ReportizFlow
Filtered by vendor
Subscriptions
Total
9745 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-50074 | 1 Oracle | 1 Financial Services Revenue Management And Billing | 2025-10-28 | 4.9 Medium |
| Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Security Management System). Supported versions that are affected are 2.9.0.0.0-7.2.0.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). | ||||
| CVE-2024-29059 | 1 Microsoft | 15 .net Framework, Windows 10 1507, Windows 10 1607 and 12 more | 2025-10-28 | 7.5 High |
| .NET Framework Information Disclosure Vulnerability | ||||
| CVE-2022-20821 | 1 Cisco | 28 8201, 8202, 8208 and 25 more | 2025-10-28 | 6.5 Medium |
| A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attacker could exploit this vulnerability by connecting to the Redis instance on the open port. A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database. Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco IOS XR Software host system. | ||||
| CVE-2020-3259 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2025-10-28 | 7.5 High |
| A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. An attacker could exploit this vulnerability by sending a crafted GET request to the web services interface. A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. | ||||
| CVE-2025-62524 | 1 Thm | 1 Pilos | 2025-10-28 | 5.3 Medium |
| PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This information disclosure vulnerability originates from PHP’s base image. Additionally, the PHP version can also be inferred through the PILOS version displayed in the footer and by examining the source code available on GitHub. This information disclosure vulnerability has been patched in PILOS in v4.8.0. | ||||
| CVE-2025-12363 | 1 Azure Access Technology | 2 Blu-ic2, Blu-ic4 | 2025-10-28 | N/A |
| Email Password Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | ||||
| CVE-2025-11647 | 2 Furbo, Tomofun | 6 Furbo 360 Dog Camera, Furbo 360 Dog Camera Firmware, Furbo Mini and 3 more | 2025-10-28 | 3.1 Low |
| A flaw has been found in Tomofun Furbo 360 and Furbo Mini. This issue affects some unknown processing of the component GATT Service. This manipulation of the argument DeviceToken causes information disclosure. The attack is only possible within the local network. A high degree of complexity is needed for the attack. The exploitability is assessed as difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-6861 | 1 Redhat | 4 Satellite, Satellite Capsule, Satellite Maintenance and 1 more | 2025-10-28 | 7.5 High |
| A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API. | ||||
| CVE-2024-1139 | 1 Redhat | 2 Acm, Openshift | 2025-10-28 | 7.7 High |
| A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret. | ||||
| CVE-2025-55679 | 1 Microsoft | 15 Windows, Windows 10, Windows 10 1809 and 12 more | 2025-10-28 | 5.1 Medium |
| Improper input validation in Windows Kernel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2025-59284 | 1 Microsoft | 8 Windows, Windows 11, Windows 11 22h2 and 5 more | 2025-10-28 | 3.3 Low |
| Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally. | ||||
| CVE-2025-11760 | 2 Wordpress, Wpcenter | 2 Wordpress, Eroom | 2025-10-28 | 5.3 Medium |
| The eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams plugin for WordPress is vulnerable to exposure of sensitive information in all versions up to, and including, 1.5.6. This is due to the plugin exposing Zoom SDK secret keys in client-side JavaScript within the meeting view template. This makes it possible for unauthenticated attackers to extract the sdk_secret value, which should remain server-side, compromising the security of the Zoom integration and allowing attackers to generate valid JWT signatures for unauthorized meeting access. | ||||
| CVE-2025-27225 | 1 Rocketsoftware | 1 Trufusion Enterprise | 2025-10-28 | 7.5 High |
| TRUfusion Enterprise through 7.10.4.0 exposes the /trufusionPortal/jsp/internal_admin_contact_login.jsp endpoint to unauthenticated users. This endpoint discloses sensitive internal information including PII to unauthenticated attackers. | ||||
| CVE-2025-52268 | 1 Starcharge | 1 Artemis | 2025-10-28 | 7.5 High |
| StarCharge Artemis AC Charger 7-22 kW v1.0.4 was discovered to contain a hardcoded AES key which allows attackers to forge or decrypt valid login tokens. | ||||
| CVE-2025-61482 | 2 Google, Privacyidea | 2 Android, Privacyidea | 2025-10-28 | 7.2 High |
| Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH privacyIDEA Authenticator v.4.3.0 on Android allows local attackers with root access to bypass two factor authentication. By hooking into app crypto routines and intercepting decryption paths, attacker can recover plaintext secrets, enabling generation of valid one-time passwords, and bypassing authentication for enrolled accounts. | ||||
| CVE-2025-61481 | 1 Mikrotik | 2 Routeros, Switchos | 2025-10-28 | 10 Critical |
| An issue in MikroTik RouterOS v.7.14.2 and SwitchOS v.2.18 allows a remote attacker to execute arbitrary code via the HTTP- only WebFig management component | ||||
| CVE-2025-12297 | 1 Atjiu | 1 Pybbs | 2025-10-28 | 4.3 Medium |
| A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used. | ||||
| CVE-2025-12276 | 1 Learnhouse | 1 Learnhouse | 2025-10-28 | 4.3 Medium |
| A vulnerability was detected in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation results in information disclosure. The attack can be executed remotely. The exploit is now public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-55683 | 1 Microsoft | 7 Windows, Windows Server, Windows Server 2016 and 4 more | 2025-10-27 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-62400 | 1 Moodle | 1 Moodle | 2025-10-27 | 4.3 Medium |
| Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information. | ||||