Security Vulnerabilities
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvFirewall.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-10-24
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetRoute.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-10-24
Dell Storage Center - Dell Storage Manager, version(s) DSM 20.1.21, contain(s) a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
CVSS Score
8.6
EPSS Score
0.001
Published
2025-10-24
Dell Storage Center - Dell Storage Manager, version(s) 20.1.21, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Authentication Bypass in DSM Data Collector. An unauthenticated remote attacker can access APIs exposed by ApiProxy.war in DataCollectorEar.ear by using a special SessionKey and UserId. These userid are special users created in compellentservicesapi for special purposes.
CVSS Score
9.8
EPSS Score
0.004
Published
2025-10-24
Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-10-24
IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-10-24
Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
7.3
EPSS Score
0.001
Published
2025-10-23
An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact with the GXP Job Service may submit a crafted job request that grants read access to files on the filesystem with the permissions of the GXP Job Service process. The path to a file is not sanitized for directory traversal, potentially allowing an attacker to read sensitive files in some configurations.
CVSS Score
6.5
EPSS Score
0.002
Published
2025-10-23
An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact with the GXP Job Service may inject arbitrary executables. If the Job Service is configured for local-only access, this may allow for privilege escalation in certain situations. If the Job Service is network accessible, this may allow remote command execution.
CVSS Score
8.4
EPSS Score
0.001
Published
2025-10-23
An issue was discovered in BAE SOCET GXP before 4.6.0.2. Some endpoints on the SOCET GXP Job Status Service may return sensitive information in certain situations, including local file paths and SOCET GXP version information.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-10-23