ReportizFlow
Filtered by vendor
Subscriptions
Total
5462 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-2349 | 1 Emerson | 1 Deltav | 2025-10-03 | N/A |
| Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program. | ||||
| CVE-2014-2347 | 1 Amtelco | 1 Misecuremessages | 2025-10-03 | N/A |
| Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage sessions, which allows remote authenticated users to obtain sensitive information via a modified message request. | ||||
| CVE-2024-53137 | 1 Linux | 1 Linux Kernel | 2025-10-02 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: ARM: fix cacheflush with PAN It seems that the cacheflush syscall got broken when PAN for LPAE was implemented. User access was not enabled around the cache maintenance instructions, causing them to fault. | ||||
| CVE-2025-5321 | 2 Aimhubio, Aimstack | 2 Aim, Aim | 2025-09-19 | 6.3 Medium |
| A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedPythonQuery of the file /aim/storage/query.py of the component run_view Object Handler. The manipulation of the argument Abfrage leads to erweiterte Rechte. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-54103 | 1 Huawei | 1 Harmonyos | 2025-09-18 | 6.1 Medium |
| Vulnerability of improper access control in the album module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-58276 | 1 Huawei | 2 Emui, Harmonyos | 2025-09-11 | 6.8 Medium |
| Permission verification vulnerability in the home screen module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2009-3369 | 1 Backuppc | 1 Backuppc | 2025-09-08 | N/A |
| CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in use in a multi-user environment, does not restrict users from the ClientNameAlias function, which allows remote authenticated users to read and write sensitive files by modifying ClientNameAlias to match another system, then initiating a backup or restore. | ||||
| CVE-2015-3164 | 2 Opensuse, X.org | 3 Opensuse, X Server, Xorg-server | 2025-08-29 | N/A |
| The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket. | ||||
| CVE-2020-25720 | 1 Redhat | 3 Enterprise Linux, Openshift, Storage | 2025-08-29 | 7.5 High |
| A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation. This issue occurs because the administrator owns the object due to the lack of an Access Control List (ACL) at the time of creation and later being recognized as the 'creator owner.' The retained significant rights of the delegated administrator may not be well understood, potentially leading to unintended privilege escalation or security risks. | ||||
| CVE-2013-4230 | 2 Drupal, Monster Menus Project | 2 Drupal, Monster Menus | 2025-08-27 | N/A |
| The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission to delete arbitrary submissions via unspecified vectors. | ||||
| CVE-2013-4504 | 2 Drupal, Monster Menus Project | 2 Drupal, Monster Menus | 2025-08-27 | N/A |
| The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL. | ||||
| CVE-2014-0752 | 1 Ecava | 1 Integraxor | 2025-08-23 | N/A |
| The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL. | ||||
| CVE-2025-54608 | 1 Huawei | 1 Harmonyos | 2025-08-20 | 6.2 Medium |
| Vulnerability that allows setting screen rotation direction without permission verification in the screen management module. Impact: Successful exploitation of this vulnerability may cause device screen orientation to be arbitrarily set. | ||||
| CVE-2023-42005 | 1 Ibm | 3 Cloud Pak For Data, Db2, Db2 Warehouse | 2025-08-18 | 7.4 High |
| IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264. | ||||
| CVE-2025-53186 | 1 Huawei | 2 Emui, Harmonyos | 2025-08-12 | 5.9 Medium |
| Vulnerability that allows third-party call apps to send broadcasts without verification in the audio framework module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-53178 | 1 Huawei | 2 Emui, Harmonyos | 2025-08-12 | 4.8 Medium |
| Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of this vulnerability may affect the schedule reminder function of head units. | ||||
| CVE-2025-53177 | 1 Huawei | 2 Emui, Harmonyos | 2025-08-12 | 3.9 Low |
| Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of this vulnerability may affect the schedule syncing function of watches. | ||||
| CVE-2024-53011 | 1 Qualcomm | 166 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 163 more | 2025-08-11 | 7.9 High |
| Information disclosure may occur due to improper permission and access controls to Video Analytics engine. | ||||
| CVE-2024-20361 | 1 Cisco | 3 Firepower Management Center, Firepower Threat Defense Software, Secure Firewall Management Center | 2025-08-07 | 5.8 Medium |
| A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense (FTD) Software. This vulnerability is due to the incorrect deployment of the Object Groups for ACLs feature from Cisco FMC Software to managed FTD devices in high-availability setups. After an affected device is rebooted following Object Groups for ACLs deployment, an attacker can exploit this vulnerability by sending traffic through the affected device. A successful exploit could allow the attacker to bypass configured access controls and successfully send traffic to devices that are expected to be protected by the affected device. | ||||
| CVE-2025-20145 | 1 Cisco | 10 8608, 8804, 8808 and 7 more | 2025-08-04 | 5.8 Medium |
| A vulnerability in the access control list (ACL) processing in the egress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability exists because certain packets are handled incorrectly when they are received on an ingress interface on one line card and destined out of an egress interface on another line card where the egress ACL is configured. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an egress ACL on the affected device. For more information about this vulnerability, see the section of this advisory. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | ||||