| cve | titre | vendor | product | version | lessThanOrEqual | problem | description | published | lastModified | exploitabnilityScore | impactScore | attackVector | attackComplexity | privilegesRequired | userInteraction | scope | confidentialityImpact | integrityImpact | availabilityImpact | baseScore | baseSeverity | criteria | references |
|---|
| CVE-2023-38950 | | n/a | n/a | n/a | | n/a | A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. | 2023-08-03T23:15:11.117 | 2025-05-20T01:00:02.310 | 3.9 | 3.6 | NETWORK | LOW | NONE | NONE | UNCHANGED | HIGH | NONE | NONE | 7.5 | HIGH | | http://zkteco.com__https://claroty.com/team82/disclosure-dashboard/cve-2023-38950__http://zkteco.com__https://claroty.com/team82/disclosure-dashboard/cve-2023-38950__https://sploitus.com/exploit?id=PACKETSTORM:177859__https://www.fortinet.com/content/dam/fortinet/assets/reports/report-incident-response-middle-east.pdf__ |
| CVE-2024-27443 | | n/a | n/a | n/a | | n/a | An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. An attacker can exploit this via an email message containing a crafted calendar header with an embedded XSS payload. When a victim views this message in the Zimbra webmail classic interface, the payload is executed in the context of the victim's session, potentially leading to execution of arbitrary JavaScript code. | 2024-08-12T15:15:20.283 | 2025-05-20T01:00:02.310 | 2.8 | 2.7 | NETWORK | LOW | NONE | REQUIRED | CHANGED | LOW | LOW | NONE | 6.1 | MEDIUM | | https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.7#Security_Fixes__https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P39#Security_Fixes__https://www.welivesecurity.com/en/eset-research/operation-roundpress/__ |
| CVE-2024-11182 | Stored XSS vulnerability in MDaemon Email Server | MDaemon | Email Server | 0 | 24.5.0 | CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') | An XSS issue was discovered in
MDaemon Email Server before versionĀ 24.5.1c. An attacker can send an HTML e-mail message
with
JavaScript in an img tag. This could
allow a remote attacker
to load arbitrary JavaScript code in the context of a webmail user's browser window. | 2024-11-15T11:15:10.410 | 2025-05-20T01:00:02.310 | 2.8 | 2.7 | NETWORK | LOW | NONE | REQUIRED | CHANGED | LOW | LOW | NONE | 6.1 | MEDIUM | | https://files.mdaemon.com/mdaemon/beta/RelNotes_en.html__ |
| CVE-2025-27920 | | Srimax | Output Messenger | 0 | | CWE-24 Path Traversal: '../filedir' | Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access. | 2025-05-05T16:15:50.857 | 2025-05-20T01:00:02.310 | 3.9 | 2.7 | NETWORK | LOW | NONE | NONE | CHANGED | LOW | LOW | NONE | 7.2 | HIGH | | https://www.outputmessenger.com/cve-2025-27920/__https://www.srimax.com/products-2/output-messenger/__https://www.microsoft.com/en-us/security/blog/2025/05/12/marbled-dust-leverages-zero-day-in-output-messenger-for-regional-espionage/__ |
| CVE-2025-4427 | Authentication Bypass | Ivanti | Endpoint Manager Mobile | 12.5.0.1 | | CWE-288: Authentication Bypass Using an Alternate Path or Channel | An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API. | 2025-05-13T16:15:32.330 | 2025-05-20T01:00:02.310 | 3.9 | 1.4 | NETWORK | LOW | NONE | NONE | UNCHANGED | LOW | NONE | NONE | 5.3 | MEDIUM | | https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM__ |
| CVE-2025-4428 | Remote Code Execution | Ivanti | Endpoint Manager Mobile | 12.5.0.1 | | CWE-94: Improper Control of Generation of Code ('Code Injection') | Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests. | 2025-05-13T16:15:32.463 | 2025-05-20T01:00:02.310 | 1.2 | 5.9 | NETWORK | LOW | HIGH | NONE | UNCHANGED | HIGH | HIGH | HIGH | 7.2 | HIGH | | https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM__ |
| CVE-2025-3078 | | Canon Inc. | imageRUNNER ADVANCE Series | all version | | CWE-522: Insufficiently Protected Credentials | A passback vulnerability which relates to production printers and office multifunction printers. | 2025-05-20T00:15:24.520 | 2025-05-20T00:15:24.520 | 2.3 | 5.8 | NETWORK | LOW | HIGH | NONE | CHANGED | HIGH | HIGH | NONE | 8.7 | HIGH | | https://canon.jp/support/support-info/250519vulnerability-response__https://corporate.jp.canon/caution/160106__https://psirt.canon/advisory-information/cp2025-004/__https://psirt.canon/hardening/__https://www.canon-europe.com/support/product-security__https://www.usa.canon.com/about-us/to-our-customers/cp2025-004-vulnerability-mitigation-remediation-for-production-printers-office-small-office-multifunction-printers-laser-printers__ |
| CVE-2025-3079 | | Canon Inc. | imageRUNNER Series | all version | | CWE-522: Insufficiently Protected Credentials | A passback vulnerability which relates to office/small office multifunction printers and laser printers. | 2025-05-20T00:15:25.120 | 2025-05-20T00:15:25.120 | 2.3 | 5.8 | NETWORK | LOW | HIGH | NONE | CHANGED | HIGH | HIGH | NONE | 8.7 | HIGH | | https://canon.jp/support/support-info/250519vulnerability-response__https://corporate.jp.canon/caution/160106__https://psirt.canon/advisory-information/cp2025-004/__https://psirt.canon/hardening/__https://www.canon-europe.com/support/product-security/__https://www.usa.canon.com/about-us/to-our-customers/cp2025-004-vulnerability-mitigation-remediation-for-production-printers-office-small-office-multifunction-printers-laser-printers__ |
| CVE-2025-4971 | Broadcom Automic Automation Agent Unix privilege escalation | Broadcom | Automic Automation | < 24.3.0 HF4, and < 21.0.13 HF1 | | CWE-426 Untrusted Search Path | Broadcom Automic
Automation Agent Unix versions <
24.3.0 HF4 and < 21.0.13 HF1 allow low privileged users who have execution
rights on the agent executable to escalate their privileges. | 2025-05-20T00:15:25.253 | 2025-05-20T00:15:25.253 | | | | | | | | | | | | | | https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25732__https://www.secuvera.de/advisories/secuvera-SA-2025-01.txt__ |