|
401
|
6.3 |
MEDIUM
Local
|
-
|
-
|
A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hard…
New
|
CWE-1241
Use of Predictable Algorithm in Random Number Generator
|
CVE-2026-6420
|
2026-05-6 20:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
402
|
3.1 |
LOW
Network
|
-
|
-
|
HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the outdated X-XSS-Protection header, which could allow an attacker to exploit b…
New
|
CWE-80
Basic XSS
|
CVE-2025-59854
|
2026-05-6 20:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
403
|
3.1 |
LOW
Network
|
-
|
-
|
HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to gain insights into the appl…
New
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2025-59853
|
2026-05-6 20:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
404
|
3.7 |
LOW
Network
|
-
|
-
|
HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise t…
New
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2025-59852
|
2026-05-6 20:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
405
|
3.7 |
LOW
Network
|
-
|
-
|
HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and …
New
|
-
|
CVE-2025-59851
|
2026-05-6 20:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
406
|
5.3 |
MEDIUM
Network
|
-
|
-
|
HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could al…
New
|
CWE-358
Improperly Implemented Security Check for Standard
|
CVE-2025-31970
|
2026-05-6 20:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
407
|
5.2 |
MEDIUM
Local
|
-
|
-
|
There is a local privilege escalation vulnerability in the ZTE PROCESS Guard service of the cloud computer client, which may allow local arbitrary code execution, privilege escalation and path traver…
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-40001
|
2026-05-6 19:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
408
|
8.8 |
HIGH
Network
|
-
|
-
|
A remote code execution vulnerability
exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated
user with System Setting permissions can execute arbitrary commands on the
server b…
New
|
CWE-94
Code Injection
|
CVE-2026-7841
|
2026-05-6 17:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
409
|
- |
|
-
|
-
|
The Item history widget (in Zabbix 7.0+) or the Plain text widget (in Zabbix 6.0) can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized acti…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-23928
|
2026-05-6 17:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
410
|
- |
|
-
|
-
|
A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle datab…
New
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-23927
|
2026-05-6 17:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
