Medium
CVSS: 5.3
picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename…
Medium
CVSS: 6.1
Insufficient Verification of Data Authenticity vulnerability in GE Vernova UR IED family devices allows an authenticated user to install a modified firmware.
The firmware signature verification is enforced only on the client-side dedicated…
Critical
CVSS: 9.1
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.750 Application 20.0.1442 allows Insecure Firmware Image with Insufficient Verification of Data Authenticity V-2024-004.
High
CVSS: 8.5
libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, any contact may forge a sync…
High
CVSS: 7.3
Insufficient verification of data authenticity in some Intel(R) DSA software before version 23.4.39 may allow an authenticated user to potentially enable escalation of privilege via local access.
Medium
CVSS: 4.5
eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.6.10, 2.10.7, 2.14.5, 3.0.2, 3.1.2, and 3.2.0, per design, PermissionsCA is not full chain v…
Medium
CVSS: 5.7
Hickory DNS is a Rust based DNS client, server, and resolver. A vulnerability present starting in version 0.8.0 and prior to versions 0.24.3 and 0.25.0-alpha.5 impacts Hickory DNS users relying on DNSSEC verification in the client library,…
High
CVSS: 8.6
Insufficient data authenticity verification vulnerability in Janto, versions prior to r12. This allows an unauthenticated attacker to modify the content of emails sent to reset the password. To exploit the vulnerability, the attacker must c…
Low
CVSS: 2.3
An insufficient verification of data authenticity vulnerability exists in BIG-IP APM Access Policy endpoint inspection that may allow an attacker to bypass endpoint inspection checks for VPN connection initiated thru BIG-IP APM browser netw…
High
CVSS: 7.2
There is a vulnerability in the BMC firmware image authentication design
at Supermicro MBD-X12DPG-OA6
. An attacker can modify the firmware to bypass BMC inspection and bypass the signature verification process
Medium
CVSS: 5.3
A mail spoofing vulnerability in Xerox Workplace Suite allows attackers to forge email headers, making it appear as though messages are sent from trusted sources.
High
CVSS: 8.7
stats is a macOS system monitor in for the menu bar. The Stats application is vulnerable to a local privilege escalation due to the insecure implementation of its XPC service. The application registers a Mach service under the name `eu.exel…