| Page(s) : 1 ... 32 33 34 35 36 37 38 39 40 41 [42] 43 44 45 46 47 48 49 50 51 52 ... | Result(s) : 324165 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2025-06-13 | CVE-2024-38823 | cve | Salt's request server is vulnerable to replay attacks when not using a TLS encrypted transport. |
| N/A | 2025-06-13 | CVE-2024-38825 | cve | The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. Th... |
| N/A | 2025-06-13 | CVE-2025-22236 | cve | Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions (>= 3007.0). |
| N/A | 2025-06-13 | CVE-2025-22237 | cve | An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be... |
| N/A | 2025-06-13 | CVE-2025-22238 | cve | Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or ove... |
| N/A | 2025-06-13 | CVE-2025-22239 | cve | Arbitrary event injection on Salt Master. The master's "_minion_event" method can be used by and authorized minion to send arbitrary events onto the master's event bus. |
| N/A | 2025-06-13 | CVE-2025-22240 | cve | Arbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgt_env” variab... |
| N/A | 2025-06-13 | CVE-2025-22241 | cve | File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionali... |
| N/A | 2025-06-13 | CVE-2025-22242 | cve | Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pub_ret” method which is exposed to all minions. The un-sanitized inp... |
| 6.4 | 2025-06-13 | CVE-2025-5923 | cve | The Game Review Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 4.8.1 due to insuffic... |
| N/A | 2025-06-13 | CVE-2024-38824 | cve | Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory. |
| N/A | 2025-06-13 | CVE-2025-39240 | cve | Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit ... |
| 5.5 | 2025-06-13 | CVE-2025-6012 | cve | The Auto Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.5 due to insufficient input s... |
| N/A | 2025-06-13 | CVE-2025-36506 | cve | External control of file name or path issue exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If an attacker sends a specially crafted request, arbitrary fil... |
| N/A | 2025-06-13 | CVE-2025-46783 | cve | Path traversal vulnerability exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If this vulnerability is exploited, arbitrary code may be executed on the PC w... |
| N/A | 2025-06-13 | CVE-2025-48825 | cve | RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0 contains an issue with use of less trusted source, which may allow an attacker who can conduct a man-in-the-middle attac... |
| N/A | 2025-06-13 | CVE-2025-4228 | cve | An incorrect privilege assignment vulnerability in Palo Alto Networks Cortex® XDR Broker VM allows an authenticated administrative user to execute certain files available within... |
| N/A | 2025-06-13 | CVE-2025-4230 | cve | A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a roo... |
| N/A | 2025-06-13 | CVE-2025-4231 | cve | A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user. The attacker must have network... |
| N/A | 2025-06-13 | CVE-2025-4232 | cve | An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non administrative user to escalat... |
| Page(s) : 1 ... 32 33 34 35 36 37 38 39 40 41 [42] 43 44 45 46 47 48 49 50 51 52 ... | Result(s) : 324165 |
