| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| NETGEAR RAX30 USB Share Link Following Information Disclosure Vulnerability. This vulnerability allows physically present attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of symbolic links on removable USB media. By creating a symbolic link, an attacker can abuse the router's web server to access arbitrary local files. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-19498. |
| Directus is a real-time API and App dashboard for managing SQL database content. When reaching the /files page, a JWT is passed via GET request. Inclusion of session tokens in URLs poses a security risk as URLs are often logged in various places (e.g., web server logs, browser history). Attackers gaining access to these logs may hijack active user sessions, leading to unauthorized access to sensitive information or actions on behalf of the user. This issue has been addressed in version 10.10.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
| An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists. |
| GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack. |
| Windows Desired State Configuration (DSC) Information Disclosure Vulnerability |
| Azure SDK for .NET Information Disclosure Vulnerability |
| In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission |
| Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Windows Print Spooler Elevation of Privilege Vulnerability |
| Windows Cleanup Manager Elevation of Privilege Vulnerability |
| Windows User Profile Service Elevation of Privilege Vulnerability |
| Windows Kernel Elevation of Privilege Vulnerability |
| Azure Connected Machine Agent Elevation of Privilege Vulnerability |
| Windows Telephony Server Elevation of Privilege Vulnerability |
| Local Security Authority Subsystem Service Elevation of Privilege Vulnerability |
| Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability |
| Windows System Assessment Tool Elevation of Privilege Vulnerability |
| Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability |
| Windows DNS Server Remote Code Execution Vulnerability |
| Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability |
