ReportizFlow
Filtered by vendor
Subscriptions
Total
12258 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-5988 | 1 Rockwellautomation | 2 Thinmanager, Thinserver | 2025-05-01 | 9.8 Critical |
| Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™. | ||||
| CVE-2025-30391 | 2025-05-01 | 8.1 High | ||
| Improper input validation in Microsoft Dynamics allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2013-6282 | 1 Linux | 1 Linux Kernel | 2025-05-01 | 8.8 High |
| The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013. | ||||
| CVE-2021-22939 | 6 Debian, Netapp, Nodejs and 3 more | 11 Debian Linux, Nextgen Api, Node.js and 8 more | 2025-05-01 | 5.3 Medium |
| If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted. | ||||
| CVE-2021-22931 | 5 Netapp, Nodejs, Oracle and 2 more | 13 Active Iq Unified Manager, Nextgen Api, Oncommand Insight and 10 more | 2025-05-01 | 9.8 Critical |
| Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library. | ||||
| CVE-2021-22884 | 6 Fedoraproject, Netapp, Nodejs and 3 more | 16 Fedora, Active Iq Unified Manager, E-series Performance Analyzer and 13 more | 2025-05-01 | 7.5 High |
| Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160. | ||||
| CVE-2019-15606 | 5 Debian, Nodejs, Opensuse and 2 more | 9 Debian Linux, Node.js, Leap and 6 more | 2025-05-01 | 9.8 Critical |
| Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons | ||||
| CVE-2024-13943 | 2025-04-30 | N/A | ||
| Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Validation Sandbox Escape Vulnerability. This vulnerability allows local attackers to escape the sandbox on affected affected Tesla Model S vehicles. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the QCMAP_ConnectionManager component. An attacker can abuse the service to assign LAN addresses to the WWAN. An attacker can leverage this vulnerability to access network services that were only intended to be exposed to the internal LAN. Was ZDI-CAN-23199. | ||||
| CVE-2025-24062 | 2025-04-30 | 7.8 High | ||
| Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-24060 | 2025-04-30 | 7.8 High | ||
| Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-29811 | 2025-04-30 | 7.8 High | ||
| Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-27737 | 2025-04-30 | 8.6 High | ||
| Improper input validation in Windows Security Zone Mapping allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2025-27731 | 2025-04-30 | 7.8 High | ||
| Improper input validation in OpenSSH for Windows allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-27489 | 2025-04-30 | 7.8 High | ||
| Improper input validation in Azure Local allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-26647 | 2025-04-30 | 8.8 High | ||
| Improper input validation in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-24058 | 2025-04-30 | 7.8 High | ||
| Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-24073 | 2025-04-30 | 7.8 High | ||
| Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-24074 | 2025-04-30 | 7.8 High | ||
| Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-29821 | 2025-04-30 | 5.5 Medium | ||
| Improper input validation in Dynamics Business Central allows an authorized attacker to disclose information locally. | ||||
| CVE-2024-20056 | 4 Google, Mediatek, Openwrt and 1 more | 30 Android, Mt6739, Mt6761 and 27 more | 2025-04-30 | 6.7 Medium |
| In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528185; Issue ID: ALPS08528185. | ||||