A potential vulnerability was reported in some Lenovo Tablets that could allow a local authenticated user or application to gain access to sensitive device specific information.

CVE Database V5

Detailed information about CVE-2025-11193: CWE-256: Plaintext Storage of a Password in Lenovo Tab M11 TB330FU TB330XU affecting Lenovo Tab M11 TB330FU TB330XU. 

CVE-2025-11193: CWE-256: Plaintext Storage of a Password in Lenovo Tab M11 TB330FU TB330XU - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-11193: CWE-256: Plaintext Storage of a Password in Lenovo Tab M11 TB330FU TB330XU

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.

Detailed information about CVE-2024-49761: CWE-1333: Inefficient Regular Expression Complexity in ruby rexml affecting ruby rexml. Get real-time updates, techni

CVE-2024-49761: CWE-1333: Inefficient Regular Expression Complexity in ruby rexml - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2024-49761: CWE-1333: Inefficient Regular Expression Complexity in ruby rexml

CVE-2024-48910 is a critical prototype pollution vulnerability in DOMPurify versions prior to 2. 4. 2. DOMPurify is a widely used client-side library designed to sanitize HTML, MathML, and SVG content to prevent XSS attacks. The vulnerability allows an attacker to improperly modify the prototype of JavaScript objects, potentially leading to arbitrary code execution or bypassing security controls. This flaw requires no authentication or user interaction and can be exploited remotely over the network. The CVSS score of 9. 1 reflects its high impact on confidentiality and integrity without affecting availability. European organizations using vulnerable versions of DOMPurify in web applications or services are at risk, especially those in sectors relying heavily on web security such as finance, government, and critical infrastructure. Mitigation involves immediate upgrading to DOMPurify version 2.

DOMPurify is a popular client-side sanitization library used to cleanse HTML, MathML, and SVG inputs to prevent cross-site scripting (XSS) attacks by removing or neutralizing malicious code. CVE-2024-48910 identifies a prototype pollution vulnerability classified under CWE-1321, which occurs when an attacker can manipulate the prototype of a base object in JavaScript. This manipulation can lead to unexpected behavior in the application, including the possibility of executing arbitrary code or bypassing security mechanisms that rely on object properties. The vulnerability affects all DOMPurify versions prior to 2.4.2 and does not require any privileges or user interaction, making it remotely exploitable over the network. The CVSS 3.1 score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) indicates that the attack vector is network-based, with low attack complexity, no privileges or user interaction required, and results in high confidentiality and integrity impacts without affecting availability. Although no public exploits have been reported yet, the critical nature of the flaw and DOMPurify’s widespread use in web applications make it a significant threat. The vulnerability was publicly disclosed on October 31, 2024, and fixed in version 2.4.2 of DOMPurify. Organizations using vulnerable versions should prioritize patching and review their usage of DOMPurify to ensure no unsafe patterns remain.

Detailed information about CVE-2024-48910: CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in cure53 DOMPuri

CVE-2024-48910: CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in cure53 DOMPurify - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2024-48910: CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in cure53 DOMPurify

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.

Detailed information about CVE-2024-45802: CWE-20: Improper Input Validation in squid-cache squid affecting squid-cache squid. Get real-time updates, technical 

CVE-2024-45802: CWE-20: Improper Input Validation in squid-cache squid - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2024-45802: CWE-20: Improper Input Validation in squid-cache squid

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a null eContent field. Fort dereferences the pointer without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.

Detailed information about CVE-2024-45239: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2024-45239: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2024-45239: n/a

dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.

Detailed information about CVE-2024-34509: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2024-34509: n/a

CVE-2024-34509: n/a

Description

Technical Details

Community Reviews

Related Threats

CVE-2025-11193: CWE-256: Plaintext Storage of a Password in Lenovo Tab M11 TB330FU TB330XU

CVE-2024-49761: CWE-1333: Inefficient Regular Expression Complexity in ruby rexml

CVE-2024-48910: CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in cure53 DOMPurify

CVE-2024-45802: CWE-20: Improper Input Validation in squid-cache squid

CVE-2024-45239: n/a

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility