environment escape vulnerability. This could allow an unauthenticated local attacker to escape the restricted environment and gain access to the underlying operating system. | |||||