CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26513
https://notcve.org/view.php?id=CVE-2025-26513
07 Aug 2025 — The installer for SAN Host Utilities for Windows versions prior to 8.0 is susceptible to a vulnerability which when successfully exploited could allow a local user to escalate their privileges. El instalador de SAN Host Utilities para versiones de Windows anteriores a la 8.0 es susceptible a una vulnerabilidad que, si se explota con éxito, podría permitir a un usuario local aumentar sus privilegios. • https://security.netapp.com/advisory/NTAP-20250806-0001 • CWE-269: Improper Privilege Management •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26512 – CVE-2025-26512 Privilege Escalation Vulnerability in SnapCenter
https://notcve.org/view.php?id=CVE-2025-26512
24 Mar 2025 — SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed. • https://security.netapp.com/advisory/NTAP-20250324-0001 • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.1EPSS: 52%CPEs: 31EXPL: 2CVE-2025-26465 – Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled
https://notcve.org/view.php?id=CVE-2025-26465
18 Feb 2025 — A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high. ssh(1) contains a logic error that allows an on-path attacker ... • https://github.com/rxerium/CVE-2025-26465 • CWE-390: Detection of Error Condition Without Action •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2025-1215 – vim main.c memory corruption
https://notcve.org/view.php?id=CVE-2025-1215
12 Feb 2025 — A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the local host. Upgrading to version 9.1.1097 is able to address this issue. • https://github.com/vim/vim/commit/c5654b84480822817bb7b69ebc97c174c91185e9 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 27EXPL: 0CVE-2024-52533 – glib: buffer overflow in set_connect_msg()
https://notcve.org/view.php?id=CVE-2024-52533
11 Nov 2024 — gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character. A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior. This update for glib2 fixes the following issues. • https://gitlab.gnome.org/GNOME/glib/-/issues/3461 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-193: Off-by-one Error •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21994 – CVE-2024-21994 Denial of Service Vulnerability in StorageGRID (formerly StorageGRID Webscale)
https://notcve.org/view.php?id=CVE-2024-21994
08 Nov 2024 — StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9 are susceptible to a Denial of Service (DoS) vulnerability. Successful exploit by an authenticated attacker could lead to a service crash. • https://security.netapp.com/advisory/ntap-20241108-0001 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 1CVE-2024-8372 – AngularJS improper sanitization in 'srcset' attribute
https://notcve.org/view.php?id=CVE-2024-8372
09 Sep 2024 — Improper sanitization of the value of the '[srcset]' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects AngularJS versions 1.3.0-rc.4 and greater. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status . Improper sanitizat... • https://codepen.io/herodevs/full/xxoQRNL/0072e627abe03e9cda373bc75b4c1017 • CWE-1289: Improper Validation of Unsafe Equivalence in Input •
CVSS: 7.4EPSS: 0%CPEs: 7EXPL: 0CVE-2024-38808 – CVE-2024-38808: Spring Expression DoS Vulnerability
https://notcve.org/view.php?id=CVE-2024-38808
20 Aug 2024 — In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an application is vulnerable when the following is true: * The application evaluates user-supplied SpEL expressions. A flaw was found in the Spring framework package. A maliciously crafted Spring Expression Language (SePL) may trigger uncontrolled CPU usage, leading t... • https://spring.io/security/cve-2024-38808 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.4EPSS: 0%CPEs: 45EXPL: 0CVE-2024-21145 – OpenJDK: Out-of-bounds access in 2D image handling (8324559)
https://notcve.org/view.php?id=CVE-2024-21145
16 Jul 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for ... • https://security.netapp.com/advisory/ntap-20240719-0008 • CWE-284: Improper Access Control CWE-787: Out-of-bounds Write •
CVSS: 3.7EPSS: 0%CPEs: 38EXPL: 0CVE-2024-21144 – OpenJDK: Pack200 increase loading time due to improper header validation (8322106)
https://notcve.org/view.php?id=CVE-2024-21144
16 Jul 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized abili... • https://security.netapp.com/advisory/ntap-20240719-0007 • CWE-400: Uncontrolled Resource Consumption •