ReportizFlow
Filtered by vendor
Subscriptions
Total
12362 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-5680 | 2025-06-05 | 6.3 Medium | ||
| A vulnerability classified as critical was found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0. Affected by this vulnerability is the function executeScript of the file /src/main/java/com/dstz/sys/rest/controller/SysScriptController.java of the component Groovy Script Handler. The manipulation of the argument script leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5679 | 2025-06-05 | 6.3 Medium | ||
| A vulnerability classified as critical has been found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0. Affected is the function parseStrByFreeMarker of the file /src/main/java/com/dstz/sys/rest/controller/SysToolsController.java. The manipulation of the argument str leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-22027 | 1 Ays-pro | 1 Quiz Maker | 2025-06-05 | 6.5 Medium |
| Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a remote authenticated attacker to perform a Denial of Service (DoS) attack against external services. | ||||
| CVE-2022-20392 | 1 Google | 1 Android | 2025-06-05 | 7.8 High |
| In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. This could lead to local escalation of privilege during app installation or upgrade with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-213323615 | ||||
| CVE-2023-35136 | 1 Zyxel | 20 Atp100, Atp100w, Atp200 and 17 more | 2025-06-05 | 5.5 Medium |
| An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to access configuration files on an affected device. | ||||
| CVE-2024-30087 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-06-05 | 7.8 High |
| Win32k Elevation of Privilege Vulnerability | ||||
| CVE-2024-30078 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-06-05 | 8.8 High |
| Windows Wi-Fi Driver Remote Code Execution Vulnerability | ||||
| CVE-2020-16237 | 1 Philips | 2 Suresigns Vs4, Suresigns Vs4 Firmware | 2025-06-05 | 2.1 Low |
| Philips SureSigns VS4, A.07.107 and prior receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly. | ||||
| CVE-2025-30391 | 1 Microsoft | 1 Dynamics 365 Customer Service | 2025-06-04 | 8.1 High |
| Improper input validation in Microsoft Dynamics allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-24062 | 2025-06-04 | 7.8 High | ||
| Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-24060 | 2025-06-04 | 7.8 High | ||
| Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-29811 | 2025-06-04 | 7.8 High | ||
| Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-27737 | 2025-06-04 | 8.6 High | ||
| Improper input validation in Windows Security Zone Mapping allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2025-27731 | 2025-06-04 | 7.8 High | ||
| Improper input validation in OpenSSH for Windows allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-27489 | 2025-06-04 | 7.8 High | ||
| Improper input validation in Azure Local allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-26647 | 2025-06-04 | 8.8 High | ||
| Improper input validation in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-24058 | 2025-06-04 | 7.8 High | ||
| Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-24073 | 2025-06-04 | 7.8 High | ||
| Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-24074 | 2025-06-04 | 7.8 High | ||
| Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-29821 | 2025-06-04 | 5.5 Medium | ||
| Improper input validation in Dynamics Business Central allows an authorized attacker to disclose information locally. | ||||