ReportizFlow
Filtered by vendor
Subscriptions
Total
13273 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-65397 | 1 Blurams | 3 Dome Flare, Dome Flare Firmware, Flare Camera | 2026-02-03 | 6.8 Medium |
| An insecure authentication mechanism in the safe_exec.sh startup script of Blurams Flare Camera version 24.1114.151.929 and earlier allows an attacker with physical access to the device to execute arbitrary commands with root privileges, if file /opt/images/public_key.der is not present in the file system. The vulnerability can be triggered by providing a maliciously crafted auth.ini file on the device's SD card. | ||||
| CVE-2025-71003 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 7.5 High |
| An input validation vulnerability in the flow.arange() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-71007 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 7.5 High |
| An input validation vulnerability in the oneflow.index_add component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-71009 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 6.2 Medium |
| An input validation vulnerability in the flow.scatter/flow.scatter_add component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted indices. | ||||
| CVE-2025-71011 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 6.2 Medium |
| An input validation vulnerability in the flow.Tensor.new_empty/flow.Tensor.new_ones/flow.Tensor.new_zeros component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-66959 | 1 Ollama | 1 Ollama | 2026-02-02 | 7.5 High |
| An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder | ||||
| CVE-2025-66960 | 1 Ollama | 1 Ollama | 2026-02-02 | 7.5 High |
| An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata | ||||
| CVE-2025-12781 | 1 Python | 2 Cpython, Python | 2026-02-02 | 5.3 Medium |
| When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the "base64" module the characters "+/" will always be accepted, regardless of the value of "altchars" parameter, typically used to establish an "alternative base64 alphabet" such as the URL safe alphabet. This behavior matches what is recommended in earlier base64 RFCs, but newer RFCs now recommend either dropping characters outside the specified base64 alphabet or raising an error. The old behavior has the possibility of causing data integrity issues. This behavior can only be insecure if your application uses an alternate base64 alphabet (without "+/"). If your application does not use the "altchars" parameter or the urlsafe_b64decode() function, then your application does not use an alternative base64 alphabet. The attached patches DOES NOT make the base64-decode behavior raise an error, as this would be a change in behavior and break existing programs. Instead, the patch deprecates the behavior which will be replaced with the newly recommended behavior in a future version of Python. Users are recommended to mitigate by verifying user-controlled inputs match the base64 alphabet they are expecting or verify that their application would not be affected if the b64decode() functions accepted "+" or "/" outside of altchars. | ||||
| CVE-2024-42130 | 1 Linux | 1 Linux Kernel | 2026-01-31 | 5.6 Medium |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-9014 | 1 Tp-link | 3 Tl-wr841n, Tl-wr841n Firmware, Wr841n | 2026-01-30 | 7.5 High |
| A Null Pointer Dereference vulnerability exists in the referer header check of the web portal of TP-Link TL-WR841N v14, caused by improper input validation. A remote, unauthenticated attacker can exploit this flaw and cause Denial of Service on the web portal service.This issue affects TL-WR841N v14: before 250908. | ||||
| CVE-2025-66902 | 1 Pithikos | 2 Websocket-server, Websocket Server | 2026-01-30 | 7.5 High |
| An input validation issue in in Pithikos websocket-server v.0.6.4 allows a remote attacker to obtain sensitive information or cause unexpected server behavior via the websocket_server/websocket_server.py, WebSocketServer._message_received components. | ||||
| CVE-2025-67493 | 2 Homarr, Homarr-labs | 2 Homarr, Homarr | 2026-01-30 | 7.5 High |
| Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege escalation and getting access to groups of other users due to missing sanitization of inputs in ldap search query. The vulnerability could impact all instances using ldap authentication where a malicious actor had access to a user account. Version 1.45.3 has a patch for the issue. | ||||
| CVE-2025-52519 | 1 Samsung | 16 Exynos, Exynos 1330, Exynos 1330 Firmware and 13 more | 2026-01-30 | 7.1 High |
| An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, and 2500. Improper validation of user-space input in the issimian device driver leads to information disclosure and a denial of service. | ||||
| CVE-2025-66786 | 1 Openairinterface | 2 Cn5g Amf, Oai-cn5g-amf | 2026-01-29 | 7.5 High |
| OpenAirInterface CN5G AMF<=v2.0.1 There is a logical error when processing JSON format requests. Unauthorized remote attackers can send malicious JSON data to AMF's SBI interface to launch a denial-of-service attack. | ||||
| CVE-2022-39306 | 2 Grafana, Redhat | 3 Grafana, Ceph Storage, Enterprise Linux | 2026-01-28 | 6.4 Medium |
| Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5.15 on the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non existing users get an email invite, existing members are added directly to the organization. When an invite link is sent, it allows users to sign up with whatever username/email address the user chooses and become a member of the organization. This introduces a vulnerability which can be used with malicious intent. This issue is patched in version 9.2.4, and has been backported to 8.5.15. There are no known workarounds. | ||||
| CVE-2017-16539 | 1 Mobyproject | 1 Moby | 2026-01-28 | 5.9 Medium |
| The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a "scsi remove-single-device" line to /proc/scsi/scsi, aka SCSI MICDROP. | ||||
| CVE-2025-29847 | 1 Apache | 1 Linkis | 2026-01-28 | 7.5 High |
| A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigger a vulnerability that allows unauthorized access to system files via JDBC parameters. Scope of Impact This issue affects Apache Linkis: from 1.3.0 through 1.7.0. Severity level moderate Solution Continuously check if the connection information contains the "%" character; if it does, perform URL decoding. Users are recommended to upgrade to version 1.8.0, which fixes the issue. More questions about this vulnerability can be discussed here: https://lists.apache.org/[email protected]:2025-9:cve | ||||
| CVE-2025-30648 | 2 Juniper, Juniper Networks | 4 Junos, Junos Os Evolved, Junos Os and 1 more | 2026-01-26 | 7.4 High |
| An Improper Input Validation vulnerability in the Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause the jdhcpd process to crash resulting in a Denial of Service (DoS). When a specifically malformed DHCP packet is received from a DHCP client, the jdhcpd process crashes, which will lead to the unavailability of the DHCP service and thereby resulting in a sustained DoS. The DHCP process will restart automatically to recover the service. This issue will occur when dhcp-security is enabled. This issue affects Junos OS: * All versions before 21.2R3-S9, * from 21.4 before 21.4R3-S10, * from 22.2 before 22.2R3-S6, * from 22.4 before 22.4R3-S6, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R2; Junos OS Evolved: * from 22.4 before 22.4R3-S6-EVO, * from 23.2 before 23.2R2-S3-EVO, * from 23.4 before 23.4R2-S4-EVO, * from 24.2 before 24.2R2-EVO. . | ||||
| CVE-2025-30649 | 1 Juniper | 5 Junos, Mx-spc3, Mx240 and 2 more | 2026-01-26 | 7.5 High |
| An Improper Input Validation vulnerability in the syslog stream TCP transport of Juniper Networks Junos OS on MX240, MX480 and MX960 devices with MX-SPC3 Security Services Card allows an unauthenticated, network-based attacker, to send specific spoofed packets to cause a CPU Denial of Service (DoS) to the MX-SPC3 SPUs. Continued receipt and processing of these specific packets will sustain the DoS condition. This issue affects Junos OS: * All versions before 22.2R3-S6, * from 22.4 before 22.4R3-S4, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R1-S2, 24.2R2 An indicator of compromise will indicate the SPC3 SPUs utilization has spiked. For example: user@device> show services service-sets summary Service sets CPU Interface configured Bytes used Session bytes used Policy bytes used utilization "interface" 1 "bytes" (percent%) "sessions" ("percent"%) "bytes" ("percent"%) 99.97 % OVLD <<<<<< look for high CPU usage | ||||
| CVE-2025-47777 | 1 5ire | 1 5ire | 2026-01-23 | 9.7 Critical |
| 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Versions prior to 0.11.1 are vulnerable to stored cross-site scripting in chatbot responses due to insufficient sanitization. This, in turn, can lead to Remote Code Execution (RCE) via unsafe Electron protocol handling and exposed Electron APIs. All users of 5ire client versions prior to patched releases, particularly those interacting with untrusted chatbots or pasting external content, are affected. Version 0.11.1 contains a patch for the issue. | ||||