Monthly
Apache OpenMeetings versions 3.10 through 8.x allow authenticated users to enumerate file and folder metadata across the system through improper access control in web service APIs, exposing file names, IDs, types, and other metadata fields without authorization to access those resources. This affects all Apache OpenMeetings installations from 3.10 before 9.0.0, where any registered user can query arbitrary folder IDs to retrieve metadata listings. The vulnerability requires valid user credentials (low-privilege authenticated access) and poses a moderate information disclosure risk with an EPSS exploitation probability of 0.01% (3rd percentile), indicating minimal real-world exploitation likelihood despite the low attack complexity.
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.
Apache OpenMeetings versions 3.10 through 8.x allow authenticated users to enumerate file and folder metadata across the system through improper access control in web service APIs, exposing file names, IDs, types, and other metadata fields without authorization to access those resources. This affects all Apache OpenMeetings installations from 3.10 before 9.0.0, where any registered user can query arbitrary folder IDs to retrieve metadata listings. The vulnerability requires valid user credentials (low-privilege authenticated access) and poses a moderate information disclosure risk with an EPSS exploitation probability of 0.01% (3rd percentile), indicating minimal real-world exploitation likelihood despite the low attack complexity.
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.