ReportizFlow
Filtered by vendor
Subscriptions
Total
896 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-29066 | 2 Bd, Hp | 3 Facschorus, Hp Z2 Tower G5, Hp Z2 Tower G9 | 2026-02-25 | 3.2 Low |
| The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders. | ||||
| CVE-2022-2637 | 1 Hitachi | 1 Storage Plug-in | 2026-02-25 | 5.4 Medium |
| Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.0. | ||||
| CVE-2025-11853 | 1 Sismics | 1 Teedy | 2026-02-24 | 6.3 Medium |
| A vulnerability was determined in Sismics Teedy up to 1.11. This affects an unknown function of the file /api/file of the component API Endpoint. Executing a manipulation can lead to improper access controls. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-11554 | 1 Portabilis | 1 I-educar | 2026-02-24 | 6.3 Medium |
| A security vulnerability has been detected in Portabilis i-Educar up to 2.9.10. Affected by this issue is some unknown functionality of the file app/Http/Controllers/AccessLevelController.php of the component User Type Handler. The manipulation leads to insecure inherited permissions. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-13806 | 1 Nutzam | 1 Nutzboot | 2026-02-24 | 7.3 High |
| A security vulnerability has been detected in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This impacts an unknown function of the file nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java of the component Transaction API. The manipulation of the argument from/to/wei leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-14889 | 1 Campcodes | 2 Advanced Online Voting System, Advanced Voting Management System | 2026-02-24 | 5.4 Medium |
| A security flaw has been discovered in Campcodes Advanced Voting Management System 1.0. The impacted element is an unknown function of the file /admin/voters_edit.php of the component Password Handler. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2024-39579 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | 6.7 Medium |
| Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access. | ||||
| CVE-2024-37134 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | 6.7 Medium |
| Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access. | ||||
| CVE-2024-37132 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | 6.7 Medium |
| Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an incorrect privilege assignment vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service and Elevation of privileges. | ||||
| CVE-2025-27021 | 1 Nokia | 2 G42, G42 Firmware | 2026-02-12 | 7 High |
| The misconfiguration in the sudoers configuration of the operating system in Infinera G42 version R6.1.3 allows low privileged OS users to read/write physical memory via devmem command line tool. This could allow sensitive information disclosure, denial of service, and privilege escalation by tampering with kernel memory. Details: The output of "sudo -l" reports the presence of "devmem" command executable as super user without using a password. This command allows to read and write an arbitrary memory area of the target device, specifying an absolute address. | ||||
| CVE-2025-3569 | 1 Jameszbl | 1 Db-hospital-drug | 2026-02-11 | 6.3 Medium |
| A vulnerability was found in JamesZBL/code-projects db-hospital-drug 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ShiroConfig.java. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-63384 | 1 Chipsalliance | 2 Rocket-chip, Rocketchip | 2026-02-05 | 6.5 Medium |
| A vulnerability was discovered in RISC-V Rocket-Chip v1.6 and before implementation where the SRET (Supervisor-mode Exception Return) instruction fails to correctly transition the processor's privilege level. Instead of downgrading from Machine-mode (M-mode) to Supervisor-mode (S-mode) as specified by the sstatus.SPP bit, the processor incorrectly remains in M-mode, leading to a critical privilege retention vulnerability. | ||||
| CVE-2026-22908 | 2 Sick, Sick Ag | 3 Tdc-x401gl, Tdc-x401gl Firmware, Tdc-x401gl | 2026-01-23 | 9.1 Critical |
| Uploading unvalidated container images may allow remote attackers to gain full access to the system, potentially compromising its integrity and confidentiality. | ||||
| CVE-2025-67279 | 1 Tim-solutions | 1 Tim Flow | 2026-01-23 | 5.3 Medium |
| An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via the application stores password hashes in MD5 format | ||||
| CVE-2025-67278 | 1 Tim-solutions | 1 Tim Flow | 2026-01-23 | 6.5 Medium |
| An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via a crafted HTTP request | ||||
| CVE-2024-31771 | 1 Totalav | 1 Totalav | 2026-01-22 | 7.8 High |
| Insecure Permission vulnerability in TotalAV v.6.0.740 allows a local attacker to escalate privileges via a crafted file | ||||
| CVE-2024-27460 | 1 Hp | 1 Poly Plantronics Hub | 2026-01-22 | 6.7 Medium |
| A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and below. | ||||
| CVE-2018-25148 | 1 Microhardcorp | 22 Bullet-3g, Bullet-3g Firmware, Bullet-lte and 19 more | 2026-01-21 | 8.8 High |
| Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges, including starting services, disabling firewalls, and writing files to the system. | ||||
| CVE-2025-10978 | 1 Jeecg | 2 Jeecg Boot, Jeecgboot | 2026-01-09 | 4.3 Medium |
| A security flaw has been discovered in JeecgBoot up to 3.8.2. The affected element is an unknown function of the file /sys/user/exportXls of the component Filter Handler. The manipulation results in improper authorization. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-10977 | 1 Jeecg | 2 Jeecg Boot, Jeecgboot | 2026-01-09 | 3.1 Low |
| A vulnerability was identified in JeecgBoot up to 3.8.2. Impacted is an unknown function of the file /sys/tenant/deleteBatch. The manipulation of the argument ids leads to improper authorization. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is considered difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||