CVE-2023-38950 n/a n/a HIGH 7.5 Date de parution : 2023-08-03T23:15:11.117 Date de modification : 2025-05-20T01:00:02.310 Disponibilité Integrité Confidentialité NONE NONE HIGH Editeur : n/a Produit : n/a Version : n/a Probleme : n/a Description : A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. ExploitabilityScore : 3.9 impactScore : 3.6 attackVector : NETWORK attackComplexity : LOW privilegesRequired : NONE userInteraction : NONE scope : UNCHANGED references : http://zkteco.com https://claroty.com/team82/disclosure-dashboard/cve-2023-38950 http://zkteco.com https://claroty.com/team82/disclosure-dashboard/cve-2023-38950 https://sploitus.com/exploit?id=PACKETSTORM:177859 https://www.fortinet.com/content/dam/fortinet/assets/reports/report-incident-response-middle-east.pdf En savoir plus
CVE-2024-27443 n/a n/a MEDIUM 6.1 Date de parution : 2024-08-12T15:15:20.283 Date de modification : 2025-05-20T01:00:02.310 Disponibilité Integrité Confidentialité NONE LOW LOW Editeur : n/a Produit : n/a Version : n/a Probleme : n/a Description : An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. An attacker can exploit this via an email message containing a crafted calendar header with an embedded XSS payload. When a victim views this message in the Zimbra webmail classic interface, the payload is executed in the context of the victim's session, potentially leading to execution of arbitrary JavaScript code. ExploitabilityScore : 2.8 impactScore : 2.7 attackVector : NETWORK attackComplexity : LOW privilegesRequired : NONE userInteraction : REQUIRED scope : CHANGED references : https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.7#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P39#Security_Fixes https://www.welivesecurity.com/en/eset-research/operation-roundpress/ En savoir plus
CVE-2024-11182 MDaemon Email Server MEDIUM 6.1 Date de parution : 2024-11-15T11:15:10.410 Date de modification : 2025-05-20T01:00:02.310 Disponibilité Integrité Confidentialité NONE LOW LOW Editeur : MDaemon Produit : Email Server Version : 0 Probleme : CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') Description : An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window. ExploitabilityScore : 2.8 impactScore : 2.7 attackVector : NETWORK attackComplexity : LOW privilegesRequired : NONE userInteraction : REQUIRED scope : CHANGED references : https://files.mdaemon.com/mdaemon/beta/RelNotes_en.html En savoir plus
CVE-2025-27920 Srimax Output Messenger HIGH 7.2 Date de parution : 2025-05-05T16:15:50.857 Date de modification : 2025-05-20T01:00:02.310 Disponibilité Integrité Confidentialité NONE LOW LOW Editeur : Srimax Produit : Output Messenger Version : 0 Probleme : CWE-24 Path Traversal: '../filedir' Description : Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access. ExploitabilityScore : 3.9 impactScore : 2.7 attackVector : NETWORK attackComplexity : LOW privilegesRequired : NONE userInteraction : NONE scope : CHANGED references : https://www.outputmessenger.com/cve-2025-27920/ https://www.srimax.com/products-2/output-messenger/ https://www.microsoft.com/en-us/security/blog/2025/05/12/marbled-dust-leverages-zero-day-in-output-messenger-for-regional-espionage/ En savoir plus
CVE-2025-4427 Ivanti Endpoint Manager Mobile MEDIUM 5.3 Date de parution : 2025-05-13T16:15:32.330 Date de modification : 2025-05-20T01:00:02.310 Disponibilité Integrité Confidentialité NONE NONE LOW Editeur : Ivanti Produit : Endpoint Manager Mobile Version : 12.5.0.1 Probleme : CWE-288: Authentication Bypass Using an Alternate Path or Channel Description : An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API. ExploitabilityScore : 3.9 impactScore : 1.4 attackVector : NETWORK attackComplexity : LOW privilegesRequired : NONE userInteraction : NONE scope : UNCHANGED references : https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM En savoir plus
CVE-2025-4428 Ivanti Endpoint Manager Mobile HIGH 7.2 Date de parution : 2025-05-13T16:15:32.463 Date de modification : 2025-05-20T01:00:02.310 Disponibilité Integrité Confidentialité HIGH HIGH HIGH Editeur : Ivanti Produit : Endpoint Manager Mobile Version : 12.5.0.1 Probleme : CWE-94: Improper Control of Generation of Code ('Code Injection') Description : Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests. ExploitabilityScore : 1.2 impactScore : 5.9 attackVector : NETWORK attackComplexity : LOW privilegesRequired : HIGH userInteraction : NONE scope : UNCHANGED references : https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM En savoir plus
CVE-2025-3078 Canon Inc. imageRUNNER ADVANCE Series HIGH 8.7 Date de parution : 2025-05-20T00:15:24.520 Date de modification : 2025-05-20T00:15:24.520 Disponibilité Integrité Confidentialité NONE HIGH HIGH Editeur : Canon Inc. Produit : imageRUNNER ADVANCE Series Version : all version Probleme : CWE-522: Insufficiently Protected Credentials Description : A passback vulnerability which relates to production printers and office multifunction printers. ExploitabilityScore : 2.3 impactScore : 5.8 attackVector : NETWORK attackComplexity : LOW privilegesRequired : HIGH userInteraction : NONE scope : CHANGED references : https://canon.jp/support/support-info/250519vulnerability-response https://corporate.jp.canon/caution/160106 https://psirt.canon/advisory-information/cp2025-004/ https://psirt.canon/hardening/ https://www.canon-europe.com/support/product-security https://www.usa.canon.com/about-us/to-our-customers/cp2025-004-vulnerability-mitigation-remediation-for-production-printers-office-small-office-multifunction-printers-laser-printers En savoir plus
CVE-2025-3079 Canon Inc. imageRUNNER Series HIGH 8.7 Date de parution : 2025-05-20T00:15:25.120 Date de modification : 2025-05-20T00:15:25.120 Disponibilité Integrité Confidentialité NONE HIGH HIGH Editeur : Canon Inc. Produit : imageRUNNER Series Version : all version Probleme : CWE-522: Insufficiently Protected Credentials Description : A passback vulnerability which relates to office/small office multifunction printers and laser printers. ExploitabilityScore : 2.3 impactScore : 5.8 attackVector : NETWORK attackComplexity : LOW privilegesRequired : HIGH userInteraction : NONE scope : CHANGED references : https://canon.jp/support/support-info/250519vulnerability-response https://corporate.jp.canon/caution/160106 https://psirt.canon/advisory-information/cp2025-004/ https://psirt.canon/hardening/ https://www.canon-europe.com/support/product-security/ https://www.usa.canon.com/about-us/to-our-customers/cp2025-004-vulnerability-mitigation-remediation-for-production-printers-office-small-office-multifunction-printers-laser-printers En savoir plus
CVE-2025-4971 Broadcom Automic Automation Date de parution : 2025-05-20T00:15:25.253 Date de modification : 2025-05-20T00:15:25.253 Disponibilité Integrité Confidentialité Editeur : Broadcom Produit : Automic Automation Version : < 24.3.0 HF4, and < 21.0.13 HF1 Probleme : CWE-426 Untrusted Search Path Description : Broadcom Automic Automation Agent Unix versions < 24.3.0 HF4 and < 21.0.13 HF1 allow low privileged users who have execution rights on the agent executable to escalate their privileges. ExploitabilityScore : impactScore : attackVector : attackComplexity : privilegesRequired : userInteraction : scope : references : https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25732 https://www.secuvera.de/advisories/secuvera-SA-2025-01.txt En savoir plus