ReportizFlow
Filtered by vendor
Subscriptions
Total
307654 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-48963 | 1 Acronis | 1 Cyber Protect Cloud Agent | 2025-09-01 | N/A |
| Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40296. | ||||
| CVE-2025-58062 | 1 Lstm-kirigaya | 1 Openmcp-client | 2025-09-01 | N/A |
| LSTM-Kirigaya's openmcp-client is a vscode plugin for mcp developer. Prior to version 0.1.12, when users on a Windows platform connect to an attacker controlled MCP server, attackers could provision a malicious authorization server endpoint to silently achieve an OS command injection attack in the open() invocation, leading to client system compromise. This issue has been patched in version 0.1.12. | ||||
| CVE-2025-57819 | 1 Freepbx | 1 Freepbx | 2025-09-01 | N/A |
| FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3. | ||||
| CVE-2024-46916 | 1 Dieboldnixdorf | 1 Vynamic Security Suite | 2025-09-01 | 8.1 High |
| Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains functionality that allows the removal of critical system files before the filesystem is properly mounted (e.g., leveraging a delete call in /etc/rc.d/init.d/mountfs to remove the /etc/fstab file). This can allow code execution and, in some versions, enable recovery of TPM Disk Encryption keys and decryption of the Windows system partition. | ||||
| CVE-2024-46917 | 1 Dieboldnixdorf | 1 Vynamic Security Suite | 2025-09-01 | 8.1 High |
| Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or the contents of /root during integrity validation. This allows code execution, recovery of TPM Disk Encryption keys, decryption of the Windows system partition, and full control of the Windows OS, e.g., through ~/.profile changes. | ||||
| CVE-2025-9677 | 1 Modo | 1 Legend Of The Phoenix | 2025-09-01 | 5.3 Medium |
| A security flaw has been discovered in Modo Legend of the Phoenix up to 1.0.5. The affected element is an unknown function of the file AndroidManifest.xml of the component com.duige.hzw.multilingual. The manipulation results in improper export of android application components. The attack needs to be approached locally. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-31100 | 2 Mojoomla, Wordpress | 2 School Management, Wordpress | 2025-09-01 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Mojoomla School Management allows Upload a Web Shell to a Web Server.This issue affects School Management: from n/a through 1.93.1 (02-07-2025). | ||||
| CVE-2025-47696 | 2 Solwin, Wordpress | 2 Blog Designer Pro, Wordpress | 2025-09-01 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Solwin Blog Designer PRO.This issue affects Blog Designer PRO: from n/a through 3.4.7. | ||||
| CVE-2025-57219 | 1 Tenda | 1 Ac10 | 2025-09-01 | 5.3 Medium |
| Incorrect access control in the endpoint /goform/ate of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 allows attackers to escalate privileges or access sensitive components via a crafted request. | ||||
| CVE-2025-57218 | 1 Tenda | 1 Ac10 | 2025-09-01 | 5.3 Medium |
| Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the security_5g parameter in the function sub_46284C. | ||||
| CVE-2025-57220 | 1 Tenda | 1 Ac10 | 2025-09-01 | 5.3 Medium |
| An input validation flaw in the 'ate' service of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 to escalate privileges to root via a crafted UDP packet. | ||||
| CVE-2025-57217 | 1 Tenda | 1 Ac10 | 2025-09-01 | 5.3 Medium |
| Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the Password parameter in the function R7WebsSecurityHandler. | ||||
| CVE-2025-57215 | 1 Tenda | 1 Ac10 | 2025-09-01 | 7.5 High |
| Tenda AC10 v4.0 firmware v16.03.10.20 was discovered to contain a stack overflow via the function get_parentControl_list_Info. | ||||
| CVE-2025-43284 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2025-09-01 | 5.5 Medium |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.7, macOS Ventura 13.7.7, macOS Sequoia 15.6. An app may be able to cause unexpected system termination. | ||||
| CVE-2024-54554 | 1 Apple | 2 Macos, Macos Sequoia | 2025-09-01 | 5.5 Medium |
| This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.1. An app may be able to access sensitive user data. | ||||
| CVE-2025-58323 | 1 Naver | 1 Mybox Explorer | 2025-09-01 | 7.7 High |
| NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by executing arbitrary files due to improper privilege checks. | ||||
| CVE-2025-43187 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2025-09-01 | 7.8 High |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.7.7, macOS Ventura 13.7.7, macOS Sequoia 15.6. Running an hdiutil command may unexpectedly execute arbitrary code. | ||||
| CVE-2024-44271 | 1 Apple | 2 Macos, Macos Sequoia | 2025-09-01 | 3.3 Low |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2. An app may be able to record the screen without an indicator. | ||||
| CVE-2025-8290 | 2 Weblineindia, Wordpress | 2 List Subpages, Wordpress | 2025-09-01 | 6.4 Medium |
| The List Subpages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-9374 | 2 Briancolinger, Wordpress | 2 Ultimate Tag Warrior Importer, Wordpress | 2025-09-01 | 4.3 Medium |
| The Ultimate Tag Warrior Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to import tags granted they can trick a site administrator into performing an action such as clicking on a link. | ||||