2025-08-14 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2024-26009 | Fortinet - FortiPAMFortinet - FortiSwitchManagerFortinet - FortiProxyFortinet - FortiOS | An authentication bypass using an alternate path or channel [CWE-288] vulnerability in Fortinet FortiOS version 6.4.0 through 6.4.15 and before 6.2.16, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8 and before 7.0.15 & FortiPAM before version 1.2.0 allows an unauthenticated attacker to seize control of a managed device via crafted FGFM requests, if the device is managed by a FortiManager, and if the attacker knows that FortiManager’s serial number. | CVSS3.1: 7.9 - HIGH | 0 | Exploitation: noneAutomatable: noTechnical Impact: total | undefined | github |
| CVE-2024-10219 | GitLab - GitLab | An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users to bypass access controls and download private artifacts by accessing specific API endpoints. | CVSS3.1: 6.5 - MEDIUM | 0 1 | Exploitation: noneAutomatable: noTechnical Impact: partial | Incorrect Authorization in GitLab | github |
| CVE-2025-23295 | NVIDIA - NVIDIA Apex | NVIDIA Apex for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | CVSS3.1: 7.8 - HIGH | 0 1 2 | Exploitation: noneAutomatable: noTechnical Impact: total | undefined | github |
| CVE-2025-23294 | NVIDIA - NVIDIA WebDataset | NVIDIA WebDataset for all platforms contains a vulnerability where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service. | CVSS3.1: 7.8 - HIGH | 0 1 2 | Exploitation: noneAutomatable: noTechnical Impact: total | undefined | github |
This post is licensed under CC BY 4.0 by the author.