ReportizFlow
Filtered by vendor
Subscriptions
Total
5053 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-46539 | 1 Fire-boltt | 1 Artillery Smartwatch Firmware | 2026-04-15 | 8.2 High |
| Insecure permissions in the Bluetooth Low Energy (BLE) component of Fire-Boltt Artillery Smart Watch NJ-R6E-10.3 allow attackers to cause a Denial of Service (DoS). | ||||
| CVE-2024-46627 | 1 Becn | 1 Datagerry | 2026-04-15 | 9.1 Critical |
| Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests. | ||||
| CVE-2024-41806 | 1 Openedx | 1 Edx-platform | 2026-04-15 | 5.3 Medium |
| The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become publicly available when the uploader uses versions master, palm, olive, nutmeg, maple, lilac, koa, or juniper. The patch in commit cb729a3ced0404736dfa0ae768526c82b608657b ensures that cohorts data uploaded to AWS S3 buckets is written with a private ACL. Beyond patching, deployers should also ensure that existing cohorts uploads have a private ACL, or that other precautions are taken to avoid public access. | ||||
| CVE-2024-47976 | 1 Solidigm | 12 D5 P4320 Firmware, D5 P4326 Firmware, D5 P5316 Firmware and 9 more | 2026-04-15 | 6.7 Medium |
| Improper access removal handling in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access. | ||||
| CVE-2025-63423 | 1 Each Italy | 1 Wireless Mini Router | 2026-04-15 | 7.5 High |
| Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 was discovered to store the Administrator password. | ||||
| CVE-2025-44178 | 1 Dasan | 1 H660wm | 2026-04-15 | 6.5 Medium |
| DASAN GPON ONU H660WM H660WMR210825 is susceptible to improper access control under its default settings. Attackers can exploit this vulnerability to gain unauthorized access to sensitive information and modify its configuration via the UPnP protocol WAN sides without any authentication. | ||||
| CVE-2024-12306 | 1 Unifiedtransform | 1 Unifiedtransform | 2026-04-15 | 4.3 Medium |
| Multiple access control vulnerabilities in Unifiedtransform version 2.0 and potentially earlier versions allow unauthorized access to personal information of students and teachers. The vulnerabilities include both function-level access control issues in list viewing endpoints and object-level access control issues in profile viewing endpoints. A malicious student user can access personal information of other students and teachers through these vulnerabilities. At the time of publication of the CVE no patch is available. | ||||
| CVE-2025-49603 | 2026-04-15 | 9.1 Critical | ||
| Northern.tech Mender Server before 3.7.11 and 4.x before 4.0.1 has Incorrect Access Control. | ||||
| CVE-2025-8025 | 1 Dinosoft Business Solutions | 1 Dinosoft Erp | 2026-04-15 | 9.8 Critical |
| Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft Business Solutions Dinosoft ERP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dinosoft ERP: from < 3.0.1 through 11022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2019-20462 | 2026-04-15 | 5.3 Medium | ||
| An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device comes with a serial interface at the board level. By attaching to this serial interface and rebooting the device, a large amount of information is disclosed. This includes the view password and the password of the Wi-Fi access point that the device used. | ||||
| CVE-2025-11901 | 1 Asus | 13 B460, B560, B660 and 10 more | 2026-04-15 | N/A |
| An uncontrolled resource consumption vulnerability affects certain ASUS motherboards using Intel B460, B560, B660, B760, H410, H510, H610, H470, Z590, Z690, Z790, W480, W680 series chipsets. Exploitation requires physical access to internal expansion slots to install a specially crafted device and supporting software utility, and may lead to uncontrolled resource consumption that increases the risk of unauthorized direct memory access (DMA). Refer to the 'Security Update for UEFI firmware' section on the ASUS Security Advisory for more information. | ||||
| CVE-2024-12294 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the 'get_legacy_cookies' function. This makes it possible for unauthenticated attackers to extract sensitive data including titles and permalinks of private, password-protected, pending, and draft posts. | ||||
| CVE-2024-57378 | 2026-04-15 | 7.3 High | ||
| Wazuh SIEM version 4.8.2 is affected by a broken access control vulnerability. This issue allows the unauthorized creation of internal users without assigning any existing user role, potentially leading to privilege escalation or unauthorized access to sensitive resources. | ||||
| CVE-2025-7572 | 2026-04-15 | 5.3 Medium | ||
| A vulnerability classified as critical was found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. This vulnerability affects the function bs_GetHostInfo in the library libblinkapi.so of the file /cgi-bin/lighttpd.cgi. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-45208 | 1 Versa | 1 Director | 2026-04-15 | 9.8 Critical |
| The Versa Director SD-WAN orchestration platform which makes use of Cisco NCS application service. Active and Standby Directors communicate over TCP ports 4566 and 4570 to exchange High Availability (HA) information using a shared password. Affected versions of Versa Director bound to these ports on all interfaces. An attacker that can access the Versa Director could access the NCS service on port 4566 and exploit it to perform unauthorized administrative actions and perform remote code execution. Customers are recommended to follow the hardening guide. Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers. | ||||
| CVE-2025-30132 | 2026-04-15 | 9.1 Critical | ||
| An issue was discovered on IROAD Dashcam V devices. It uses an unregistered public domain name as an internal domain, creating a security risk. During analysis, it was found that this domain was not owned by IROAD, allowing an attacker to register it and potentially intercept sensitive device traffic. If the dashcam or related services attempt to resolve this domain over the public Internet instead of locally, it could lead to data exfiltration or man-in-the-middle attacks. | ||||
| CVE-2025-10491 | 2 Microsoft, Mongodb | 2 Windows, Mongodb | 2026-04-15 | 7.8 High |
| The MongoDB Windows installation MSI may leave ACLs unset on custom installation directories allowing a local attacker to introduce executable code to MongoDB's process via DLL hijacking. This issue affects MongoDB Server v6.0 version prior to 6.0.25, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB Server v8.0 version prior to 8.0.5 | ||||
| CVE-2025-31484 | 2026-04-15 | N/A | ||
| conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a package to the conda-forge channel, bypassing our feedstock-token + upload process. The security logs on anaconda.org were check for any packages that were not copied from the cf-staging to the conda-forge channel and none were found. | ||||
| CVE-2024-36443 | 2026-04-15 | 7.6 High | ||
| Swissphone DiCal-RED 4009 devices allow a remote attacker to gain read access to almost the whole file system via anonymous FTP. | ||||
| CVE-2024-0434 | 2026-04-15 | 5.3 Medium | ||
| The WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ttbm_new_place_save' function in all versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to create and publish new place posts. This function is also vulnerable to CSRF. | ||||