ReportizFlow
Filtered by vendor
Subscriptions
Total
2508 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2922 | 2026-04-15 | 2 Low | ||
| A vulnerability classified as problematic was found in Netis WF-2404 1.1.124EN. Affected by this vulnerability is an unknown functionality of the component BusyBox Shell. The manipulation leads to cleartext storage of sensitive information. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-7214 | 1 Fnkvision | 1 Fnk-gu2 | 2026-04-15 | 1.6 Low |
| A vulnerability classified as problematic was found in FNKvision FNK-GU2 up to 40.1.7. Affected by this vulnerability is an unknown functionality of the file /etc/shadow of the component MD5. The manipulation leads to risky cryptographic algorithm. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-1953 | 2026-04-15 | 2.6 Low | ||
| A vulnerability has been found in vLLM AIBrix 0.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file pkg/plugins/gateway/prefixcacheindexer/hash.go of the component Prefix Caching. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 0.3.0 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2025-9513 | 1 Editso | 1 Fuso | 2026-04-15 | 3.7 Low |
| A flaw has been found in editso fuso up to 1.0.4-beta.7. This affects the function PenetrateRsaAndAesHandshake of the file src/net/penetrate/handshake/mod.rs. This manipulation of the argument priv_key causes inadequate encryption strength. Remote exploitation of the attack is possible. A high degree of complexity is needed for the attack. The exploitability is reported as difficult. | ||||
| CVE-2025-8763 | 2 Ruijie, Strongswan | 3 Eg306mg, Rg-eg, Strongswan | 2026-04-15 | 3.7 Low |
| A vulnerability was found in Ruijie EG306MG 3.0(1)B11P309. It has been rated as problematic. This issue affects some unknown processing of the file /etc/strongswan.conf of the component strongSwan. The manipulation of the argument i_dont_care_about_security_and_use_aggressive_mode_psk leads to missing encryption of sensitive data. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2017-20200 | 2026-04-15 | 3.7 Low | ||
| A vulnerability has been found in Coinomi up to 1.7.6. This issue affects some unknown processing. Such manipulation leads to cleartext transmission of sensitive information. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit has been disclosed to the public and may be used. The vendor replied with: "(...) there isn't any security implication associated with your findings." | ||||
| CVE-2026-5682 | 1 Meesho | 1 Online Shopping App | 2026-04-07 | 3.7 Low |
| A vulnerability has been found in Meesho Online Shopping App up to 27.3 on Android. Affected is an unknown function of the file /api/endpoint of the component com.meesho.supply. Such manipulation leads to risky cryptographic algorithm. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2012-0059 | 1 Redhat | 4 Enterprise Linux, Network Proxy, Network Satellite and 1 more | 2026-04-03 | 4.9 Medium |
| A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC call fails, causing cleartext user passwords to be included in error messages. Remote administrators can exploit this by reading server logs and emails, leading to the unauthorized disclosure of user passwords. | ||||
| CVE-2025-21422 | 1 Qualcomm | 443 Aqt1000, Aqt1000 Firmware, Ar8035 and 440 more | 2026-02-26 | 7.1 High |
| Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses. | ||||
| CVE-2025-21482 | 1 Qualcomm | 575 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 572 more | 2026-02-26 | 7.1 High |
| Cryptographic issue while performing RSA PKCS padding decoding. | ||||
| CVE-2025-48823 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2026-02-13 | 5.9 Medium |
| Cryptographic issues in Windows Cryptographic Services allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2017-7526 | 3 Canonical, Debian, Gnupg | 3 Ubuntu Linux, Debian Linux, Libgcrypt | 2025-12-18 | N/A |
| libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used. | ||||
| CVE-2013-6673 | 5 Canonical, Fedoraproject, Mozilla and 2 more | 9 Ubuntu Linux, Fedora, Firefox and 6 more | 2025-11-25 | 5.9 Medium |
| Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user. | ||||
| CVE-2014-5419 | 1 Ge | 14 Multilink Ml1200, Multilink Ml1200 Firmware, Multilink Ml1600 and 11 more | 2025-11-05 | N/A |
| GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key across different customers' installations, which makes it easier for remote attackers to obtain the cleartext content of network traffic by reading this key from a firmware image and then sniffing the network. | ||||
| CVE-2014-5413 | 2 Aveva, Schneider-electric | 2 Clearscada, Scada Expert Clearscada | 2025-11-05 | N/A |
| Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm. | ||||
| CVE-2014-5403 | 1 Hospira | 1 Mednet | 2025-11-03 | N/A |
| Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion pumps, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2025-9239 | 2 Eladmin, Elunez | 2 Eladmin, Eladmin | 2025-10-31 | 3.7 Low |
| A vulnerability was identified in elunez eladmin up to 2.7. Affected by this vulnerability is the function EncryptUtils of the file eladmin-common/src/main/java/me/zhengjie/utils/EncryptUtils.java of the component DES Key Handler. The manipulation of the argument STR_PARAM with the input Passw0rd leads to inadequate encryption strength. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitation appears to be difficult. | ||||
| CVE-2025-11640 | 2 Furbo, Tomofun | 6 Furbo 360 Dog Camera, Furbo 360 Dog Camera Firmware, Furbo Mini and 3 more | 2025-10-29 | 3.1 Low |
| A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. This affects an unknown function of the component Bluetooth Low Energy. The manipulation results in cleartext transmission of sensitive information. Access to the local network is required for this attack. Attacks of this nature are highly complex. The exploitability is reported as difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2014-2379 | 1 Sensysnetworks | 4 Trafficdot, Vds, Vsn240-f and 1 more | 2025-10-14 | N/A |
| Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not use encryption, which allows remote attackers to interfere with traffic control by replaying transmissions on a wireless network. | ||||
| CVE-2014-0786 | 1 Ecava | 1 Integraxor | 2025-10-14 | N/A |
| Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role. | ||||