Monthly
HCL Aftermarket DPC version 1.0.0 contains outdated or vulnerable dependencies (CWE-1104) that expose the application to known public exploits, enabling authenticated attackers with low privileges to obtain limited information disclosure. The vulnerability requires user interaction and carries a low CVSS score of 2.6, but represents a supply chain risk where publicly available exploits targeting the embedded libraries could be weaponized against deployments. No public exploit code has been independently confirmed, and CISA has not flagged this for active exploitation.
Use of unmaintained third party components for some Intel(R) Processor Identification Utility before version 8.0.43 within Ring 3: User Applications may allow an escalation of privilege. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.
A security vulnerability in HCL MyXalytics (CVSS 3.5). Remediation should follow standard vulnerability management procedures.
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.893 and Application versions prior to 20.0.2140 (macOS/Linux client deployments) are built against OpenSSL. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Use of Unmaintained Third Party Components (CWE-1104) in the NuGet dependency components in AxxonSoft Axxon One VMS 2.0.0 through 2.0.4 on Windows allows a remote attacker to execute arbitrary code. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A security vulnerability in Linux distribution underlying the Radiflow (CVSS 8.7). High severity vulnerability requiring prompt remediation.
HCL Aftermarket DPC version 1.0.0 contains outdated or vulnerable dependencies (CWE-1104) that expose the application to known public exploits, enabling authenticated attackers with low privileges to obtain limited information disclosure. The vulnerability requires user interaction and carries a low CVSS score of 2.6, but represents a supply chain risk where publicly available exploits targeting the embedded libraries could be weaponized against deployments. No public exploit code has been independently confirmed, and CISA has not flagged this for active exploitation.
Use of unmaintained third party components for some Intel(R) Processor Identification Utility before version 8.0.43 within Ring 3: User Applications may allow an escalation of privilege. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.
A security vulnerability in HCL MyXalytics (CVSS 3.5). Remediation should follow standard vulnerability management procedures.
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.893 and Application versions prior to 20.0.2140 (macOS/Linux client deployments) are built against OpenSSL. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Use of Unmaintained Third Party Components (CWE-1104) in the NuGet dependency components in AxxonSoft Axxon One VMS 2.0.0 through 2.0.4 on Windows allows a remote attacker to execute arbitrary code. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A security vulnerability in Linux distribution underlying the Radiflow (CVSS 8.7). High severity vulnerability requiring prompt remediation.