ReportizFlow
Filtered by vendor
Subscriptions
Total
313759 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-6369 | 1 Firebirdsql | 1 Firebird | 2025-10-10 | 8.8 High |
| Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so. | ||||
| CVE-2025-21063 | 2025-10-10 | 4.6 Medium | ||
| Improper access control in Samsung Voice Recorder prior to version 21.5.73.12 in Android 15 and 21.5.81.40 in Android 16 allows physical attackers to access recording files on the lock screen. | ||||
| CVE-2025-21065 | 2025-10-10 | 6.6 Medium | ||
| Improper input validation in Retail Mode prior to version 5.59.11 allows self attackers to execute privileged commands on their own devices. | ||||
| CVE-2025-21066 | 2025-10-10 | 4 Medium | ||
| Out-of-bounds read in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory. | ||||
| CVE-2025-21067 | 2025-10-10 | 4 Medium | ||
| Out-of-bounds read in the allocation of image buffer in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory. | ||||
| CVE-2025-21068 | 2025-10-10 | 4 Medium | ||
| Out-of-bounds read in the reading of image data in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory. | ||||
| CVE-2025-21069 | 2025-10-10 | 4 Medium | ||
| Out-of-bounds read in the parsing of image data in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory. | ||||
| CVE-2025-21070 | 2025-10-10 | 4 Medium | ||
| Out-of-bounds write in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to write out-of-bounds memory. | ||||
| CVE-2025-21050 | 2025-10-10 | 7.1 High | ||
| Improper input validiation in Contacts prior to SMR Oct-2025 Release 1 allows local attackers to access data across multiple user profiles. | ||||
| CVE-2025-52630 | 2025-10-10 | 3.7 Low | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue affects AION: 2.0. | ||||
| CVE-2025-40646 | 1 Viday | 1 Viday | 2025-10-10 | N/A |
| Stored Cross-Site Scripting (XSS) vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/create_job_submit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details. | ||||
| CVE-2025-3511 | 2025-10-10 | 7.5 High | ||
| Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O module, CC-Link IE TSN Analog-Digital Converter module, CC-Link IE TSN Digital-Analog Converter module, CC-Link IE TSN FPGA module, CC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY, MELSEC iQ-R Series CC-Link IE TSN Master/Local Module, MELSEC iQ-R Series Ethernet Interface Module, and CC-Link IE TSN Master/Local Station Communication LSI CP610 allows a remote unauthenticated attacker to cause a Denial of Service condition in the products by sending specially crafted UDP packets. A system reset of the product is required for recovery. | ||||
| CVE-2025-21055 | 2025-10-10 | 4.3 Medium | ||
| Out-of-bounds read and write in libimagecodec.quram.so prior to SMR Oct-2025 Release 1 allows remote attackers to access out-of-bounds memory. | ||||
| CVE-2025-11539 | 1 Grafana | 2 Grafana, Grafana-image-renderer | 2025-10-10 | 9.9 Critical |
| Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then loaded by the Chromium process. Instances are vulnerable if: 1. The default token ("authToken") is not changed, or is known to the attacker. 2. The attacker can reach the image renderer endpoint. This issue affects grafana-image-renderer: from 1.0.0 through 4.0.16. | ||||
| CVE-2025-11535 | 2 Microsoft, Mongodb | 3 Windows, Connector For Bi, Mongodb | 2025-10-10 | N/A |
| MongoDB Connector for BI installation via MSI on Windows leaves ACLs unset on custom install directories allows Privilege Escalation.This issue affects MongoDB Connector for BI: from 2.0.0 through 2.14.24. | ||||
| CVE-2025-47347 | 2 Qnx, Qualcomm | 2 Qnx, Snapdragon | 2025-10-10 | 7.8 High |
| Memory corruption while processing control commands in the virtual memory management interface. | ||||
| CVE-2025-37947 | 1 Linux | 1 Linux Kernel | 2025-10-10 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent out-of-bounds stream writes by validating *pos ksmbd_vfs_stream_write() did not validate whether the write offset (*pos) was within the bounds of the existing stream data length (v_len). If *pos was greater than or equal to v_len, this could lead to an out-of-bounds memory write. This patch adds a check to ensure *pos is less than v_len before proceeding. If the condition fails, -EINVAL is returned. | ||||
| CVE-2025-27039 | 1 Qualcomm | 1 Snapdragon | 2025-10-10 | 6.6 Medium |
| Memory corruption may occur while processing IOCTL call for DMM/WARPNCC CONFIG request. | ||||
| CVE-2025-27048 | 1 Qualcomm | 1 Snapdragon | 2025-10-10 | 7.8 High |
| Memory corruption while processing camera platform driver IOCTL calls. | ||||
| CVE-2025-27053 | 1 Qualcomm | 1 Snapdragon | 2025-10-10 | 7.8 High |
| Memory corruption during PlayReady APP usecase while processing TA commands. | ||||